insyt finance UG (limited liability) (hereinafter “insyt”, information on insyt can be found at www.insyt.finance/impressum) is pleased that you are visiting our website / app. Data protection and data security when using our website / app are very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website / app and for what purposes it is used.
Since changes in the law or changes to our internal company processes may make it necessary to adapt this data protection declaration, we ask you to read this data protection declaration regularly. The data protection declaration can be called up, saved and printed out at any time under data protection declaration.
§ 1 Responsible person and scope
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
insyt finance UG (limited liability)
This data protection declaration applies to the entire internet offer of insyt finance UG (limited liability), which can be accessed under the domain www.insyt.finance and the various subdomains (hereinafter referred to as “our website”) and the apps for iOS and Android, as well as our social media is.
§ 2 What are personal data?
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (data subject). This includes, for example, information such as your name, your address, your telephone number, your date of birth or your e-mail address. Information in which we cannot (or only with a disproportionate effort) relate to you personally, e.g. by anonymizing the information, is not personal data.
§ 3 General information on data processing
In principle, we only collect and use personal data of our users insofar as this is necessary for the provision of a functional website / app as well as our content and services. In particular, we use your personal data to provide the desired services (including insyt, newsletter), to answer your questions, and to operate and improve our websites, apps and applications.
A transfer of your personal data to third parties or a use of your data for advertising purposes without your consent does not take place, with the exception of the cases shown below, unless we are legally obliged to disclose data.
b) Legal basis
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Paragraph 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 (1) lit.f GDPR serves as the legal basis for processing.
c) Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by law. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.
d) Transfer of data to processors
In some cases, we use service providers in compliance with the legal requirements by way of order processing, i.e. on the basis of a contract on our behalf, according to our instructions and under our control.
Processors are in particular:
- technical service providers that we use to provide the website, e.g. service providers for software maintenance, data center operation and hosting;
- technical service providers that we use to provide functionalities, e.g. technically necessary cookies;
- Service providers for the practical implementation of advertising and marketing, e.g. call centers for telephone contacts, printers and lettershops for postal dispatch, service providers for email dispatch.
In these cases we remain responsible for data processing; The transfer and processing of personal data to or by our contract processors is based on the legal basis that allows us to process the data. A separate legal basis is not required.
§4 Individual processing operations
You can use a large part of our website without providing personal data. Access data without personal reference, such as the name of your Internet service provider, the page from which you are visiting us, the names of the requested files and the date they were accessed, are saved. These data are evaluated exclusively to improve our offer and do not allow any conclusions to be drawn about your person.
However, if you want to use the services we offer on our website, such as ordering a newsletter, etc., you will need to provide additional data. Details can be found below in the description of the specific data processing operations. In particular, personal data is used as follows:
a) Provision of the website and creation of log files
Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and the version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
Websites that are accessed by the user’s system via our website:
- Screen resolution and window size
- For logged in users the user id
The log files contain IP addresses or other data that enable assignment to a user. This could be the case, for example, if the link to the website from which the user came to the website or the link to the website to which the user switched contains personal data.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the log files is Article 6, Paragraph 1, Letter f GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be saved for the duration of the session.
The storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit.f GDPR lies in these purposes.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. If the data is stored in log files, the IP address is immediately anonymized so that it can no longer be assigned to the calling client.
b) Registration to insyt
In our application we offer users the option of registering by providing personal data. The data is entered in an input mask and transmitted to us and stored. A transfer of data to third parties does not take place.
When you register on our website, your email address will first be saved by us so that we can send you new access data if you should ever forget it. We also save your username and password to enable you to log in to your account, as well as the following mandatory information:
- E-mail address
At the time of registration, the following data is also stored:
- The user’s IP address
- Date and time of registration
You can also provide us with the following data on a voluntary basis so that we can personalize the offer for you as part of insyt:
- Date of birth
The legal basis for the processing of this data is the declaration of consent you voluntarily provided when registering (Art. 6 Para. 1 lit. a GDPR).
You can revoke this consent at any time at insyt finance UG (limited liability) (at best in writing to insyt finance UG (limited liability), Kaiserstraße 42, D-40479 Düsseldorf or by email to email@example.com).
As soon as the registration in our application is canceled or changed, the data processed during the registration process will be deleted. Further storage can take place in individual cases if this is required by law.
A registration of the user is necessary for the availability of certain content and services on our website and in the application. These include the use of the application and various newsletters. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
As a user, you can cancel your registration at any time. You can have the data stored about you changed at any time. To do this, proceed as follows: Please send us the data with which you are registered with us (name, user name and the e-mail address currently specified for insyt) to firstname.lastname@example.org, so that we are able to To be able to clearly determine your access authorization.
We will then immediately delete your data completely from our database at your request and confirm this to you in an email. Please understand this procedure, as protection against unauthorized access should also be in your interest.
If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion.
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us. In order to be able to register for our e-mail newsletter service, we need, in addition to your consent, your e-mail address to which the newsletter is to be sent and your first and last name so that we can address you personally, as well as the content of the newsletter personalize it. It is up to you to decide whether you give us this data. Without this information, however, we cannot send our newsletter to you.
In addition, the following data is collected when you register:
- IP address of the calling computer
- Date and time of registration (double opt-in date)
The legal basis for processing the data after the user has registered for the newsletter is Article 6 (1) (a) GDPR, provided the user has given their consent.
We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you the newsletter if you have previously confirmed your registration via a link contained in a confirmation email sent to you for this purpose. We want to ensure that only you, as the owner of the specified email address, can register for the newsletter. Your confirmation in this regard must be made promptly after receiving the confirmation e-mail, as otherwise your newsletter registration will be automatically deleted from our database.
The collection of the user’s email address is used to deliver the newsletter.
When you register for the newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe from the newsletter.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user’s email address is therefore stored as long as the subscription to the newsletter is active.
To unsubscribe, you can either send us an informal email to email@example.com or use the link at the end of the newsletter to cancel.
You can revoke your consent to the collection of other personal data collected during the registration process at any time.
In connection with the data processing for the dispatch of newsletters, the data is not passed on to third parties. The data will only be used to send the newsletter.
We use so-called “cookies” (small text files with configuration information). Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored by your browser on your computer for later retrieval. Cookies contain a characteristic string of characters that enables the browser to be clearly identified when the website is accessed again. We only use so-called session cookies (also known as temporary cookies), i.e. those that are only temporarily stored for the duration of your use of one of our Internet pages.
However, the usage data collected do not allow any conclusions to be drawn about the user. All of this anonymously collected usage data will not be merged with your personal data and will be deleted immediately after the end of the statistical analysis. At the end of the session, as soon as you end your browser session, the cookies are deleted.
If you, as a registered insyt user, have confirmed that you want to stay logged in, we use long-term cookies to enable you to log in again automatically. No personal data is saved for this. The cookies are retained for 90 days.
The following data is stored and transmitted in the cookies:
- Session ID
- Push active
We also use affiliate cookies when a user accesses the service of external advertising providers via an external advertising space. These cookies are used for billing with the cooperation partner and do not contain any personal data of the participant. They are automatically deleted after 4 weeks. The respective providers can be found under § 8 of this data protection declaration.
- Frequency of page views
- Use of website functions
The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.
The cookies used are used in particular to determine the frequency of use and the number of users of our websites and to continue to identify your computer when you switch from one of our websites to another of our websites while visiting our website and to be able to determine the end of your visit. This tells us which area of our website and which other websites our users have visited.
We need cookies for the following applications:
- Status of the login
The user data collected by technically necessary cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and so we can continuously optimize our offer.
Our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit.f GDPR lies in these purposes.
Most browsers are preset so that they automatically accept cookies. However, you can deactivate the saving of cookies or set your browser so that it notifies you before cookies are saved. Users who do not accept cookies may not be able to access certain areas of our website.
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used in full.
The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the settings of the Flash Player.
§ 6 Retargeting and third party providers
We use affiliate cookies when a user accesses the services of external advertising providers via an external advertising space. These cookies are used for billing with the cooperation partner and do not contain any personal data of the participant. They are automatically deleted after 4 weeks. You will be informed regularly about the use and can agree to it.
- Google Analytics
Our websites use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on our website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
If you do not want this, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the link below Download and install browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.
- Google Optimize and Hotjar
We use the analysis service Google Optimize to experimentally play out several of our pages in several variants and to optimize them using comparison statistics. With the help of cookies, anonymous test groups are distinguished. The data are processed as described for Google Analytics; if you deactivate Google Analytics, your data will not be included in the comparison tests. In addition, we randomly analyze movement, click or swipe behavior on our websites in order to improve the structure of our offers and pages. For this purpose, the Hotjar service records random and pseudonymized data for a small part of the sessions, without us recognizing you. The data is anonymized, stored and deleted after 365 days in Ireland, earlier on request.
If you do not want this, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Hotjar and the processing of this data by Hotjar by clicking on the link below Use opt-out: https://www.hotjar.com/legal/compliance/opt-out
- Google AdSense
Our website uses Google AdSense, an online advertising service from Google Inc. (“Google”). In addition to cookies, Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on the pages of this offer. The information generated by cookies and web beacons about the use of this website (including the IP address of the user) and the delivery of advertising formats are transmitted to a Google server in the USA and stored there. This information can be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored about you.
You can prevent the installation of Google AdSense cookies in various ways:
a) by setting the browser software accordingly;
b) by deactivating interest-based advertisements on Google;
c) by deactivating the interest-based advertisements of the providers that are part of the self-regulation campaign “About Ads”;
d) through permanent deactivation by a browser plug-in.
The settings under b) and c) will be deleted if cookies are deleted in the browser settings.
- Google Web Fonts
This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR. If your browser does not support web fonts, a standard font will be used by your computer. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://www.google.com/policies/privacy/.
- Google retargeting
This website uses so-called “retargeting tags”. Third-party providers, including Google, use stored cookies to place advertisements on the basis of a user’s previous visits to this website. Studies have shown that the display of interest-based advertising is more interesting for Internet users than advertising that is not directly related to interests or previously visited websites. No personal data is stored and the retargeting technology is used in compliance with the applicable statutory data protection regulations.
- Youtube videos
We use embedded YouTube videos in the extended data protection mode. YouTube is a service provided by Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA. YouTube provides this extended data protection mode and thus ensures that YouTube does not store any cookies with personal data on your computer. When the website is accessed and the videos are embedded, the IP address is transmitted. This cannot be assigned unless you have logged in to YouTube or another Google service or are permanently logged in before viewing the page. As soon as you start playing an embedded video by clicking on it, YouTube only saves cookies on your computer that do not contain any personally identifiable data. These cookies can be prevented by appropriate browser settings and extensions (source: YouTube “Activating the extended data protection mode for embedded videos”). Further information on the integration of the YouTube videos can be found on the information page of YouTube: https://support.google.com/youtube/answer/171780?hl=de
- Other third party providers
§ 7 Security measures to protect the data stored by us
We are committed to protecting your privacy and treating your personal data confidentially. In order to avoid loss or misuse of the data stored by us, we take extensive technical and organizational safety precautions, which are regularly checked and adapted to technological progress. However, we would like to point out that due to the structure of the Internet it is possible that the rules of data protection and the above. Security measures by other persons or institutions for which we are not responsible are not observed. In particular, data disclosed in unencrypted form – e.g. B. if this is done by email – read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.
§ 8 Hyperlinks to external websites
Our website contains so-called hyperlinks to websites of other providers. If these hyperlinks are activated, you will be redirected from our website directly to the website of the other provider. You recognize this among other things. on changing the URL. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please visit these websites for information about how these companies handle your personal data.
§ 9 Consent and Revocation / Objection
You may have expressly given the following consents. We would like to point out that you can generally revoke your consent at any time with effect for the future and object to the processing and use of your data for advertising purposes at any time: Please contact us at firstname.lastname@example.org or by post to insyt finance UG (limited liability), Kaiserstraße 42, 40479 Düsseldorf.
a) Registration and permission for email advertising
By entering my data and clicking the “Submit” button, I declare my consent to receiving the newsletter on a regular basis. I can unsubscribe from the newsletter service at any time by clicking the “Unsubscribe” link at the end of the newsletter.
I can revoke my consent to the collection of other personal data collected during the registration process at any time.
§ 10 Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the person responsible:
1. Right to information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
If this is the case, you can request the following information from the person responsible:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data if the personal data are not collected from the data subject;
(8) You have the right to request information as to whether the personal data relating to you are being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.
This right to information can be restricted to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impair it and the restriction is necessary for the fulfillment of the research or statistical purposes.
2. Right to rectification
You have a right to correction and / or completion vis-à-vis the person responsible, if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
Your right to correction can be limited to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impaired and the restriction is necessary for the fulfillment of the research or statistical purposes.
3. Right to restriction of processing
Under the following conditions, you can request that the processing of your personal data be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period that enables the person responsible to check the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data – apart from its storage – may only be used with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
Your right to restriction of processing can be restricted to the extent that it is likely to make the implementation of the research or statistical purposes impossible or seriously impaired and the restriction is necessary for the fulfillment of the research or statistical purposes.
4. Right to cancellation
a) Obligation to delete
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
(3) You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
(6) The personal data relating to you were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Paragraph 1 GDPR, he shall take appropriate measures, including technical measures, to take into account the available technology and the implementation costs, to make the person responsible for the data processing who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) To fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that is transferred to the person responsible has been;
(3) for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
(5) for the establishment, exercise or defense of legal claims.
5. Right to be informed
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
(1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, as far as this is technically feasible. This must not impair the freedoms and rights of other people.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.
7. Right to Object
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data relating to you, unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in connection with the use of information society services, to exercise your right of objection by means of automated procedures in which technical specifications are used.
8. Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
9. Automated decision in individual cases including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – which has legal effects on you or which significantly affects you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is permissible on the basis of legal provisions of the Union or of the member states to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(3) takes place with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 Paragraph 1 GDPR, unless Art. 9 Paragraph 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to express their own point of view and heard on contesting the decision.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR.
The supervisory authority to which the complaint was submitted informs the complainant of the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.