1. General
Juridas BV, a private limited liability company incorporated in Belgium registered with the Register for Legal Entities (Rechtspersonenregister) in Antwerp, division Antwerp under the number 0731.911.124 (VAT number: BE0731911124), collects, processes and uses the user's personal data in compliance with the Belgian and European data protection regulations. Apart from certain particulars required to offer you our services, you may determine yourself which information to provide.
On Collexy, secure transmission technologies are used. However, data transfer on the Internet, especially the communication via e-mail, may involve security gaps. A complete data protection against access of third parties is not possible.
By using the website www.collexy.com (“Platform”), whether or not as a registered user, the user grants their consent to the collection, processing and use of the entered personal data by the Juridas BV as responsible entity on their servers. Please note that the data transmitted by you as part of the use of Collexy are processed and saved by means of an EDP system. It is understood that we treat your personal data strictly confidentially.
Juridas BV only collects personal data, i.e. specific data about the personal or factual circumstances of a particular or identifiable natural person, to the extent necessary for the performance of the contract and for the provision of contractual services. The collection of data is carried out exclusively to the extent provided by you.
The processing of personal data may consist in saving, changing, transmitting, blocking and deleting these data. Any personal data are only saved by us as long as this is necessary for the respective specified purpose or we are obligated by law to save this information.
Already when visiting Collexy, your information may also be saved to the server when having access (e.g. date, time, pages visited). This data is not considered personal data, but they are anonymised, for example name of the Internet provider, type of Internet browser, pages visited on Collexy. These data are used for statistical purposes only and to improve our services. By accessing the site, data may also be saved on your computer. These data are called “cookies” and they facilitate the use of Collexy. However, you have the option to deactivate this function in your web browser. This may result in limitations when using Collexy.
The user's personal data will not be transmitted to any third party. Exempt from this are only the service partners of the Juridas BV needed for the completion of the contractual relationship, e.g. providers of payment services (such as e.g. Stripe) as well as a transmission of data to authorities within our legal obligations. In these cases, the provisions of the Belgian law for the protection of natural persons with respect to the processing of personal data of 30 July 2018 (“Belgian GDPR law”) will be strictly observed, the data transfer will be restricted in any event to a minimum extent.
You can withdraw consent with effect for the future at all times and without limitations. Please send an e-mail to for exercising the withdrawal.
You have the right to information free of charge on your stored personal data as well as to the correction, deletion or blocking thereof, in as far as personal data are concerned for the purposes of the Belgian GDPR law. In order to contact us, please send an e-mail to tom.ceulemans@collexy.com.
2. Controller and data protection officer
The controller for the purposes of the GDPR and Belgian GDPR law is Juridas BV with crossroad bank of enterprises no. 0731.911.124 represented by Tom Ceulemans. The data protection offer of the controller is Tom Ceulemans (tom.ceulemans@collexy.com).
3. Information on the data processing
Generally speaking, the processing of personal data is only done to the extent necessary for the provision of a functional website including contents and services. Regular processing of data is only done upon consent of the data subject. As an exception, the processing of data is done without consent of the data subject if this is not possible for practical reasons and the processing of data is permitted by legal provisions.
The legal bases for the processing of personal data is as follows:
- - Art. 6 (1) (a) GDPR so far as the consent of the data subject has been obtained for the processing of personal data.
- - Art. 6 (1) (b) GDPR insofar as this is necessary for the performance of a contract to which the data subject is a contractual party. This also applies to processing necessary for the implementation of pre-contractual measures.
- - Art. 6 (1) (c) GDPR insofar as the processing of personal data is necessary for the performance of a legal obligation to which the company is subject.
- - Art. 6 (1) (f) GDPR insofar as this is necessary for the processing for the protection of a legitimate interest of the company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the data storage is no longer applicable. Storage beyond this purpose can be done if this is required by relevant national or European regulations. Blocking or deleting of the data is also done when a retention period prescribed by the aforementioned regulations expires unless further storage of data is required for the conclusion or performance of a contract.
4. Data collection when using Collexy
With each visit to Collexy, the system automatically records data and information from the computer system of the calling computer.
The following data can be collected:
- - IP address
- - Time and date of access
- - Time zone difference with Greenwich Mean Time (GMT)
- - Contents of the website
- - Access status (HTTP status)
- - Data volume transferred
- - Web browser
- - Browser language and version
- - Operating system
- - The website from which you entered Collexy
The data are saved in the log files of the system. This data is not stored with other personal user data.
The legal basis for this is Art. 6 (1) (f) GDPR.
The collection and temporary storage of the IP address is necessary to enable the presentation of Collexy on your device. For this, your IP address has to be saved for the duration of your visit of the Collexy. An analysis of these data for marketing purposes does not take place.
The data are deleted when the respective session is ended. If these data are saved in log files, this is done at the latest after seven days. Storage beyond this is possible. In this case, the users' IP addresses are deleted or alienated so that they can no longer be assigned to the calling client.
The collection of data for the availability of Collexy and the storage of data in log files for availability of Collexy are absolutely necessary. Therefore, there is no possibility of appeal.
5. Data collection when registering at Collexy
Collexy offers users to register by entering personal data. For this, the data is entered into an input field, then transmitted and saved. There will not be a transfer to a third party.
The following data is collected:
- - Username
- - First name and last name
- - Language preference
- - Phone number
- - Address (street, house number, post box, postal code, country)
- - E-mail address
- - Time and date of registration
Commercial users are also required to enter the company name, the VAT ID and the phone number. Where applicable, a tax statement is required pursuant to Article 53, §1 of the Belgian VAT code or their respective national laws. Users who use our platform as non-commercial sellers are required to enter their birth date in addition to the above mentioned data.
During the registration process the user's consent for the processing of these data is obtained with reference to the privacy policy.
The legal basis for this, upon consent of the user, is Art. 6 (1) point (a) GDPR. If the registration serves the performance of a contract to which the user is a contractual party or serves the implementation of pre-contractual measures, Art. 6 (1) point (b) GDPR is an additional legal basis for the processing of data. As far as we are obliged to process data of commercial users and private sellers, the legal basis is Art. 6 (1) point (c).
The registration of the user is required to set up a customer account. It serves to identify the user and to perform the user contract via the service. The data entered by commercial users or private sellers are collected for the fulfillment of our legal obligations to the financial authorities.
The data will be deleted as soon as it is no longer required for the fulfilment of the purpose for which they were collected. This is the case during the registration process for the performance of a contract or the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be required to save personal data of the contractual partner to meet contractual or legal obligations.
Data subjects may modify at any time the user data (except their name and birthday) in their user profile under www.collexy.com/settings/profile. Where the data is required for the performance of a contract or the implementation of pre-contractual measures, an advance deleting of data is only possible in so far as the deletion is not barred by contractual or legal obligations. If the recorded name or birthday is incorrect, please reach out to our customer support team to correct the data.
6. Data collection when using the marketplace
To use the online marketplace, inventory and collection data (e.g. names and addresses as well as contact data of users, user names of authorised users) and contract data (e.g. services used, names of contact persons, payment information) are processed as well as the IP address and the time of the respective user intervention, the user ID and the accessed URLs. This data is stored in the log files of our system. Apart from that, data of third parties entered by the user are processed.
The legal basis for the processing of data upon consent of the user is Art. 6 (1) (a) GDPR, the consent is obtained upon conclusion of the contract, and Art. 6 (1) (b) GDPR, as the processing of the specified data serves to perform a contract to which the user is a contractual party or to implement pre-contractual measures.
Finally, processing is done to improve our services for the benefit of the analysis, optimisation and the economic operation of Collexy for the purposes of Art. 6 (1) (f) GDPR.
The purpose of the procession
- - of the inventory data (e.g. names and addresses as well as user contact data) and contract data (e.g. services used, names of contact persons, payment information) is the implementation of the contract as well as billing purposes.
- - of user names and the entries of the respective users is to ensure the access authorisation of the service.
- - of the IP address, time of the respective user intervention as well as the accessed URLs is done to optimise our services and to continually improve the user experience.
- - of third party data entered by the user is the implementation of the contract and the provision of the contracted services.
The data will be deleted as soon as they are no longer required for the fulfilment of the purpose for which they were collected. This is the case for the data collected during the registration process for the performance of a contract or the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be required to save personal data of the contractual partner to meet contractual or legal obligations (especially fiscal retention periods).
Data subjects may modify or delete the saved data at any time. Where the data is required for the performance of a contract or the implementation of pre-contractual measures, an advance deleting of data is only possible in so far as the deletion is not barred by contractual or legal obligations. In particular, the notice periods of current contracts shall remain unaffected.
7. Payments, buyer protection provider and payment service provider
If you are redirected to the website of a payment service provider for a payment transaction, the data entered by you will be processed directly by the buyer protection provider and payment service provider. The Privacy Policy of the respective payment service provider applies.
Buyer protection provider is TRUSTAP
Payment service provider is STRIPE
With respect to the legal bases, Art. 6 (1) (a) GDPR is the legal basis for the processing of payment data by the user upon consent from the user and Art. 6 (1) point (b) GDPR serves as legal basis for the processing of personal data, insofar are this data is required for the fulfilment of a contract.
The collection of data is done solely for the fulfilment of the contract.
The data will be deleted as soon as it is no longer required for the fulfilment of the contract for which it was collected. This is the case for the personal data if the respective contractual relation with the person concerned was terminated. A contractual relation is considered terminated if the person concerned can no long be considered a client (e.g., by deleting the account).
The person concerned may at any time withdraw consent to the processing of personal data. Any obligation needed to fulfil the contracts remains unaffected by this.
8. Use of cookies
Collexy uses cookies. Cookies are text files, which are saved in the web browser or by the web browser on the user's computer system. This cookie contains a distinctive string of characters that enable the clear identification of the browser upon re-entering Collexy. Cookies cannot transmit viruses onto the device or execute programs.
Cookies help to make the Collexy more user-friendly. Some elements of Collexy require the identification of the calling browser even after the page was changed.
Insofar as cookies are technically not necessary, these are only loaded when the user has given consent. For this, we are using a plugin that will not collect any personal data itself. The information about an existing consent, for its part, is saved as a cookie. However, no personal data is collected for this purpose.
Transient cookies are deleted automatically when the session is closed. These include e.g. session cookies which save the so-called session ID and by means of which the different web inquiries can be allocated to the joint session. This allows for the device to be recognized in a new session.
Persistent cookies are deleted automatically after a prescribed retention period, which may be different for each cookie. The corresponding settings may be deleted at any time in the settings of the web browser.
- - Log-in information
- - Language settings
- - Entered search terms
- - Number of website calls
- - Use of different functions of the website
The legal basis for the use of technically necessary cookies is Art. 6 (1) (f) GDPR.
The purpose of the application of technically necessary cookies is to simplify the use of websites for the user. Some functions of Collexy cannot be offered without the use of cookies. For this, it is necessary that the browser be recognised after a change of page.
The user data collected by technically necessary cookies are not used to create user profiles.
The legal basis for the application of technically necessary cookies is Art. 6 (1) point a GDPR, if the user has given consent to the respective cookie. The purpose for the application of technically not necessary cookies is to analyse the use of Collexy and to continually improve individual functions and offers as well as the user experience. By means of statistical analysis of the user experience, the offer can be improved and designed to be more interesting for the user. Further details may be taken from the respective sections of the privacy statement.
Cookies are saved on the user's computer and are transmitted from there to Collexy. Hence, you as user also have full control over how cookies are used. By changing the settings in your web browser, you can deactivate or limit the transmission of cookies separately from the opt-in banner. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for Collexy, it is possible that not all functions of Collexy can be used to their full extent.
9. Google Analytics
Collexy uses “Google Analytics”, a web analytics service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter referred to as: “Google”). Google uses cookies, text files which are saved on your device and which enable an analysis of Collexy use. The information about the use of Collexy generated by the cookie are usually transmitted to a Google server in the USA and saved there. If an anonymisation of the IP address to be transmitted by the cookie is activated on Collexy by the extension “_anonymizeIp()” (hereafter referred to as: IP anonymisation”), the IP address will be shortened beforehand by Google within the member states of the European Union or other signatory states of the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional cases. Google will use this information on behalf of the controller to evaluate the Collexy use, to compile reports about Collexy use and to perform further services connected to Collexy and Internet use. During this process, pseudonymous user profiles may be created from the processed data. The IP address transmitted using Google Analytics will not be merged with other Google data.
Collexy uses Google Analytics only with the activated IP anonymisation as described above. This means that Google will process your IP address only in the shortened form. Therefore, a personal traceability can be excluded.
Google Analytics is only activated via our cookie banners. Therefore, The legal basis for the processing is the the user's consent for the purposes of Art. 6 (1) (f) GDPR.
Collexy uses Google Analytics in order to analyse the Collexy use and to continually improve different functions and offers as well as the user experience. Using statistical analysis of the user behaviour, the offer can be improved and designed to be more interesting for the user. Herein also lies the legitimate interest in the processing of the above data by Google.
10. Microsoft Ads
Collexy uses “Microsoft Ads”, an advertising service of “Microsoft” of Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). In the process, Microsoft files a cookie on your device, provided that you have entered Collexy via a Microsoft Bing ad. Both Microsoft and controller are able to know that someone clicked on the ad, was redirected to Collexy and has reached a predetermined target page (conversion site). During this process, only the total number is recorded of users who have clicked on a Bing ad and were then redirected to the conversion site. Microsoft collects, processes and uses information via the cookie to create user profiles using pseudonyms.
Bing Ads will only be activated if you have given consent via our cookie banner. Therefore, the legal basis is the user's consent pursuant to Art. 6 (1) point a GDPR. The use of Bing Ads serves to analyse user behaviour and to show advertisements. No personal information on the identity of the user is processed.
11. Meta Ads
Collexy uses “Facebook Ads”, an analysis programme of the social network “Facebook.com” of the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereafter referred to as: “Facebook”) in order to track users' behaviour after they have clicked on a Facebook ad. The recorded data is collected anonymously and serves analysis for market research purposes. Facebook can connect this data to an existing Facebook account and use it for their own advertising purposes according to the Facebook data use policy.
The user can enable Facebook as well as their partners to place ads on and off Facebook. Furthermore, cookies may be saved to your computer for these purposes.
Facebook Ads will only be activated if you have given consent via the cookie banner. Therefore, the legal basis for the processing is the user's consent pursuant to Art. 6 (1) (a) GDPR.
Collexy uses Facebook Ads for marketing and optimisation purposes, particularly to place relevant and interesting ads, to improve reports on campaign performance or to avoid that the same ads are viewed several times. This is also the legitimate interest in the processing of the above data.
12. X Analytics
Collexy uses “X Analytics”, a web analysis service of X Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (in the following short: “X“). X uses cookies, small text files which are saved on the device and which enable an analysis of Collexy use. The information generated by the cookie about the use of Collexy are generally transmitted to a X server in the USA and saved there. X uses this information to analyse on behalf of the controller the use of Collexy, to compile reports about Collexy use and to provide further services related to the use of Collex and the Internet. This may be used to create pseudonymous user profiles using the processed data. The IP address transmitted using X Analytics will not be merged by with other data of X.
X Analytics will only be used if you have given consent via our cookie banner. Therefore, the legal basis for the processing is the user's consent pursuant to Art. 6 (1) (a) GDPR.
Collexy uses X Analytics in order to analyse the use of Collexy and to continually improve different functions and offers as well as the user experience. Using statistical analysis of the user behaviour, the offer can be improved and designed to be more interesting for the user. Herein also lies the legitimate interest in the processing of the above data by X.
13. X Ads
Collexy uses “X Ads”, an advertising service of X Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (in the following short: “X”) in order to track users' behaviour after they have viewed or clicked on a X ad. The recorded data is collected anonymously and serves analysis for market research purposes. X can connect this data to an existing X account and use it for their own advertising purposes according to the X data use policy.
The user can enable X as well as their partners to place ads on and off X. Furthermore, cookies may be saved to your computer for these purposes.
X Ads will only be activated if you have given consent via our cookie banner. Therefore, the legal basis for the processing is the user's consent pursuant to Art. 6 (1) (a) GDPR.
Collexy uses X Ads for marketing and optimisation purposes, particularly to place relevant and interesting ads, to improve reports on campaign performance or to avoid that the same ads are viewed several times. This is also the legitimate interest in the processing of the above data.
14. YouTube
Collexy is embedding videos of the online platform "YouTube". The YouTube operating company is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. It is a subsidiary of Google.
If the person concerned is logged in to YouTube, YouTube and Google collect information about which subpages this person visits. Data exchange takes place only when clicking the video.
Further information on YouTube are available at https://www.youtube.com/yt/about.
YouTube will only be activated if you have given consent or by clicking the video. Therefore, the legal basis for the processing is the user's consent pursuant to Art. 6 (1) point a GDPR.
Purpose is an improved presentation of Collexy and a user-friendly handling of videos without having to link to another platform.
Via the YouTube videos, YouTube and Google always receive information about the person concerned having visited Collexy when this person has been logged in to YouTube at the same time when visiting Collexy. This is done regardless of whether or not the person concerned clicks on a YouTube video. This transmission may be prevented by the person concerned logging out of YouTube first.
YouTube's privacy policy (available at https://www.google.de/intl/policies/privacy/) gives information about the collection, processing and use of personal data by YouTube and Google.
15. Google reCAPTCHA
Collexy uses “Google reCAPTCHA”, a Turing test by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter referred to as: “Google”). Google checks whether the data entries on Collexy are made by a person or an automated programme. For this, user behaviour is analysed using different attributes. The analysis starts automatically upon entering Collexy. For the analysis, reCAPTCHA analyses various information (e.g. IP address, time spent on Collexy or mouse movements by the user). The data collected in the analysis are transmitted to Google.
The reCAPTCHA analyses are running completely in the background. Collexy visitors are not notified that an analysis takes place.
The legal basis for the processing is Art. 6 (1) (f) GDPR.
The controller has the legitimate interest that Collexy be protected against improper automated spying and SPAM.
For further information on Google reCAPTCHA as well as on Google's privacy policy go to the following links:
16. Encrypted data transfer
When logging in (“Login”) or establishing a contact all data is transmitted via an encrypted connection using TLS technology. The certificate required for this, which has been installed on the server, has been issued by an independent organisation. An encrypted connection may be recognised by the change in the address bar of the browser from http:// to https://.
As soon as the encrypted TLS connection has been established, your entries transmitted to the shop can no longer be read by a third party.
17. Right of the data subject
If personal data is processed, the users are “data subjects” for the purposes of the GDPR and are entitled to the following rights towards the controller:
a. Right of access
The data subject may demand a confirmation from the controller on whether personal data is processed.
If such a processing takes place, the following information may be requested from the controller:
- - the purposes for which personal data are processed
- - the categories of personal data which are processed
- - the recipient or categories of recipients to whom the respective data have been disclosed or will be disclosed
- - the envisaged period for storing personal data or, if specific information is not available, the criteria used to determine that period
- - the existence of a right to rectification or deletion of personal data, of a right to restriction of processing by the controller or right of appeal against this processing
- - the existence of the right to lodge a complaint with a supervisory authority
- - any available information about the source of the data where personal data are not collected from the data subject
- - the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such data processing for the data subject.
The data subject shall have the right to information about whether personal data are transmitted to a third country or an international organisation. In this context, the data subject may request information on the appropriate safeguards pursuant to Art. 46 GDPR relating to the transmission.
b. Right to rectification
The data subject shall have the right to rectification and/or completion of data against the controller if the processed personal data are inaccurate or incomplete. The controller has to correct these data immediately.
c. Right to restriction of processing
The restriction of processing of personal data may be requested if one of the following conditions applies:
- - the accuracy of the personal data is contested for a period enabling the controller to verify the accuracy of the personal data
- - the processing is unlawful and the deletion of personal data is opposed and the restriction of their use is requested instead
- - the controller no longer needs the personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims
- - the processing has been objected pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject
Where the processing of personal data has been restricted, such data shall – with the exception of storage – only be processed with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where the restriction of the processing has been restricted under the above conditions, the data subject shall be informed by the controller before restriction is lifted.
d. Right to deletion
The data subject shall have the right to request from the controller the deletion of personal data without undue delay and the controller shall have the obligation to delete these data without undue delay where one of the following grounds apply:
- - the personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed.
- - the consent is withdrawn on which the processing is based pursuant to point (a) Art. 6 (1) or point (a) Art. 9 (2) GDPR and where there is no other legal basis for the processing.
- - the processing is objected to pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the processing is objected to pursuant to Art. 21 (2) GDPR.
- - the personal data have been unlawfully processed.
- - the personal data have to be deleted to comply with a legal obligation according to Union or Member State law to which the controller is subject.
- - the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to delete these data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the deletion of any links to, or copies or replications of, those personal data.
The right to deletion shall not apply to the extent that processing is necessary
- - for exercising the right of freedom of expression and information
- - for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- - for reasons of public interests in the area of public health pursuant to points (h) and (i) of Art. 9 (2) and Art. 9 (3) GDPR
- - for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR in so far as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing
- - for the establishment, the exercise or defense of legal claims
e. Right to notification
Where a right to rectification, deletion or restriction of the processing is claimed against the controller, the controller shall be obliged to communicate this rectification or deletion of data or the restriction of the processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The data subject shall have the right against the controller to be informed about those recipients.
f. Right to data portability
The data subject shall have the right to receive the personal data provided to the controller in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- - the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) Art. 9 (2) GDPR or on a contract pursuant to point (b) Art. 6 (1) GDPR, and
- - the processing is carried out by automated means
In exercising this right, the data subject shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons shall remain unaffected by this.
The right to data portability shall not apply for a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g. Right to object
The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data based on Art. 6 (1) (e) or Art. 6 (1) (f); including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data for such marketing; this includes profiling to the extent that it is related to such direct marketing.
Where processing for direct marketing purposes was objected to, the personal data shall no longer be processed for such purposes.
The data subject shall have the possibility, in the context of the use of information society services - notwithstanding Directive 2002/58/EG - to exercise your right to object by automated means using technical specifications.
h. Right to withdraw declaration of consent to the data protection law
The data subject shall have the right to withdraw the declaration of consent to the data protection law at any time. The withdrawal of consent shall not affect the lawfulness of the processing which has taken place based on the consent before its withdrawal.
i. Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based on automated processing - including profiling - which produces legal effects concerning the data subject or similarly significantly affects them. This shall not apply if the decision:
- - is necessary for entering into or performance of a contract between the data subject and the controller
- - is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms as well as legitimate interests
- - is based on the data subject's explicit consent
However, these decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless point (a) or (g) of Art. 9 (2) apply and suitable measures to safeguard the rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3) the controller shall implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
j. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy all data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if it is considered that the processing of data infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.