Welcome to Workray
Thanks for using our products and services on this website ("Services" or "Workray-Services"). The Workray-Services are provided by Jobsite UK (Worldwide) Limited, registered in England & Wales under company number 03097157 with registered office at Langstone Technology Park, Langstone Road Havant PO9 1SA, VAT number GB 197 0034 09, hereinafter referred to as "we", "us" or "Workray".
By using our Services, you are agreeing to these terms. Please read them carefully.
Please don't blame us for the legal text. We were forced by our lawyers to use it.
Scope of the Services and permitted use
The service works for selected email providers only. We endeavour to include further email providers constantly.
The Workray-Services do not include a spam filter nor a virus scanner. It's up to you to decide whether or not an email is safe to open.
You are in control of communications, between you and Workray. You can switch off any communication that Workray sends, except where such communication is necessary for the performance of the services (e.g. when we need to inform you of significant changes to the services).
You can remove any of the information that Workray stores about you, at any time, by logging in to your Workray account and choosing to close the account.
Please don't be a robot, we have designed this service for humans. Please do not sign up on behalf of others. If you want to do cool things with our service, get in touch. If we think you are misusing the 'service' we retain the right to deny access.
You agree not to:
- use the Workray-Services for any illegal activities
- infringe third parties' intellectual property rights
- attempt to probe, scan or test the vulnerability of the Workray-Services or any related system or network
- send or introduce any malicious code into the Workray-services and our systems, be it via an email or otherwise.
- access any third parties' email account through the Workray-Services without their explicit prior consent.
Disclaimer of Warranties and Limitation of Liabilities
THE WORKRAY-SERVICES ARE PROVIDED TO YOU "AS IS," AND "AS AVAILABLE," AND ALL WARRANTIES, EXPRESS OR IMPLIED, ARE HEREBY DISCLAIMED, INCLUDING ANY WARRANTY OF MERCHANTABILITY, TITLE/NONINFRINGEMENT, QUALITY OF INFORMATION, OR FITNESS FOR A PARTICULAR PURPOSE. NO INFORMATION OBTAINED BY YOU FROM US THROUGH THE WORKRAY-SERVICES SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED HEREIN. WITHOUT LIMITATION, WE DISCLAIM ALL WARRANTIES REGARDING THE AVAILABILITY OF THE WORKRAY-SERVICES, THAT THE WORKRAY-SERVICES WILL OPERATE ERROR-FREE, THAT DEFECTS WILL BE CORRECTED OR THAT THE WORKRAY-SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. YOUR USE OF THE WORKRAY-SERVICES IS AT YOUR OWN RISK, ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE WORKRAY-SERVICES IS PROVIDED AT YOUR OWN RISK, AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR ANY DATA LOSS THAT MAY RESULT FROM YOUR USE OF THE WORKRAY-SERVICES, INCLUDING WITHOUT LIMITATION, DAMAGE RESULTING FROM COMPUTER VIRUSES.
IN NO EVENT SHALL WE BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY, CONSEQUENTIAL OR OTHER DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO PROPERTY DAMAGE, LOSS OF USE, LOSS OF BUSINESS, ECONOMIC LOSS, LOSS OF DATA OR LOSS OF PROFITS, WITHOUT REGARD TO THE FORM OF ACTION (INCLUDING BUT NOT LIMITED TO CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTIONS) ARISING OUT OF OR IN CONNECTION WITH YOUR USE OR ACCESS OF THE WORKRAY-SERVICES OR ITS CONTENT, EVEN IF WE OR OUR BUSINESS PARTNERS, EMPLOYEES, REPRESENTATIVES OR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OR LOSS. NOTHING IN THESE TERMS EXCLUDES OR LIMITS OUR LIABILITY (I) FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, (II) FOR FRAUD OR FRAUDULENT MISREPRESENTATION, OR (III) FOR ANY MATTER WHICH IT WOULD BE ILLEGAL FOR US TO EXCLUDE OR ATTEMPT TO EXCLUDE ITS LIABILITY.
We are constantly changing and improving our services and therefore the terms and privacy agreement. We will notify you of any significant changes to the terms via email at least 30 days in advance of the effective date of changes. If you do not agree to the changes, you may terminate your Workray account. By continued use of the services after a change you consent to the change of the terms and the privacy statement.
We reserve the right to discontinue the Workray-Services at any time without notice to you. These terms are the entire and exclusive agreement between us and you regarding the Workray-Service, and these terms supersede and replace any prior agreements between us and you regarding the Service. If any provision of these terms is held to be invalid or unenforceable, the remaining provisions of the terms will remain in full force and affect.
Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance for Workray.
Who is responsible for the processing of your personal data?
The data controller (hereinafter referred to as "Workray" or "we") in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Jobsite UK (Worldwide) Limited,
Langstone Technology Park,
Langstone Road Havant PO9 1SA,
Contact details of the data protection officer
You can contact our data protection as follows:
Jobsite UK (Worldwide) Limited,
Langstone Technology Park,
Langstone Road Havant PO9 1SA
and by e-mail at firstname.lastname@example.org
Purposes and legal basis of the data processing and period for which data will be stored
In the following we inform you about the different purposes for which we process personal data, on which legal basis such processing takes place, and for how long we store the data.
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR will be the legal basis. This also applies to processing operations required to carry out pre-contractual actions. If processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) (c) GDPR is the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR is the legal basis for processing.
The personal data of the data subject will be stored for as long as the purpose continues.
Data processing in the context of a general use of our Platforms and services
General access to our Platforms
With each access to our Platforms, we automatically collect data and information from the accessing device and store this data and information in the log files of the server. We may collect (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (known as referrers), (4) the sub-web pages that are accessed on our website (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to defend any attacks against our IT systems. For security purposes, i.e. to be able to reconstruct an eventual attack against our Platforms, we store such data including the IP address for 14 days and then anonymize or delete such data. The IP address is required during the connection to transfer the contents of our Platform to your device. The legal basis for the processing and storage of the IP address is a legitimate interest as per Article 6 (1) (f) GDPR. The legitimate interest for the transmission of the IP address is that it is required to display the contents of the website; without transmission of the IP address it is not possible to display the content of the Platform. The legitimate interest for the temporary storage are our security interests.
If you register for a newsletter, we use your e-mail address to send you the respective newsletter, in which we regularly inform you about interesting topics. To ensure that you are properly registered for the newsletter, that is, to prevent unauthorized subscriptions on behalf of third parties, we will use a double-opt-in process and send you a confirmation e-mail after your first newsletter subscription; this e-mail will request you to confirm the subscription. The legal basis here is your consent in accordance with Art. 6 (1) sentence 1 a GDPR. In connection with your newsletter registration, we also store your IP address plus the date and time of registration and confirmation, so that we can trace and prove the registration at a later date. The legal basis for this storage is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR, where the legitimate interest is in being able to prove the registration. We will store your email address for sending you the newsletter until you unsubscribe or we stop sending the newsletter to you.
The newsletters contain what are known as tracking pixels tor the statistical evaluation of our newsletter campaigns. This is a miniature graphic embedded in HTML-formatted e-mails that lets us know if and when you opened an e-mail and which links in the e-mail were accessed. In this context your IP address will be transmitted to our servers, but we will not store the IP address or any other personal data. The legal basis for the use of these tracking pixels is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR, where the legitimate interest is in being able to evaluate and optimize our newsletters.
You may object to all types of Workray newsletters at any time.
Use of data processors for hosting and securing our platforms, administrative, troubleshooting, and support services
We use data processors to host our Platforms and for back-up services, meaning that personal data that is stored on our platforms is transferred to these data processors. These data processors are Amazon Webservices, Inc., 410 Terry Drive Ave North, WA 98109-5210 Seattle, USA (who processes data solely in the EU), StepStone GmbH, Axel-Springer-Str. 65, 10969 Berlin, Germany and StepStone Continental Europe GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany. These data processors will store the data for the same duration as it is stored on our Platforms for the various purposes defined in this Data Protection Policy
Administrative, troubleshooting, and support services
We use StepStone Services sp. z o.o., ul. Domaniewska 50, 02-672 Warsaw, Poland, for administrative, troubleshooting, and support services, and which may consequently also have access to your personal data. Generally StepStone Services sp. z o.o should not store any personal data. This will only be done in exceptional cases, e.g. if needed to rectify technical issues. In such cases personal data will only be stored to the extent and for the duration that is necessary.
Sending of e-mails and other messages
For the sending of e-mails and messages through other electronic channels we use the services of Selligent GmbH, Atelierstraße 12, 81671 Munich, Germany, as a data processor, who in turn uses the following subcontractors
- Selligent Benelux NV, Kempische Steenweg, 305 box 401 Belgium
- Selligent International, Avenue de Finlande 2 box 2, 1420 Braine-L'Alleud, Belgium
- Selligent France SA, 20 Place des Vins de France RCS, 75012 Paris, France
- Selligent SA, 1420 Braine-l'Alleud, 2 avenue de Finlande, Belgium
- Selligent Iberica S.L.U, Caille Enrique Granados 86-88, Planta 3 °, 0008 Barcelona, Spain
- Selligent Ltd, Second Floor, 45 Folgate Street, London E1 6GL, United Kingdom
Proxy caching and web application firewall
We use Akamai Technologies GmbH, Parkring 20-22, 85748 Garching, Germany and Akamai Technologies, Inc., 150 Broadway, Cambridge, 02142 MA, USA as data processors for the purposes of proxy caching and web application firewall services. That means that any visit to our websites is routed through the servers of Akamai, meaning that the user will not be connected directly to our servers but to those of Akamai and Akamai will then request the content from our servers and will deliver it to the user. Proxy caching in this context means that Akamai will cache selected content (but not personal data) for a period of 24 hours, so that this can be delivered faster to you. The web application firewall means that Akamai will try to identify malicious web traffic and will prevent it from accessing our websites. Akamai does not store any personal data, but any dataflows between our servers and the user will be routed through Akamai, so that this can also include personal data. Data transferred to Akamai Technologies, Inc is transferred outside the EU and the EEA. This is permissible under Art. 45 GDPR because Akamai Technologies, Inc is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000Gn4RAAS&status=Active.
With respect to Akamai, the additional legitimate interest in the context of the legal basis is that we thereby are also implementing technical and organizational measures to protect our Platforms and the personal data stored on them.
We use a support tool provided by Intercom, Inc. (INTERCOM, INC., 55 2nd St, 4th Fl., San Francisco, CA 94105 USA). It is a communication platform for direct interaction via chat between website visitors and us.
The transmission of your IP address to Intercom takes place into the USA and thus into a state outside the EU or the EEA. This transfer is permitted under Art. 45 GDPR, as Intercom is Privacy Shield certified and therefore, according to Commission Implementing Decision (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN) an adequate level of protection of personal data exists. The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active.
Legal basis is a legitimate interest under Art. 6 para. 1 f of the GDPR, namely to offer our users a fast support service.
Data processing if you register for a Workray account
Cookies and similar technology
Some of the cookies we use are deleted at the end of the browser session, i.e. when you close your browser (known as session cookies). Other cookies are kept on your end device and enable us or our partner companies to recognize your browser on the next visit (persistent cookies).
If not specifically stated below, you can view the exact retention period of a given cookie by displaying the cookie in your browser.
You can set your browser up such that you are notified when a cookie is set and can decide individually whether to accept them or whether you opt out of accepting cookies for specific cases or generally. If you opt out of accepting cookies, the functionality of our website may be limited. We deal with specific cookies or similar technology below.
Technically necessary cookies
We use technical cookies. These are cookies that are merely required to collect certain information on our Platforms to provide a service required or wanted by you as user. This extends to navigation or session cookies that enable smooth navigation and use of the website (and for instance permit access to the restricted area); analysis cookies that are set directly by us to collect aggregated information about the number of users and their behavior; functional cookies that provide you with navigation by certain selected criteria as part of a service optimization (e.g. selected language, purchase of selected products).
The legal basis for these cookies is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes.
Cookies and technologies that we use via third party providers
Security analysis techniques from Akamai
Akamai will use this information to prevent unauthorized access to the websites, to produce reports about website activity for us, to perform further services associated with the website use and Internet use, and to analyze your use of our websites. Akamai may also pass this data to third parties if Akamai is required to do so by law or if these third parties are processing this data on behalf of Akamai. Akamai will not use the data to identify natural persons. You can prevent the storage of cookies or beacons by making a corresponding setting in your browser software; however, note that if you do so you may not be able to use the full functionality of this website. You can view the precise storage duration of the cookies for yourself by accessing this information via your respective browser.
The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the protection of our websites.
You can opt-out from the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this link https://www.hotjar.com/opt-out.
We have a contract processing agreement with Hotjar. The use of Hotjar is based on a legitimate interest according to Art. 6 para. 1 p. 1 f DSGVO. Our legitimate interest is the user-friendly design of our websites.
The "Facebook Pixel" from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, is used within our website. This means that what are termed tracking pixels are integrated into our pages. When you visit our pages, the tracking pixel creates a direct link between your browser and the Facebook server.
This provides Facebook with the information from your browser for instance that our page was accessed by your device. If you are a Facebook user, Facebook can allocate the visit to our pages to your user account. Please note that as the provider of the pages we are not informed about the content of the data transferred or its use by Facebook. We can merely choose which segments of Facebook users (age, interests) our advertising is to be shown to.
By accessing the pixel on your browser, Facebook can also identify whether displaying an advertisement on Facebook was successful, e.g. if it resulted in an online sale being completed. This enables us to record the effectiveness of Facebook advertisements for statistical and market-research purposes.
Please click here if you wish to opt out of data recording via Facebook Pixel: https://www.facebook.com/settings?tab=advertisements#_=_. Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance page via the following link: http://www.aboutads.info/choices/.
Transfer of data to the USA is permissible under Art. 45 GDPR because Facebook is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the targeted marketing of our services.
The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the targeted marketing of our services.
Google Conversion Tracking
On the grounds of our legitimate interests (i.e. interest in the analysis, optimization, and economical operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use the marketing and remarketing services (for short: "Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
Google is certified under the Privacy Shield Agreement and thus warrants that it complies with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The Google Marketing Services enable us to display advertisements for and on our website in a more targeted manner to so that users are only shown advertisements that they may be interested in. If a user sees e.g. advertisements for products that he or she was interested in on other websites, this is referred to as "remarketing". For this purpose, when our websites and other websites are accessed on which Google Marketing Services are active, Google directly executes a Google code and what are termed (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. These are used to store an individual cookie, i.e. a small file on the user’s device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites the user searches for, the content he or she is interested in and which offers he or she has clicked. It also stores technical information on the browser and operating system, referring websites, time of visit, and other information on the use of the online offering. Similarly, the user’s IP address is recorded, whereby in the context of Google Analytics we state that the IP address is shortened in within Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user’s data within other Google offerings. Google may also combine the above information with information from other sources. If the user subsequently visits other websites, tailored advertisements can be displayed depending on his or her interests.
The user’s data is processed in a pseudonymized form as part of the Google Marketing Services. This means that Google stores and processes e.g. not the user’s name or e-mail address, but instead processes the relevant data based on the cookie within pseudonymized user profiles. This means that, from Google’s perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, irrespective of who the holder of this cookie is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information about the user collected by Google Marketing Services is transferred to Google and stored on Google’s servers in the USA.
The Google Marketing Services deployed by us include the "Google AdWords" online advertising program. Google AdWords supplies every AdWords customer with a different "conversion cookie". This means that cookies cannot be traced via the websites of AdWords customers. The information obtained using the cookie enables conversion statistics for AdWords customers to be produced who have opted for conversion tracking. The AdWords customers are notified of the total number of users who clicked their advertisement and were forwarded to a page containing a conversion tracking tag. However, they are not given any information that could be used to personally identify users.
Additionally, we may deploy the "Google Tag Manager" to integrate and manage the Google analytics and marketing service within our website.
If you would like to opt out of interest-driven advertising from Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
Right of access
You may request confirmation from us as to whether we process personal data relating you.
If such processing is taking place, you can request the following information from us:
- the purposes for which the personal data is being processed;
- the categories of personal data that are being processed;
- the recipient or categories of recipient to whom the personal data concerning you has been or will be disclosed;
- the envisaged period for which the personal data concerning you will be stored or, if no concrete information about this is possible, criteria used to determine that period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right restrict the processing of the data by the controller or a right to object to this processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- any available information about the origin of the data if the personal data was not collected from the data subject;
- the existence automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and the intended effects of such processing for the data subject.
You have the right to request information about whether the personal data in question will be transferred to a third country or an international organization. In this context you can ask to be notified of the suitable safeguards in accordance with Art. 46 GDPR in the context of the transfer.
This right to information may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes.
Right to rectification
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data concerning you that is being processed is incorrect or incomplete. The data controller must perform the rectification without undue delay.
Your right to rectification may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes.
Right to restriction of processing
If the following conditions are met, you can demand that the processing of the personal data concerning you is restricted:
- if you contest the accuracy of the personal data relating for you for a that enables us to review the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and instead request a restriction of the use of the personal data;
- we no longer require the personal data for the purposes of the processing, but you need it to establish, exercise, or defend legal claims, or
- if you have objected to the processing in accordance with Art. 21 (1) GDPR and it has not yet been verified whether our legitimate reasons override yours.
If the processing of the personal data concerning you has been limited, this data – with the exception of being stored by you – may only be processed with your consent or for the purpose of establishing, exercising, or defending legal claims or to protect the rights of another natural or legal or on grounds of a compelling public interest of the EU or a Member State.
If a restriction of processing has been imposed in accordance with the above conditions, we will notify you before the restriction is lifted.
Your right to restrict processing may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying the statistical purposes.
Right to erasure
You may request that we erase the personal data concerning you without undue delay, and we are obliged to erase this data without undue delay where one of the following grounds applies:
- The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.
- You withdraw your consent upon which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and no other legal ground for the processing applies.
- You object to the processing in accordance with Art. 21 (1) GDPR and no overriding legitimate grounds for the processing apply, or you raise an objection to the processing under Art. 21 (2) GDPR.
- The personal data concerning you has been processed unlawfully.
- The erasure of the personal data concerning you is required in order to comply with a legal obligation under EU law or the law of the Member States to which we are subject.
- The personal data concerning you is collected in the context of information society services pursuant to Art. 8 (1).
Information to third parties
If we have published the personal data concerning you and we are obliged to delete it under Art. 17 (1) GDPR, we will take reasonable steps (including in terms of technical feasibility), taking account of the available technology and implementation costs, in order to notify the responsible data controller who is processing the data that you as a data subject have requested from them the erasure of all links to this personal data or copies or replications of this personal data.
There is no right to erasure if the processing is necessary
- for the exercise of the right to the freedom of expression and information;
- to satisfy a legal obligation that requires the data to be processed under the law of the EU or the Member States to which the data controller is subject, or to perform a task that is carried out in the public interest or in the exercise of official authority vested in the data controller;
- on grounds of the public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
- for archiving purposes in the public interest, academic or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, provided the right specified under section a) is likely to render impossible or seriously impair the achievements of the objectives of this processing or
- to establish, exercise, or defend legal claims.
Right to data portability
You have the right to the receive the personal data concerning you that you have provided to us in structured, commonly used, and machine-readable format. Further, you have the right to transmit this data to a different data controller without hindrance from us, provided
- the data processing is based on consent under Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
- the processing is being performed using automated means.
Further, in exercising this right you also have the right to have the personal data concerning you transferred directly from one data controller to another data controller, where technically feasible. This must not adversely affect other people’s rights and freedoms.
The right to data portability does not apply to the processing of personal data that is required for a task that is performed in the public interest or the exercise of official authority vested in us.
Right to object
You have the right to object, on grounds relating to your specific situation to object, at any time to the processing of the personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to any profiling based on those provisions.
In this case we will stop processing the personal data concerning you unless we can provide compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the data is being processed for the purpose of establishing, exercising, or defending legal claims.
If the personal data concerning you is being processed for the purpose of conducting direct marketing, you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to any profiling connected to such direct marketing.
If you object to the data processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services and Directive 2002/58/EC notwithstanding, you may exercise your right to object using automated means using technical specifications.
Where personal data is processed for statistical purposes pursuant to Art. 89 (1) GDPR, you, on grounds relating to your specific situation, have the right to object to personal data concerning your being processed.
Your right to object may be limited if it is likely to render impossible or seriously impair the achievements of the statistical purposes and the limitation is necessary for satisfying statistical purposes.
Right to withdraw the declaration of consent under data-processing law
You have the right to withdraw your declaration of consent under data-processing law at any time. Withdrawing the consent has no bearing on the lawfulness of any processing performed up to the point of the revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision that is based solely on automated processing – including profiling – that produces legal effects on you or is similarly significantly affects you. This does not apply if the decision
- is necessary for the entering into or performing a contract between you and the data controller,
- is authorized under legal provisions of the EU or the Member States to which the data controller is subject and these legal provisions contain adequate measures for safeguarding your rights and freedoms as well as your legitimate interests or
- is made with your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and adequate safeguards to protect the rights and freedoms as well as your legitimate interests are in place.
As regards the cases stated in (1) and (3), we take adequate measures to your rights and freedoms as well as your legitimate interests, which include at least the right to have a person intervene on the data controller’s side, to present your own point of view, and to challenge a decision.
Right to lodge a complaint with a supervisory authority
Notwithstanding any other administrative or judicial legal remedy, you have the right to lodge a complaint with a supervisory authority in the Member State of your place of residence, your workplace, or the place of the alleged breach if you are of the opinion that the processing of the personal data concerning you breaches the GDPR.
The supervisory body to which the complaint was submitted will notify the complainant of the status and outcomes of the complaint including the option of a judicial remedy under Art. 78 GDPR.
[Version 2.0; Date 30th April 2018]