Welcome at the registration

Please fill in all mandatory fields (*).

Please validate your input
Your registration data
Please validate your input
Please validate your input
Please validate your input
Please validate your input
Default
Close

Your DOB will be used for internal statistics only.

Default
Close

The postcode will be used for internal statistics only.

Please validate your input
Your login data
Default
Close

After completing registration you will get an activation code per mail. After entering this code your account is activated and you can login.

Please validate your input
Default
Close

Instructions for a secure password
Please use at least 6 characters.
Chose characters of at least 2 of the following groups:
- lower case (a-z)
- upper case (A-Z)
- digits (0-9)
- special characters: _-/()+*.:,;#$%&=?!

Spaces and umlauts will not be accepted.
Passwords marked "too weak" will not be accepted.

Further hints to create a very secure password
- use characters from all of the four groups mentioned above
- create a password with more than 12 characters
- use more than one special character

Please enter a password
Too weak Sufficiently strong password Very strong password
Your input doesn't match with the "password".
Please validate your input
Please validate your input

We have just sent you an e-mail containing your activation code. Please enter this activation code into the appropriate field on the registration page. Your account will then be activated.

In case you have not received our e-mail, this might be due to the following reasons:

* Your inbox is full - there is not sufficient space available
* Our e-mail was moved to your spam folder
* Your inbox has not been refreshed yet. You can also initiate this process manually (by retrieving your e-mails)
* A spelling mistake occured in your e-mail address. Please let us know so that we can correct this mistake.

If you still have not received any e-mail from us within 10 minutes, please send us an e-mail using our contact form "Problems with registration". We will be pleased to give you support with your registration.

Your corporate benefits Support Team

Registration problems?

Please fill in all mandatory fields (*).

Please validate your input
Please validate your input
Please validate your input
Please validate your input
Please validate your input
Please validate your input
Please validate your input

Thank you!

We have received your request and will deal with it immediately!

Terms of use

1. Disclaimer
1.1 The following Conditions of use apply to use of the employee benefits program
1.2 Use of the employee benefits program is conditional upon your agreement to these Conditions of Use. By using the service, you are indicating your agreement to be bound by all of the terms and conditions contained in the agreements.
1.2.1 Use of this Site is free of charge.

2. User Responsibilities
2.1 The employee benefits program may only be used on your own behalf.
2.2 You commit yourself to keep the following confidential and/or prevent from abuse: Sign-In codes, coupons, promotional codes.
2.4 Under no circumstances shall you use the employee benefits program to reproduce, duplicate, copy, sell, resell, distribute or publish the coupons, promotional codes , products, or services accessible on the site.
2.5 In breach of contract your access will be terminated immediately.
2.6 Leaving the company the employee makes sure that his account will be deleted.

3. Vendors
3.1 The employee benefits program is a virtual marketplace in a sense that a contact between you and a vendor is initiated. The potential commencement of business however depends solely on you.
3.2 All matters, including but not limited to delivery of goods and services, returns, and warranties are solely and strictly between you and the vendor.

4. Warranty
4.1 The employee benefits program is provided to you "AS IS," without any warranty of any kind, either express or implied, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, or no infringement; any warranty that the service operates error free or without interruption; any warranty that information obtained through the service is accurate or reliable. The entire risk arising out of the use of the service remains with you.
4.2 No warranty is made regarding vendor discounts neither that they are provided nor that they result in extensive savings
4.3 All matters, including but not limited to delivery of goods and services, returns, and warranties are solely and strictly between you and the vendor.

Privacy statement


I.     Name and address of the Data Controller


The Data Controller within the meaning of the General Data Protection Regulation and other national data protection laws of member states as well as other data protection provisions is:

corporate benefits GmbH
Schiffbauerdamm 40
10117 Berlin
Germany

Tel. +49 30 - 206 21 66 0
Fax +49 30 - 206 21 66 20

E-Mail: info@cb-gmbh.com
Web: https://www.corporate-benefits.de


II.    Contact details of the Data Protection Officer


Please be aware that the data protection officer for corporate benefits GmbH is named here in connection with the use of the portal https://lufthansa.mitarbeiterangebote.de. For information on the Lufthansa privacy officer please visit the corresponding company website.

The Data Protection Officer of the Data Controller can be reached at:

TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy

Langemarckstrasse 20
45141 Essen

Tel. 0201 - 8999-899
Fax 0201 - 8999-666
e-mail: privacyguard@tuvit.de


III.   General Information concerning data processing


1.    Extent of processing of personal data


In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and to provide our content and services. The collection and use of personal data of our users is carried out on a regular basis only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the data processing is permitted by law.

2.    Legal basis for the processing of personal data


Whenever we obtain the consent of the Data Subject to the processing of his or her personal data, Article 6(1) point a of the European General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

Where the processing of personal data is necessary to perform a contract to which the Data Subject is a party, Article 6(1) point b GDPR serves as the requisite legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6(1) point c GDPR serves as the requisite legal basis.

In the event that the vital interests of the Data Subject or another natural person require the processing of personal data, Article 6(1) point d GDPR serves as the requisite legal basis.

If processing is necessary to safeguard the legitimate interests of our company or of a third party, and if the interests, fundamental rights and freedoms of the Data Subject do not prevail over the interests previously mentioned, Article 6(1) point f GDPR serves as the legal basis for processing.

3.    Data deletion and length of storage


The personal data of the Data Subject will be deleted or blocked as soon as the purpose for its storage ceases to exist. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the Data Controller is subject. Blocking or deletion of data is also carried out whenever a storage period stipulated by the rules mentioned expires, unless there is a need for further storage of the data in order to conclude or perform a contract.


IV.  Provision of the website and creation of log files


1.    Type and scope of data processing


Each time our website is accessed, our system automatically collects data and information from the computer system of the visiting computer.

During this process, the following information is collected:

  • Information about the type of browser and version used
  • The user’s operating system
  • The IP address of the user
  • Date and time of access
  • Other websites accessed by the user's system via our website

Data is also stored in our system's log files. None of this data or any other personal data of the user is stored.

2.    Legal basis for data processing


The legal basis for the temporary storage of data and log files is constituted by Article 6(1) point f GDPR.

3.    Purpose of data processing


Temporary storage of the IP address by the system is necessary to enable the website to be served to the computer of the user. To do this, the user's IP address must be stored for the duration of the session.

Storage in log files takes place, so as to ensure the functionality of the website. In addition, data is used to optimize the website and to ensure the security of our information technology systems. No evaluation of data for marketing purposes is carried out in this context.

For these purposes, our legitimate interest in the processing of data exists pursuant to Article 6(1) point f GDPR.

4.    Storage period


Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collected for the purpose of provision of the website, this will be the case once the respective session has ended.

Storage is possible. In this case, the IP addresses of users are either deleted or separated off, so that it is no longer possible to allocate one to the visiting client.

5.    Objection and removal options


The collection of data for provision of the website and the storage of data in log files is essential for the website to be operated correctly. For this reason, no objection option is available to the user.


V.    Use of cookies


a) Type and scope of data processing

Our website uses "cookies". Cookies are text files that are either stored in the Internet browser itself or are stored on the user's computer system by the Internet browser. Whenever a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be identified uniquely whenever the website is revisited.

We use cookies in order to make our website more user-friendly. Some elements of our website require the calling browser to be re-identified even when a new page is visited.

The following data is stored and transmitted in cookies:

  • An ID that enables identification of the user

In addition, on our website we use the services and cookies of Webtrekk GmbH to collect statistical data on website use and to improve our offering accordingly. Webtrekk numbers are used to identify the "Top 5 Offers from Colleagues" on a corporate platform. Webtrekk GmbH is certified for data protection, in the area of ​​Web Controlling Software, by TÜV Saarland. Part of the certification process is an audit carried out by Webtrekk on-site in Berlin as well as at the hosting site, where the collection and processing of tracking data has been checked for data privacy compliance and data security.

With each access to the Internet content provided by our portal, some information is collected and evaluated for web controlling purposes; and this will have been transmitted by the user's browser during the registration process. Such collection is carried out by a pixel embedded on each page. The following data is collected:

  • Request (file name of the requested file)
  • Browser type and version (e.g. Internet Explorer 6.0)
  • Browser language (e.g. German)
  • Operating system used (e.g. Windows XP)
  • internal resolution of browser window
  • Screen resolution
  • Javascript activation
  • Java on/off
  • Cookies on/off
  • Colour depth
  • Referrer URL (the previously visited website)
  • shortened IP address for geographical recognition
  • Time of access
  • Clicks

Webtrekk stores the IP address only in an abbreviated (anonymized) form and uses it only for session detection, for geolocation and to defend against cyber attacks. The IP address is then deleted immediately, so that the data collected becomes anonymous.

Webtrekk uses the following cookies:

  • Session cookie (for session detection, lifetime: one session)
  • Long-term cookie (for detection of new / regular customers: 6 months)
  • Opt-out cookie (in case of objection to tracking: 60 months)

Permission to collect and store data may be revoked at any time with future effect. To do this, please use the following link.

Webtrekk Opt-Out-Cookie

By confirming the link, a so-called opt-out cookie is placed on your data carrier. This cookie is valid for five years. If you delete all cookies on your computer, this opt-out cookie will also be deleted; if you still want to prevent anonymous data collection by webtracking, you will need to reactivate the opt-out cookie. The opt-out cookie is activated individually for each browser and for each computer. If you visit our websites from home and work or use different browsers, you will need to activate the opt-out cookie in the different browsers or on the different computers used.

Further information can be found on the website of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, http://www.webtrekk.com.

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6(1) point f GDPR.

c) Purpose of Data Processing

The purpose of the use of technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be provided without the use of cookies. For these, it is necessary for the browser to be recognized anew each time a new page is consulted. In detail, the following objectives apply:

e) Period of storage, objection and removal options

Cookies are stored on the user's computer and then transmitted by it to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.


VI.  Newsletter


1.    Type and scope of data processing


On our website you can subscribe to free newsletters. Registration for the monthly newsletter can be done simultaneously with registration. In addition, subscribing to the newsletter is possible at any time in the "My Data" area. During the newsletter registration process, data from the input form will be sent to us:

  • Salutation and title
  • First name and last name
  • Date of birth
  • Company postcode
  • Company e-mail address
  • Password
  • Date and time of registration
  • Distributor affiliation (company platform)

In addition to monthly newsletters, once registration and login have been completed successfully, you can also subscribe to a special newsletter, which will be sent out at irregular intervals.

For data processing purposes, your consent is obtained during the registration process and reference is made to this privacy declaration.

As regards data processing for the purpose of sending out newsletters, data is passed on to Mapp Digital Germany GmbH, Dachauer Strasse 63, 80335 Munich. Such data is used exclusively to send out newsletters.

To send out newsletters, we supply a data package to mapp with the following personal content:

  • E-mail address
  • Salutation
  • Last name
  • Distributor affiliation (company platform & newsletter type)

2.    Legal basis for data processing


The legal basis for data processing after the user has registered for the newsletter is in the case of consent of the user Article 6(1) point a GDPR.

3.    Purpose of data processing


The user's e-mail address is collected in order to deliver the newsletter.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the e-mail address used.

4.    Storage period


Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active.

5.    Objection and removal options


Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, a corresponding link to the employee's "My Data" section can be found in each newsletter. Using this link, the employee can unsubscribe from the newsletters.

The "My data" section shows transparently when a monthly newsletter or a special newsletter was ordered or cancelled.


VII. Registration


1.    Type and scope of data processing


On our website, we offer users the opportunity to register for our portal by providing personal data. This data is entered into an input form and transmitted to us and stored. No data is transferred to third parties. The following data is collected during the registration process:

  • Salutation and title
  • First name and last name
  • Date of birth
  • Postcode
  • E-mail address
  • Date of birth and newsletter
  • Date and time of registration

As part of the registration process, the consent of the user to process this data is obtained. We also save:

  • Language preference for multilingual platforms
  • Location (web browser if shared by user. The user can also specify location manually)
  • Date of registration
  • Time stamp registration code
  • Registration for the monthly e-mail newsletter with timestamp
  • Registration for the special newsletter with timestamp
  • Acceptance of the Terms of Use and Privacy Policy
  • Linked enterprise platform
  • Login with timestamp
  • APP Use iOS / Android Yes / No
  • Offers saved in watchlist
  • Generation of coupon codes
  • Storage of coupons
  • Content of contact forms
  • Content of callback form
  • User ratings of offers with timestamp

iOS/Android app

  • Access to location (Automatic detection of location / new - send push message, if branch in watch list is nearby)
  • Access to camera (scan QR code)
  • Receive push messages - New offers Yes / No
  • Receive push messages - Expiring offers Yes / No
  • Receive push messages - Branch in watch list nearby Yes / No

If this has been activated for your portal, the user has the option of placing classified ads there. In this case, the following data can be specified in order for the advertisement to be created:

  • Salutation and title
  • First name and last name
  • E-mail address
  • Phone number
  • Address

2.    Legal basis for data processing


The legal basis for data processing is in the case of consent of the user Article 6(1) point a GDPR.

3.    Purpose of data processing


User registration is required for the provision of certain content and services on our website. Registration gives the user access to our Employee Offers Platform. The function of this platform is simply to present discount offers. If an employee accepts these offers, he / she will be forwarded directly and anonymously to the chosen provider and thus will enter that provider's area of responsibility. Data collected by external companies on implementation of contracts in relation to employees is processed either by these external companies or their contractual partners. Only on actual purchase of a product does an employee provide the personal data usual at the time of a purchase and in so doing enter into a legal transaction with the provider. At this point, no data is transmitted by us, nor is the provider able to draw any conclusions regarding which company the employee belongs to. None of an employee's activities and purchases will give rise to any personal data processed by our company. Collection of personal data during registration serves the purposes of user identification and contact, customer support, legal proof, marketing and target group analyses and display of user-selected offers.

4.    Storage period


Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. This is the case for the data collected during the registration process if a registration on our website is either cancelled or modified.

5.    Objection and removal options


As a user, you have the option of cancelling your registration at any time. You can change the data stored about you at any time. You can remove your access account at any time in the "My data" section via the "Delete Access" link and make changes in this area.


VIII.   Contact form and e-mail contact


1.      Type and scope of data processing


Our website has a contact form available, which you can use to get in touch with us online. Once a user accepts this option, all the data entered into the input form will be transmitted to us and saved. This data consists of:

  • Salutation
  • First name and last name
  • Your e-mail address
  • Subject
  • and message content
  • Browser version
  • Operating system

At the time the message is sent, the following data is also stored:

  • The IP address of the user
  • Date and time of dispatch of e-mail

Alternatively, it is possible to get in touch using the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

2.    Legal basis for data processing


The legal basis for data processing is in the case of consent of the user Article 6(1) point a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6(1) point f GDPR. If the e-mail contact intends to conclude a contract, then an additional legal basis for the processing is Article 6(1) point b GDPR.

3.    Purpose of data processing


The processing of personal data from the input form is only used by us to process the contact event. In the case of contact via e-mail, this also includes a necessary legitimate interest in processing the data concerned.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4.    Storage period


Data will be deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the input form of the contact form and that sent by e-mail, this will be the case when the respective conversation with the user has ended. The conversation is ended once it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

5.    Objection and removal options


The user has the option at any time to revoke his or her consent to the processing of his or her own personal data. If the user contacts us by e-mail, he or she may object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored during the contact event will be deleted in this case.


IX.  Disclosure of personal data to third parties


We use an external system from Zendesk, Inc., 989 Market Street # 300, San Francisco, CA 94102, USA, to process service requests by e-mail submitted via the Service Portal.

Zendesk has joined the Privacyshied and can provide responding certification, which meets the minimum requirements for the lawful processing of data. We have entered into a contract processing agreement with Zendesk and also an additional EU standard contract. Please also note Zendesk's data protection/privacy policy: http://www.zendesk.com/company/privacy

We store our portal data with our technical service provider: mpex GmbH (Hosting), Werner-Voss-Damm 62, 12101 Berlin.

To determine location, a corresponding query is submitted to HERE Germany GmbH. This does not involve any personal data, but rather, just a targeted blurring of the location. This is accomplished by rounding off decimal places in the GPS coordinates.

In addition, data is passed on internally to corporate benefits ventures GmbH, Schiffbauerdamm 40, 10117 Berlin, for the purpose of providing our services.


X.    Rights of the Data Subject


If any personal data of yours is processed, you are the Data Subject within the meaning of the GDPR and you have the following rights in relation to the Data Controller:

1.    Right to information


You may ask the Data Controller to confirm if personal data concerning you is being processed by us.

If that is the case, you can request information from the Data Controller about the following data:

(1)     the purposes for which the personal data is being processed;

(2)     the categories of personal data that is being processed;

(3)     the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;

(4)     the planned duration of any storage of personal data concerning you or, if specific information is not available, the criteria for determining the duration of such storage;

(5)     the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Data Controller or a right to object to such processing;

(6)     Existence of a right of appeal to a supervisory authority

(7)     all available information on the source of the data if the personal data is not collected from the Data Subject;

(8)     the existence of automated decision-making, including profiling under Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the Data Subject.

You have the right to request information about whether your personal information is transferred to a third country or an international organisation. In this connection, you can request to be informed about the appropriate guarantees under Article 46 GDPR in connection with the transfer of such data.

2.    The right to correction of data


You have a right to correction and / or completion in relation to the Data Controller, if the personal data concerning you is being processed incorrectly or incompletely. The Data Controller must carry out this correction immediately.

3.    The right to restricted processing


You may request that the processing of your personal data is restricted, under the following conditions:

(1)     if you contest the accuracy of your personal information for a period of time that enables the Data Controller to verify the accuracy of your personal information;

(2)     the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data is restricted;

(3)     the     Data Controller no longer needs the personal data for processing purposes, but you need it in order to assert, exercise or defend legal claims; or

(4)     if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet certain whether the legitimate reasons of the Data Controller outweigh the grounds of your objection.

If the processing of personal data concerning you has been restricted, this data may – apart from their storage - only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of major public interest of the European Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, the Data Controller will inform you before the restriction is lifted.

4.    Right to deletion


a)    Duty to delete


You may require the Data Controller to delete your personal information without delay, and the Data Controller will be required to delete this information immediately, provided one of the following grounds applies:

(1)     The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2)     You withdraw your consent on which the processing pursuant to Article 6(1) point a or Article 9(2) point a GDPR was based, and there is no other legal basis for the processing.

(3)     You raise an objection to the processing pursuant to Article 21(1) GDPR and there are no prior justifiable reasons for the processing, or else you raise an objection to the processing pursuant to Article 21(2) GDPR.

(4)     The personal data concerning you has been processed unlawfully.

(5)     The personal data concerning you must be deleted in order to fulfil a legal obligation under European Union law or the law of the Member States to which the Data Controller is subject.

(6)     The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) GDPR.

b)    Passing information to third parties


If the Data Controller has rendered the personal data concerning you public and  pursuant to Article 17(1) of the GDPR is subject to a duty to delete it, it shall, taking into account the available technology and implementation costs, take appropriate steps, including the relevant technical methods, to inform the data controllers who process the personal data that you have been identified as being the Data Subject who has requested deletion of all the links to such personal data or the deletion of all copies or replications of such personal data.

c)    Exceptions


The right to deletion does not exist if the processing is required

(1)     in order to exercise the right to freedom of expression and information;

(2)     in order to fulfil a legal obligation that requires processing under European Union or Member State law to which the Data Controller is subject or for the performance of a public-interest or public-authority task transferred to the Data Controller;

(3)     for reasons of public interest in the field of public health pursuant to Article 9(2) point h and i and Article 9(3) GDPR;

(4)     for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, insofar as the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

(5)     in order to assert, exercise or defend legal claims.

5.    Right to information


If you have asserted the right to correction, deletion or restriction of data processing against the Data Controller, he / she is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing: except where this proves to be impossible or involves a disproportionate amount of effort.

In relation to the Data Controller, you have the right to be informed about these recipients.

6.    Right to data portability


You have the right to receive personally identifiable information you provide to the Data Controller in a structured, commonly-used and machine-readable format. In addition, you have the right to transfer this data to another Data Controller without hindrance by the existing Data Controller, whereby the said data must be supplied to the former, provided that

(1)     the processing is based on consent pursuant to Article 6(1) point a GDPR or Article 9(2) point a GDPR or on a contract pursuant to Article 6(1) point b GDPR and

(2)     the processing is carried out using automated procedures.

In exercising this right, you also have the right to ensure that the personal data relating to you is transmitted directly from one Data Controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected thereby, however.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the Data Controller.

7.    Right to object


You have the right at any time, for reasons that arise from your particular situation, to raise an objection against the processing of your personal data, which takes place pursuant to Article 6(1) point e or f GDPR; this also applies to profiling based on these provisions.

The Data Controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, to exercise your right to object through automated procedures that follow certain technical specifications.

8.    Right to withdraw data protection declaration


You have the right to revoke your data protection declaration at any time. The withdrawal of consent should not affect the lawfulness of the processing based on consent prior to the withdrawal.

9.    Automated decision on an individual basis including profiling


You have the right not to be subjected to a decision based solely on automated processing - including profiling - that would have some legal effect or would significantly affect you in a similar manner. This does not apply if the decision

(1)     is necessary for the conclusion or performance of a contract between you and the Data Controller,

(2)     is permitted by European Union or Member State legislation to which the Data Controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3)     is carried out with your express consent.

However, these decisions must not be based on special categories of personal data under Article 9(1) GDPR, unless Article 9(2) point a or g applies and reasonable measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the Data Controller shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the Data Controller, to express his / her own position and to challenge the decision.

10.  Right to complain to a supervisory authority


Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you believe that the processing of the personal data concerning you breaches the GDPR.

The supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.


last updated: 05.2018

You successfully objected to the storage of data.

You successfully agreed to the storage of data.