ALLDATA Europe Privacy Policy 

Last update 30/01/2025

Controller

The following entity is responsible for the collection and processing of personal data within the meaning of the General Data Protection Regulation:The following entity is responsible for the collection and processing of personal data within the meaning of the General Data Protection Regulation:The following entity is responsible for the collection and processing of personal data within the meaning of the General Data Protection Regulation:

The following entity is responsible for the collection and processing of personal data within the meaning of the General Data Protection Regulation:

ALLDATA Europe GmbH

Barcelona-Allee 1
51103 Cologne
Germany
Phone: +49 (0) 221 534 107 00
Internet: https://www.alldata.com
E-mail: info@alldataeurope.com

Contact for privacy related matters:
Privacy@alldata.com

Introduction and general information on data processing

The protection of your personal data is of utmost importance to us. Therefore, we treat your personal data with strict confidentiality and adhere to legal regulations governing data protection, notably the European Data Protection Regulation (Regulation (EU) 2016/679, or “GDPR”) and the German Federal Data Protection Act. 

This privacy policy aims to provide you with comprehensive information about our collection and use of your personal data as the data controller. In the following, you will find:

  1. Definitions

  2. General information about the processing of your personal data  

  3. Data processing when using our website

  4. Data processing when using our Customer Portal

  5. Other data processing

  6. Your rights as a data subject

A. Definitions

1. Personal data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, Art. 4(1) GDPR.

2. Processing

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, Art. 4(2) GDPR.

3. Controller

“Controller” means the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data, Art. 4(7) GDPR. 

4. Joint Controllers

Where two or more controllers jointly determine the purposes and means of processing, they are joint controllers, Art. 26 GDPR.

5. Third Party

“Third party” means a natural or legal person other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data, Art. 4(10) GDPR.

6. Processor

“Processor” means a natural or legal person who processes personal data on behalf of the controller, Art. 4(8) GDPR.

7. Consent

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, Art. 4(11) GDPR.

B. General information on data processing

1. Scope of the processing of personal data

As a guiding principle, we only collect data whose processing is either required by law, contractually agreed upon, essential for contract initiation and execution, or voluntarily provided to us on the basis of consent.

When you visit our website, we collect, store, and use your personal data solely to the extent necessary to deliver a functional website and showcase our content and services. Any further collection and use of your personal data, such as for targeted advertising and market analysis, typically occurs with your consent. However, in some circumstances, we may rely on other legal bases permitted by GDPR to process your personal data. 

2. Legal bases for the processing of personal data

a. Data processing for the performance of a contract

When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6(1)(b) GDPR provides the legal foundation. This also encompasses processing activities necessary for carrying out pre-contractual measures. 

b. Data processing based on consent

When we seek your consent for processing personal data, Art. 6(1)(a) GDPR acts as the legal basis for such data processing. We only rely on consent for processing your personal data if there are no other legal grounds permitting the processing. 

Furthermore, we seek consent when we intend to furnish information about our own products, services, and events, and that the legal ground of protecting legitimate interests, Art. 6(1)(f), is not available for the processing, or when soliciting your participation in a survey.

c. Data processing for the pursuit or protection of legitimate interests

Art. 6(1)(f) permits the processing of personal data when it is necessary for the pursuit of legitimate interests by the controller or a third party unless the data subject’s fundamental rights outweigh the legitimate interest. Examples of legitimate interest include the following:

  • Fraud prevention and security measure
  • Direct marketing and advertising, such as targeted advertising
  • Analyzing customer data to improve the overall customer experience
  • For administrative purpose and record keeping

d. Data processing for compliance with legal obligations

We process your personal data under Art. 6(1)(c) GDPR to meet our legal obligations to which we are subject. For example, the German Fiscal Code (“AO”) requires us to retain financial records for a specified period of time; the Money Laundering Act requires us to verify the identity of our customers. We may also be obligated to comply with court orders where your personal data is involved.

e. Potential consequences of not providing your data 

If your personal data is required by law or contract, you are obligated to provide that information. Failure to comply may result in legal consequences such as a fine, legal action, or termination of services. However, if the collection of your data is based on your consent, you have the freedom to withhold this information. 

However, if your personal data is collected to provide specific services or online content to you, not providing the information might restrict your access to certain services or content that would otherwise be available to you. For instance, if your personal data is collected to provide personalized browsing experience, you would not be able to enjoy this feature if you do not provide the necessary information. Similarly, if your personal data is collected for communication purposes, not providing that information may result in you not receiving these communications. 

f. Profiling and automated decision-making 

We do not engage in automated decision making or profiling with your personal data. 

3. Data deletion and storage period

The storage of your personal data is governed by internal policy. Generally, we do not store your personal data longer than necessary, taking into consideration relevant legal requirements, legitimate business needs, and your rights and freedom against unnecessary storage. When the applicable retention period expires, your personal data will be deleted, anonymized, or aggregated unless further retention is required by law, such as in a legal dispute or under mandate by European or national legislators in Union regulations, laws, or other provisions to which we are subject. It is important to note that once your data is anonymized or aggregated with others’, it can no longer be used to identify you.

4. Security by using TLS/SSL

If you transmit your personal data to us via our website or Customer Portal, we use secure technologies, particularly the "Transport Layer Security" (TLS) transmission (formerly known as "Secure Socket Layer" (SSL)) protocol. All information and data transmitted through these secure methods are encrypted before being sent to us. This encryption applies specifically to all personal data of our customers. 

As part of our data security measure, we collect the IP address of your computer to identify and prevent fraudulent activities and unauthorized access. It is important to note that encryption using these technical methods is effective only if the corresponding technical settings have also been appropriately configured on your end.

5. Data recipients

As a global company and a member of the AutoZone group with affiliated entities worldwide, ALLDATA Europe may share your personal data with other affiliated ALLDATA companies and third parties (collectively, “third parties”). ALLDATA has a centralized marketing team supported by IT units located in countries outside of the European Union. These ALLDATA companies function as co-controllers in processing your data. It is important to note that access to your data from these countries is restricted to authorized personnel with a legitimate need to know. Proper technical and organizational measures (TOMs) are implemented to safeguard your data. 

We will only transfer your personal data to these third parties if we are permitted to do so under the legal bases provided by Art. 6(1) GDPR and other Member State data protection law. These lawful bases include legal obligations, legitimate interests, the necessity to perform a contract, or your consent. When external service providers function as processors, data transfer occurs within the framework of a data processing agreement. If data transfer to processors in countries outside the European Economic Area is necessary, it is carried out either based on approved EU Standard Contractual Clauses (SCC) or an adequacy decision issued by the EU Commission.

C. Data processing when using the website

1. Storage of cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e., after closing the browser (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the Cookie Settings of the web browser. For purposes of this policy, the term "Cookie Settings" refers to a specific link at the bottom of the webpage that allows users to manage their cookie preferences; whereas when the term "cookie settings" is not capitalized, it refers to the general configuration of cookies within a web browser or website reflecting the user's choices regarding cookies. 

Furthermore, we distinguish between cookies that are technically necessary for the operation of the website, those that serve analysis purposes and those that serve advertising purposes. When you visit our website for the first time, a GDPR-compliant notice appears ("Consent Banner") and you can select which cookies are stored. There you can also see which cookies are stored in detail for which processing purposes.

You can also set your browser to inform you when cookies are stored and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

We expressly point out that the functionality of our website may be limited if cookies are not accepted.

As far as personal data is processed through implemented cookies, which are technically necessary for the operation of our website, the processing is carried out in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

As far as personal data is processed through implemented cookies that serve analysis purposes, the processing is carried out per Art. 6(1)(a) GDPR based on your consent, which you give us through your interaction with our Consent Banner. The same applies to your selection of cookies implemented for advertising purposes. You may revoke your consent at any time by adjusting the Cookie Settings at the footer of the webpage.

Your consent, once registered, will expire in one year. Once expired, you will see the Consent Banner again and be asked to reconsider your cookie preference to ensure continued compliance with GDPR regulations. 

2. Provision of the website and creation of log files

Each time you visit our website, our system automatically collects data of your browsing activities from the system of your device.

The following browsing data is collected:

  • IP address
  • Browser type and version
  • Operating system
  • Date and time of the visit to the website
  • Access status / Http status code
  • GMT time zone difference 
  • Amount of data transferred 
  • Internet page/source/reference from which the visit to the website is made

This browsing data is stored separately from your other personal data.

The temporary storage of the IP address is necessary to enable delivery of the website to your device. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to improve the website and to ensure the security of our information technology systems. Processing of the data for other purposes does not take place in this context.

This is also our legitimate interest in data processing within the meaning of Art. 6(1)(f) GDPR, which serves as the legal basis for the processing of your personal data in the context of log file collection.

The browsing data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In case of data collection for the website's provision, the data is deleted when the respective session ends. In the case of storage of data in log files, the deletion typically takes place 14 days after collection. Storage beyond this period is possible for the purpose of website safety and security, if we are obliged to retain the data for longer time periods or if we need the data for the defense or assertion of legal claims.

The collection of browsing data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility to object.

3. Use of OneTrust

We use the cookie consent technology of OneTrust on our website. OneTrust is provided by OneTrust Technology Limited, 82 St. John Street, London, EC 1M 4JN, United Kingdom, or OneTrust LLC, 1200 Abernathy Rd NE, Sandy Springs, GA 303328, USA ("OneTrust").

A Consent Banner is displayed when you call up the page, in which you can grant consent for certain cookies and/or cookie-based applications by setting a check mark. Certain cookies are strictly necessary (Strictly Necessary Cookies) because they ensure the proper functioning of the website and cannot be disabled without affecting the site's performance. Therefore, you will not be able to reject these cookies if you wish to use the basic functionalities of the site. To protect your personal data, the non-Strictly Necessary Cookies are disabled as the default setting until you enable them. This ensures that such cookies are only set on your device with your consent.

In order for the Cookie Settings to correctly register your consent settings, certain user information (including the IP address) has to be collected when our website is called up by the Cookie Settings, transmitted to OneTrust servers and stored there. Further information on cookies and OneTrust can be found at  Privacy Overview | OneTrust

The legal basis for processing your personal data to give effect to your cookie preference is Art. 6(1)(f) GDPR. We need OneTrust to provide you with a privacy-compliant consent banner on our website, which allows you to opt-out of cookies. Consequently, there is no possibility to object to the collection of your cookie preference data.

If the use of OneTrust results in the transfer of your personal data to the USA, this is authorized by Art. 45 GDPR based on adequacy decision. The EU Commission has formally recognized that the level of personal data protection provided by US companies who self-certify their compliance under the EU-US Data Privacy Framework (DPF) to be comparable to that in the EU. OneTrust has made such self-certification and can be found on the Data Privacy Framework List

The retention period of your cookie preference data is 12 months. After that, your data will be deleted automatically. 

4. Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google. Google is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other affiliated companies of Google LLC ("Google").

Google Analytics uses cookies that allow an analysis of the use of the website. The information generated by the cookies about your use of our website is transmitted to a Google server in the USA and stored there. 

Google will use this information to evaluate your use of our website, compile reports on website activity for website operators, and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google may associate your IP address with other data held by Google.

You can prevent the installation of these cookies by adjusting your browser settings accordingly. You can use the deactivation tools that Google offers for some Internet browsers. Alternatively, you can download and install the browser plugin available here. However, you may not be able to use all the functions of our website to their full extent if you implement these preventive measures.

The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) GDPR, which you grant us with your selections in the Cookie Settings. The transfer of your personal data to the USA is authorized by Art. 45 GDPR based on adequacy decision. The EU Commission has formally recognized that the level of personal data protection provided by US companies who self-certify their compliance under the EU-US Data Privacy Framework (DPF) to be comparable to that in the EU. Google has made such self-certification and can be found on the Data Privacy Framework List

Your consent can be revoked at any time with effect in the future. You can visit the Cookie Settings in the footer of the webpage at any time and adjust your previously selected cookie settings. 

D. Data processing when using the Customer Portal

1. Scope, purpose, and legal basis of data processing

To access our OEM (original equipment manufacturer) repair information, you can create a free test account in our Customer Portal. This requires registration in advance, during which the following personal data will be requested:

  • First name
  • Last name
  • Job title
  • E-mail address
  • Telephone or mobile phone number
  • Language

Personal data marked with an asterisk (first name, last name, e-mail address and telephone or mobile phone number) is mandatory information, without which registration is not possible. The provision of further personal data, on the other hand, is voluntary.

We need your first and last name and your e-mail address to create an individualized account for you in the Customer Portal and your phone number to contact you in case of queries. In addition, we use this data to check whether you have already had a test account in the past. After the end of the test period, your data will be transferred to our customer database and stored for billing and other purposes.

The registration of an account at our Customer Portal establishes a contractual relationship between you and us, and the processing of the mandatory personal data is pursuant to such a contract. It is authorized by Art. 6(1)(b) GDPR. 

The processing of personal data voluntarily provided by you is based on your consent in accordance with Art. 6(1)(a) GDPR. Your consent can be revoked at any time with effect in the future. To do so, follow the link to the Data Subject Access Request (DSAR).

2. Newsletter

When you register an account with us, you are provided the opportunity to subscribe to our promotional and marketing newsletters. For accounts registered in Germany, Austria, and Switzerland, we use a Double-Opt-In mechanism to confirm your subscription. Once you are registered with our website, we will send you an e-mail to the e-mail address you provided, asking you to confirm that you would like us to send you newsletters in the future. Only when you reconfirm your subscription will we add you to our newsletter distribution list. For accounts registered in other countries, the subscription process may vary and may not require a double opt-in confirmation. In addition to the data provided by you during registration, we collect the time of these activities. 

The processing of your personal data when registering for our newsletter is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent to receiving the newsletters at any time by clicking the “Unsubscribe” link contained in each newsletter email.

To process your personal data and send the newsletters, we use the marketing tool provided by a carefully selected service provider, Act-On Software, Inc., located at 121 SW Morrison St., Suite 1600, Portland, OR 97204, USA. Act-On processes your personal data exclusively under our instructions for the purpose specified by us within the framework of a data processing agreement pursuant to Art. 28 GDPR and is obligated to comply with the applicable data protection provisions consistent with the GDPR. Your personal data disclosed in connection with this processing may only be stored for the purpose of sending the newsletters. Act-On is not permitted to use your personal data for any other purpose. Your email address and necessary data will be retained until you opt out of receiving the newsletters, unless there is another reason for data retention (e.g., performance of a contract between you and us). 

The transfer of your personal data to the USA is authorized by Art. 45 GDPR based on adequacy decision. The EU Commission has formally recognized that the level of personal data protection provided by US companies who self-certify their compliance under the EU-US Data Privacy Framework (DPF) to be comparable to that in the EU. Act-On has made such self-certification and can be found on the Data Privacy Framework List.

E. Other data processing operations

1. Data obtained from third parties

We obtain businesses information, including contact information, from GCL B2B Limited, located at 2nd Floor, Charter House, 52 Charlotte Street, Birmingham, B31PX, United Kingdom. We obtain this information for marketing purposes, primarily for email marketing campaigns. While our business is generally B2B (business-to-business), we recognize that this contact information often identifies individual persons, or that personal contacts are used for business purposes. As such, we treat this information in accordance with the GDPR and applicable Member State laws.

We process this contact information under the legal basis of legitimate interest per Art. 6(1)(f) GDPR believing that our marketing communications may be of interest and benefit to the recipients in their professional capacities. We comply with additional consent requirements, including double opt-in procedures, where mandated by specific Member State laws. All our marketing emails include a clear and easy-to-use opt-out link. We promptly honor all requests to opt-out from our marketing communications, ensuring that you have control over the communication you receive from us.

Personal data obtained from GCL is typically stored for 12 months unless a business relationship is established during this time period and further processing of the data is permitted under other legal basis such as performance of contract or consent. 

2. Contact by e-mail

If you contact us by e-mail, your e-mail address will be stored so that we can reply. The personal data that comes with your e-mail (e.g., title, first name, last name, telephone number) will also be captured.

The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) GDPR, which you give us by contacting us by e-mail. If your e-mail is in connection with the initiation, performance, or termination of a contract with us, the processing of your personal data is based on Art. 6(1)(b) GDPR.

Your consent can be revoked at any time with effect in the future. To do so, follow the link to the Data Subject Access Request (DSAR).

Your DSAR request record together with the data associated will be retained in accordance with applicable law and internal company policy unless you make a request for us to delete your personal data. If a valid deletion request is made under Art. 17 GDPR, we will honor your request and delete your personal data within one month per Art. 12(3) GDPR. 

F. Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us as the controller:

1. Right to information

You can request confirmation from us as to whether we are processing your personal data. If such processing is taking place, you can request information about the following from us in accordance with Art. 15 GDPR:

  • Purposes for which the personal data are processed
  • Categories of personal data that are processed
  • Recipients or categories of recipients to whom your personal data have been or will be disclosed
  • Planned duration of the storage of your personal data or, if concrete information on this is not possible, criteria for determining the storage duration
  • Existence of a right to rectification or erasure of your personal data, a right to restriction of processing by us or a right to object to such processing
  • Existence of a right of appeal to a supervisory authority
  • All available information about the origin of the data, if the personal data is not collected from you
  • Existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and the intended effects of such processing on you

You may also request a copy of your personal records we possess.

Furthermore, you have the right to request information about whether your personal data is transferred to another country or to an international organization. In this context, you may request to be informed about the safeguards we implement to protect your personal data pursuant to Art. 46 GDPR in connection with the transfer.

To make any of the above information requests, follow the link to the Data Subject Access Request (DSAR).

2. Right to rectification

According to Art. 16 GDPR, you have a right of rectification and/or completion if your personal data is incorrect and/or incomplete. We must carry out the correction without delay.

3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data in accordance with Art. 18 GDPR:

  • If you dispute the accuracy of your personal data, during the period when we verify the accuracy of your personal data, you may request the processing of this data be restricted
  • Processing is unlawful and you object to the deletion of the personal data and request the restriction of the use of the personal data instead
  • We no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise, or defense of legal claims, or
  • If you have objected to the processing of your personal data pursuant to Art. 21(1) GDPR and it has not yet been determined whether our legitimate grounds to process your data override your interest in the data

If the processing of your personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. You will be informed by us before the restriction is lifted.

4. Right to erasure

a. Obligation to delete

Pursuant to Art. 17 GDPR, you may request that we delete your personal data without undue delay. We are obliged to delete this data immediately if one of the following reasons applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed

  • Your consent, on which the processing was based according to Art. 6(1)(a) GDPR, is revoked by you and there is no other legal basis for the processing

  • You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing

  • You object to the processing pursuant to Art. 21(2) GDPR

  • Your personal data have been processed unlawfully

  • Deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject

  • Your personal data was collected in relation to information society services offered pursuant to Art. 8(1) GDPR

b. Information to third parties

  • If we have made your personal data public and we are obliged to delete it pursuant to Article 17 (1) GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform controllers who process your personal data that you have requested them to delete all links to or copies or replications of such personal data.

c. Exceptions to the right to erasure

The right to erasure does not exist insofar as the processing is necessary:

  • On the exercise of the right to freedom of expression and information
  • For compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
  • For reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) GDPR and Art. 9(3) GDPR
  • For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in Section a is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
  • For the assertion, exercise or defense of legal claims

5. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged pursuant to Art. 19 GDPR to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

6. Right to data portability

According to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, common, and machine-readable format. In addition, you have the right to transfer this data to another controller to whom the personal data has been provided without hindrance from us, provided that

  • the processing is based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and

  • the processing is carried out with the aid of automated procedure

In exercising this right, you also have the right to have your personal data transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7. Right of objection

According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. The objection must be substantiated.

Upon receipt of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such a purpose. In this situation, your objection will be treated as if you have opted out of direct marketing communication; you must re-subscribe (or opt in) in order to receive marketing communication.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

Pursuant to Art. 7(3) GDPR, you have the right to revoke your declaration of consent granted under data protection law at any time - even before the GDPR came into force (05/25/2018). The revocation does not affect the lawfulness of the processing prior to the revocation. 

Furthermore, you can revoke the consent given in our Cookie Settings at any time. To do so, call up our Cookie Settings again in the footer of our website. Please note that the revocation does not affect the lawfulness of the processing prior to the revocation.

9. Automated individual decision-making including profiling

We do not engage in automated individual decision-making, including profiling, as defined by Art. 22 GDPR.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationssicherheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Germany

Tel: +49 (0) 211 38424-0

Telefax: +49 (0) 211 38424-999

E-Mail: poststelle@ldi.nrw.de