I. Name and address of the controller
The controller in the sense of Article 4 Para. 7 EU regulation 2016/679, referred to as the General Data Protection Regulation (GDPR), other national data protection laws of the member states and other data protection regulations is:
momox GmbH
represented by managing directors Christian Wegner, Heiner Kroke Frankfurter Allee 77
10247 Berlin
II. Name and address of the data protection officer
The controller’s data protection officer is
Mr Christian Regnery intersoft consulting services AG
Fischerinsel 16
10179 Berlin
Email: privacy(at)momox.co.uk
III. General information about data processing
1. Scope of processing personal data
You can generally visit us (Internet services, notably momox GmbH websites) without telling us who you are. Your browser automatically transmits various data when visiting our website, see below “IV. Provision of the website and creation of log files”. This information is analysed purely for statistical purposes and then deleted. Our services are reserved for adult visitors.
Personal data is only collected on our website if you provide it to us of your own accord (e.g. when opening a user account or as part of the order process). We use this data exclusively for the purposes stated in each case, as listed below.
We contractually bind external service providers who process personal data for us, so-called “external processors”, in accordance with Article 28 GDPR. These external processors have been carefully selected by us, specifically commissioned and are bound to our instructions. The GDPR refers to states outside the European Union/European Economic Area as third countries and regulates transfers there separately in accordance with Articles 44 to 49 GDPR. In some cases, we use external processors in third countries and name them below. For the USA, the EU Commission has assessed the adequacy of the data protection level there in accordance with Article 44 Para.
3 GDPR the EU-US Privacy Shield (C(2016) 4176 final). Our external processors in the USA are certified according to this.
We maintain up-to-date technical measures to guarantee the protection of personal data. These are always adapted to state-of-the-art technology.
2. Legal basis for processing personal data
If we obtain the consent of the data subject for processing personal data, Article 6 Para. 1 Lit. a GDPR serves as the legal basis for processing personal data.
When processing personal data required for the performance of a contract to which the data subject is a party, Article 6 Para. 1 Lit. b serves as the legal basis. This also applies to processing required for executing precontractual measures.
In accordance with Article 6 Para. 1 Lit. f), processing personal data is also lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child.
3. Date deletion and storage duration
The personal data of the data subject is deleted or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
On every visit to our website, our system automatically collects data and information from the computer system of the computer being used.
The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with that of the user’s other personal data. However, in the event of an error in an interface query, we also log the ID (identification under a pseudonym), the IP address and the relevant http query, if used by the requesting user to enable subsequent error analysis and correction.
The use of the scan function when collecting media for sale to us requires access to the camera function. However, this does not allow access to image files etc. created so far. The product's barcode (ISBN, EAN) is recognized by the device and only this information (i.e. no images) is transmitted to us.
2. Legal basis for data processing
If our log files mean the processing of personal data, the legal basis is Article 6 Para. 1 Let. b and f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary within the meaning of Article 6 Para. 1 Lit. b GDPR to enable delivery of the website to the user’s computer. The user’s IP address must be stored for its duration for this purpose. The repeated automatic reading of websites (so-called “scraping”) is also made more difficult by recording the IP address. Data storage in the event on an error is necessary in the meaning of Article 6 Para. 1 Lit. f GDPR to ensure the functionality of the website.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of the IP address, this is truncated, therefore made anonymous when the respective session has ended. The data therefore no longer contains personal references. All log files are deleted after 50 days.
5. Objection or removal option
The collection of the data for website provision and data storage in log files is necessary for operating the website. As a result, there is no objection option for the user.
V. Use of cookies
1. Description and scope of data processing
The websites use so-called “cookies” in several places. Their purpose is to make our website more user-friendly and effective. Cookies are small text files that are placed on your computer and saved by your browser. Some of the cookies we use are so-called “session cookies” that are automatically deleted when you close your browser. In addition, there are also some persistent cookies that we use to recognise you as a visitor. Cookies do not harm your computer and do not contain any viruses. If you do not want cookies to be installed, you can deactivate the acceptance of cookies in your browser. However, we would like to point out that you may not be able to use our website in full with deactivated cookies.
The user data collected in this way is pseudonymised by technical precautions. Therefore, it is not possible to assign the data to the accessing user as a person. The data will not be stored together with the user’s other personal data unless otherwise described below.
The first time our website is accessed, users are informed about the use of cookies via an info banner and are referred to this data privacy policy.
This also includes an indication of how the storage of cookies can be prevented in the browser settings.
The following data is stored and transmitted in the technically necessary cookies:
We also use cookies on our website that enable an analysis of the usage behaviour, the advertising success (so-called conversion) and retargeting of the users on websites of third parties. Third parties can store cookies on the user’s device directly when visiting our websites or we transmit IDs without personal reference.
The following data can be transmitted in this way:
We use the following third-party providers to analyse usage behaviour:
We use the following third-party providers to re-target the user (remarketing):
We use the following third-party providers to analyse advertising effectiveness:
2. Legal basis for data processing
If our use of cookies means the processing of personal data, the legal basis is Article 6 Para. 1 Let. b and f GDPR.
3. Purpose of data processing
The purpose of using of technically necessary cookies according to Article 6 Para. 1 Lit. b GDPR is to simplify the use of websites for users. Some functions on our website cannot be offered without using cookies. For this it is necessary that the browser is recognised even after a page change.
We require cookies for the following applications:
The user data collected by technically necessary cookies is not used to create user profiles.
If the other cookies are processed, we have a legitimate interest in processing the personal data in accordance with Article 6 Para. 1 Lit. f GDPR:
the use of analysis cookies is for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can therefore constantly optimise what we offer. We recognise which advertising measures caused our websites to be visited (conversion tracking). We can determine how successful the individual advertising measures are in relation to the data of the advertising measures. We are interested in showing you advertisements that are of interest to you, in making our website more interesting and easier for you and in achieving a fair calculation of advertising costs.
Retargeting is done to address previous users of our websites again on third party websites and to motivate them to interact. Users receive advertising content on third party websites that is related to their interests rather than general.
4. Storage duration
Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent (see “technically necessary cookies” above).
The cookie storage duration is indicated above. Otherwise, they are set indefinitely until you delete the memory in the browser.
5. Objection or removal option
You can disable or restrict the processing of cookies by the service providers used by us using the aforementioned links. Furthermore, you can use the preference management of the “yourchoices” commitment for Internet-based advertising: http://www.youronlinechoices.com/de/praferenzmanagement/
The objection is valid as long as the related opt-out cookie is not deleted. This cookie is set for the domain, per browser and user of a computer. If you access our website from multiple devices and browsers, you must therefore object to data collection separately and again on each of these devices and in each browser.
VI. Advertising emails (newsletter)
1. Description and scope of data processing
On our website there is the option of subscribing to a free newsletter. This data is transmitted to us when you register for the newsletter:
Your consent is obtained for data processing and reference is made to this data privacy policy during the registration process. You will then receive an email asking you to confirm your registration (double opt-in process). If you are a customer, we will create the newsletter for you as individually as possible, taking into account your previous purchases and sales.
If you buy or sell goods on our website and provide us with your email address, we may subsequently use it to send you a newsletter. If this is the case, only direct advertising for our own similar goods or services will be sent via the newsletter. We will send you reminders for incomplete transactions (shopping basket) and ask you to participate in surveys by email. In addition, you will receive loyalty messages by email if you did not carry out any transactions at all on a particularly regular basis or for a longer period of time.
This regulation will be brought to your attention when you register or when buying or selling.
We would like to point out that we measure the use of the newsletter. For the evaluation, the emails sent contain so-called “web beacons” or “tracking pixels” which represent single-pixel image files stored on our website. For the evaluation we link the data and the web beacons with your email address and an individual ID. Links contained in the newsletter are also provided with an ID. We create a user profile with the data obtained in this way to tailor the newsletter to your individual interests. When you read our newsletter, we record which links you click on in it and deduce your personal interests. We link this data to your actions on our website.
No data is passed on to third parties for their own purposes in connection with data processing for sending of newsletters.
We use the optivo broadmail service from Episerver GmbH, Wallstraße 16, 10179 Berlin for sending the newsletter. Data may also be transferred to third countries within the Episerver group. The agreement on external data processing and certification according to EU-US Privacy Shield is available.
2. Legal basis for data processing
The legal basis for processing the data after the user has registered for the newsletter is Article 6 Para. 1 Lit. a GDPR if the user has given consent.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 Para. 3 Unfair Competition Act (UWG).
The legal basis for providing shopping basket reminders, surveys and measuring usage is Article 6 Para. 1 Lit. a Lit. f GDPR.
3. Purpose of data processing
Collecting the user’s email address is for delivering the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
Messages to customers for shopping basket reminders or loyalty campaigns offer targeted communication for users and us. Requests for surveys and reviews are also in our legitimate interests because they improve our services.
Profiling based on previous purchases, sales and use of the newsletter is in our legitimate interest in order to send relevant news to users.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user’s email address will therefore be stored as long as the newsletter subscription is active.
The other personal data collected during the registration process will generally be deleted after a period of seven days.
After cancellation, we store the data purely statistically and anonymously.
5. Objection or removal option
The newsletter subscription can be cancelled by the user concerned at any time. There is a corresponding link in each newsletter for this purpose. Furthermore, you have the option of cancelling the newsletter in your customer account. For more information see “Rights of the data subject” below.
You can also restrict usage measurements by deactivating the images displays in your email program as standard.
VII. Emails for reviews
1. Description and scope of data processing
If you register, buy or sell goods on our website and provide your e-mail address or subscribe to the newsletter, we may ask you by email to review our performance and/or the product. This is done using the services specified in the email or on third platforms (such as Shopauskunft or Trustpilot). Participation in reviews is always voluntary. The platforms do not receive any personal data from us unless otherwise stated here.
We use the following third parties:
2. Legal basis for data processing
The legal basis for asking for reviews is Article 6 Para. 1 Lit. f GDPR.
3. Purpose of data processing
The purpose of collecting the email address and information about using our service is to send the message with a review request. Data processing by us or our contractors is in the legitimate interest of improving our services for users and increasing our reach through (positive) reviews.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection.
5. Objection or removal option
Cancelling the newsletter means that you will no longer receive emails from us asking for reviews.
VIII. Push notifications
1. Description and scope of data processing
There is an option on our website to consent to push notifications. These are brief pieces of information that you receive via your browser. This data is transmitted to us when you register for push notifications:
Please note that we measure the use of push notifications.
We use the service accengage from accengage S. A., 31 rue du 4 septembre, 75 002 Paris, France for managing push notifications. In this context, data (name, email address) is collected and stored from which user profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are evaluated to improve and design our offer in line with demand. You will find more information on Accengage and data privacy at https://www.accengage.com/privacy-policy. Accengage only receives the relevant data if the user accepts push notifications (in the browser). Accengage will automatically delete this user data after opting out (in the browser) or after 12 months of inactivity by the user.
2. Legal basis for data processing
The legal basis for processing the data after the user has registered for push notifications is Article 6 Para. 1 Lit. a GDPR if the user has given consent.
3. Purpose of data processing
Collection of the aforementioned data is for delivering push notifications.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. It is therefore stored as long as the subscription is active. The other personal data collected during the registration process will generally be deleted after a period of seven days. After cancellation, we store the data purely statistically and anonymously.
5. Objection or removal option
The push notification subscription can be cancelled by the user concerned at any time. Please use your browser configuration: settings for contents/websites, then switch off the notifications/messages. You can also use the symbol to the left of the URL in the browser for the respective website’s settings. For more information see “Rights of the data subject” below.
IX. Advertising mail
1. Description and scope of data processing
If you buy or sell goods on our website and provide us with your postal address, we may subsequently use it to send you advertising mail. If this is the case, only direct advertising for our own similar goods or services will be sent. This regulation will be brought to your attention when you register or when buying or selling.
For sending advertising mail, we use the letter shop adressdruck.de, Wilhelm-Kabus-Straße 21-35, 10829 Berlin.
2. Legal basis for data processing
The legal basis for sending advertising mail as a result of the sale of goods or services is Section 7 Para. 3 Unfair Competition Act (UWG).
3. Purpose of data processing
Collection of the postal address is for delivering advertising mail.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user’s postal address will therefore be stored until there is no further registration (see below).
5. Objection or removal option
You can object to the receipt of advertising mail for the future according to Article 21 Para. 2, 3 GDPR.
X. Registration
1. Description and scope of data processing
On our website, we offer users the option of registering by providing personal data. The data is entered into an input screen, transmitted to us and saved. No data is passed on to third parties. The following data is collected as part of the registration process:
The following data will also be stored at the time of registration:
As part of the registration process, the user’s consent to the processing of this data is obtained with reference to our general terms and conditions and this data privacy policy.
We use the search function of registered users to record which articles have been researched. This is done to provide the user with particularly relevant information, such as previous searches, and the marketing of similar items. Search queries are also statistically evaluated in order to optimize our websites.
2. Legal basis for data processing
The legal basis for processing the data is Article 6 Para. 1 Lit. a and Lit. b GDPR.
The legal basis for the processing of search queries is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The user gives his/her consent. The user’s registration is necessary for fulfilling a contract with the user and/or for executing precontractual measures. This concerns our purchase and sale of goods by or to the user.
Search queries are processed in our legitimate interest in order to display relevant content to users and to improve our websites.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. This is the case for the data for fulfilling a contract or executing precontractual measures
if the data is no longer required for executing the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to fulfil contractual or legal obligations.
The searches are recorded up to the point of opposition, see point below.
5. Objection or removal option
As the user, you have the option of cancelling registration at any time by sending an email to our support team or using our contact form. You can change the data stored about you at any time. For more information see “Rights of the data subject” below.
If the data is required to fulfil a contract or to execute precontractual measures, premature deletion of the data is only possible if there are no contractual or statutory obligations to the contrary.
XI. Buying and selling goods
1. Description and scope of data processing
On our website, we offer customers the option of selling us good and buying goods from us. The user’s consent to the processing of this data is obtained as part of the buying and selling process.
The data will be transmitted to us and stored in accordance with the user’s registration data in connection with goods, means of payment and shipping information selected by the user. The following user data is collected during the purchase and sale process and transmitted to the service providers named here:
a. Klarna: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, is the responsible party. You will find information on data privacy and also possible credit checks, etc. by BillPay GmbH, Zinnowitzer Str. 1, 10115 Berlin, here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
b. Paypal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, is the responsible party. You will find information on data privacy and also possible credit checks by other service providers here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
c. PayOne: BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, is the responsible party (credit cards and direct debits). You will find information on data privacy and also possible credit checks by other service providers here: https://www.bs-card-service.com/de/datenschutz/
d. Amazon Payments: All personal data that you provide to Amazon Payments or that is collected during the payment process is primarily checked by Amazon Payments s.c.a. (as the responsible party) and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located on 5, Rue Plaetis L 2338, Luxembourg. You confirm the data privacy policy when you register for Amazon: https://pay.amazon.com/de/help/201751600
5. Delivery information: if we have goods delivered to you, we pass your data on to the transport company commissioned with delivery if this is required for delivery or status update. The service provider is always indicated in the order. These are currently:
a. Deutsche Post AG and DHL Paket GmbH
b. Hermes Germany GmbH
c. PIN Mail AG
d. Asendia Management SAS
e. Postcon Deutsch-land B.V. & Co. KG
6. Inclusion in the Trusted Shops quality label: The Trusted Shops trust badge is included on this website to display our Trusted Shops quality label and the collected reviews as well as to offer Trusted Shops products to buyers after an order. This serves to protect our prevailing legitimate interests in the optimal marketing of our offer as part of balanced interests. The trust badge and associated services are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When clicking the trust badge, the web server automatically saves a so-called “server log file”, which contains e.g. your IP address, date and time of the click, transferred data volume and the requesting provider (access data) and documents the click. This access data is not evaluated and is automatically overwritten seven days after the end of your website visit at the latest. Other personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
7. If you purchase new books on our website, we use the dealer Libri GmbH, Friedensallee 273, 22763 Hamburg, for selling the goods. Libri GmbH therefore receives information regarding the ordered book and the delivery address.
2. Legal basis for data processing
The legal basis is Article 6 Para. 1 Lit. a, b and f GDPR.
3. Purpose of data processing
The user gives his/her consent. Processing data for logistics, payment and delivery is necessary for the fulfilment of the contract in accordance with Article 6 Para. 1 Lit. b GDPR. This concerns our purchase and sale of goods by or to the user. With regard to the
inclusion of the Trusted Shop quality label and work of Libri GmbH, there is a legitimate interest in accordance with Article 6 Para. 1 Lit. f GDPR.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection.
This is the case for data during the purchase and sale contract or for executing precontractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to fulfil contractual or legal obligations.
5. Objection or removal option
If the data is required to fulfil a contract or to execute precontractual measures, premature deletion of the data is only possible if there are no contractual or statutory obligations to the contrary.
You can change the data stored about you at any time. For more information see “Rights of the data subject” below.
XII. Contact form and email contact
1. Description and scope of data processing
There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input screen will be transmitted to us and stored. The user’s message and email address are required. Other information is optional:
Your consent is obtained for data processing and reference is made to this data privacy policy during the sending process.
Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored.
2. Legal basis for data processing
The legal basis for processing data is Article 6 Para. 1 Lit. a GDPR if the user has given consent.
If the aim of the email is concluding a contract, the additional legal basis for processing is Article 6 Para. 1 Lit. b GDPR.
3. Purpose of data processing
The user gives his/her consent. Processing personal data from the input screen is for processing any contact.
4. Storage duration
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the contact form input screen and that which was sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances show that it is certain that the matter in question has been conclusively resolved.
5. Objection or removal option
The user has the option of revoking his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In a case such as this, the conversation cannot be continued. For more information see “Rights of the data subject” below.
XIII. Rights of the data subject
If your personal data is processed, you are the data subject according to GDPR and you are entitled to the following rights with regard to the controller:
1. Right to information
You can ask the controller to confirm whether personal data concerning you will be processed by us.
If processing has taken place, you can request the following information from the controller:
2. Right to correction
You have a right to the correction and/or completion by the controller if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restrict processing
You may request that the processing of personal data concerning you be restricted under the following conditions:
If the processing of personal data concerning you has been restricted, this data may only be processed – aside from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for protecting the rights of another natural or legal person or on grounds of important public interest of the European Union or a member state.
If the processing restriction has been restricted in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You can request that the controller delete the personal data concerning you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
b) Information to third parties
If the controller has made personal data concerning you public and is obliged to delete it according to Article 17 Para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
The right to deletion does not exist if processing is required
5. Right to notification
If you have exercised your right to have the controller correct, delete or limit processing, it is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or processing restriction, unless this proves impossible or involves a disproportionate effort.
You shall also have the right to be informed about these recipients by the controller.
6. Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another controller without any obstruction by the controller to whom the personal data was made available provided that
In exercising this right, you also have the right to affect that the personal data concerning you be transferred directly from one controller to another if this is technically feasible. Freedoms and rights of other people may not be affected because of this.
The right to data transferability does not apply to processing personal data necessary for performing a task in the public interest or in the exercise of public authority assigned to the controller.
7. Right to objection
You have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you under Article 6 Para. 1 Lit. e or f GDPR at any time; this also applies to profiling based on these provisions.
The controller no longer processes the personal data concerning you, unless it can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object to the processing of personal data concerning you for the purpose of this kind of advertising at any time according to Article 21 Para. 2, 3 GDPR; this also applies to profiling if it is in connection with this kind of direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option of exercising your right of objection using automated procedures in which technical specifications are used, in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
8. Right to revoking the declaration of consent relating to data privacy
You have the right to revoke your declaration of consent relating to data privacy at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
However, these decisions may not be based on special categories of personal data according to Article 9 Para. 1 GDPR unless Article 9 Para. 2 Lit. a or g applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.
In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state its own position and to challenge the decision.
10. Right to complain to a supervisory authority
Irrespective of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state in which you are residing, working or suspected of violation, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
11. Validity of this data privacy policy
We reserve to right to makes changes to these data privacy guidelines from time to time. The current version can be seen on our website. If a change significantly restricts the rights of registered users, we will notify them. Furthermore, the currently available data privacy policy is valid for our website users.