Data protection

Privacy policy
Introduction
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Offer").

The terms used are not gender-specific.

Status: 14 October 2022

Content overview
Introduction
Person responsible
Overview of processing operations
Representative in the European Union
Relevant legal basis
Security measures
Transfer of personal data
Data processing in third countries
Deletion of data
Use of cookies
Business services
Payment procedures
Provision of the online offer and web hosting
Contact and enquiry management
Web analysis, monitoring and optimisation
Online marketing
Amendment and updating of the privacy policy
Rights of data subjects
Definitions
Responsible
MPE.express DIGITAL SERVICES LLC
1621 Central Ave
Cheyenne, WY 82001

Email address:
muc.office@mpe.llc

Representative in the European Union
MPE.express DIGITAL SERVICES LLC
Representative Office Germany
Valley 44
80331 Munich
Germany

Overview of processing operations
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

TYPES OF DATA PROCESSED
Inventory data.
Payment data.
Contact data.
Content data.
Contract data.
Usage data.
Meta/communication data.
CATEGORIES OF DATA SUBJECTS
Customers.
Prospective customers.
Communication partners.
Users.
Business and contractual partners.
PURPOSES OF PROCESSING
Provision of contractual services and customer service.
Contact requests and communication.
Security measures.
Reach measurement.
Tracking.
Office and organisational procedures.
Conversion measurement.
Managing and responding to enquiries.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online services and user experience.
Information technology infrastructure.
RELEVANT LEGAL BASIS
Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.

Consent (Art. 6 para. 1 sentence 1 lit. a) DSGVO) - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures carried out at the data subject's request.
Legal obligation (Art. 6(1)(c) DSGVO) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO) - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
Security measures
We take appropriate technical and organisational measures in accordance with the law, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

TLS encryption (https): In order to protect your data transmitted via our online offer, we use TLS encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.

Transmission of personal data
In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organisational units or persons or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data transfer within the organisation: We may transfer personal data to other bodies within our organisation or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and operational interests or is made where it is necessary for the performance of our contract-related obligations or where we have obtained the consent of the data subjects or legal permission.

Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities or companies, this will only be done in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not necessary for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also contain further details on the retention and deletion of data which have priority for the respective processing operations.

Use of cookies
Cookies are small text files or other storage devices that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the contents of a shopping basket in an e-shop, the contents called up or the functions used in an online offer. Cookies can further be used for various purposes, e.g. for purposes of functionality, security and comfort of online offers as well as the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal requirements. We therefore obtain prior consent from users, except where this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary to provide a telemedia service (i.e. our online offer) expressly requested by the user. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Notes on legal bases under data protection law: The legal basis under data protection law on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and improvement of its usability) or, if this is done in the context of the performance of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. The purposes for which the cookies are processed by us are explained in the course of this privacy policy or as part of our consent and processing procedures.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.
General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Art. 21 DSGVO. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further notes on processing processes, procedures and services:

Processing of cookie data on the basis of consent: We use a cookie consent management procedure, in the context of which the consent of users to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and revoked by users. The declaration of consent is stored in order not to have to repeat the request and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.
Business services
We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer enquiries.

We process this data in order to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations as well as the company organisation. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.

We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of legal warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons. The statutory retention period for documents relevant under tax law as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions required to understand these documents and other organisational documents and accounting vouchers is ten years and for received commercial and business letters and reproductions of sent commercial and business letters six years. The period shall commence at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting document was created, furthermore the recording was made or the other documents were created.

If we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. e-mail, telephone numbers); contract data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data subjects: Customers; prospective customers; business and contractual partners.
Purposes of processing: provision of contractual services and customer service; security measures; contact requests and communication; office and organisational procedures; managing and responding to requests; conversion measurement (measuring the effectiveness of marketing measures); profiles with user-related information (creating user profiles).
Legal grounds: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Legal obligation (Art. 6 para. 1 p. 1 lit. c) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Further notes on processing processes, procedures and services:

Customer account: Contractual partners can create an account within our online offer (e.g. customer or user account, "customer account" for short). If registration of a customer account is required, contractual partners will be informed of this as well as of the information required for registration. The customer accounts are not public and cannot be indexed by search engines. Within the scope of registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove the registration and to prevent any misuse of the customer account. If customers have terminated their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons. It is the responsibility of customers to save their data when their customer account is terminated; legal basis: fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Economic analyses and market research: For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g. regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e. anonymised values. Furthermore, we take into account the privacy of the users and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarised data); legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Shop and e-commerce: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is identified as such in the context of the order or comparable purchase process and includes the information required for delivery, or provision and billing, as well as contact information in order to be able to consult with you if necessary; Legal basis: contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Agency services: We process our clients' data as part of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; legal basis: contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Project and development services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities as well as their payment and provision or execution or performance. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations. Insofar as we obtain access to information of end customers, employees or other persons, we process this in accordance with legal and contractual requirements; legal basis: contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Technical services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make them available or execute or provide them. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations. Insofar as we obtain access to information of the end customers, employees or other persons, we process this in accordance with the legal and contractual requirements; legal basis: fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Payment procedure
In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related details. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and assertion of revocation, information and other data subject rights.

Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
Data subjects: Customers; prospective customers; users (e.g. website visitors, users of online services).
Purposes of processing: provision of contractual services and customer service; feedback (e.g. collecting feedback via online form).
Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Further information on processing processes, procedures and services:

Amazon Payments: payment services (technical connection of online payment methods); service provider: Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxembourg; Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://pay.amazon.de/; Privacy policy: https://pay.amazon.de/help/201212490.
American Express: payment services (technical connection of online payment methods); service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.americanexpress.com/de; Privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.
Apple Pay: payment services (technical connection of online payment methods); service provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.apple.com/de/apple-pay/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
Flattr: Flattr - online payment and donation service; service provider: Flattr AB, Box 4111, 203 12 Malmö, Sweden; Legal basis: contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://flattr.com/; Privacy policy: https://flattr.com/privacy.
Giropay: Payment services (technical connection of online payment methods); Service provider: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.giropay.de; Privacy policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/.
Google Pay: payment services (technical connection of online payment methods); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://pay.google.com/intl/de_de/about/; Privacy policy: https://policies.google.com/privacy.
Klarna / Sofortüberweisung: Payment services (technical connection of online payment methods); Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.klarna.com/de; Privacy policy: https://www.klarna.com/de/datenschutz.
Mastercard: payment services (technical connection of online payment methods); service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.mastercard.de/de-de.html; Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
PayPal: payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.paypal.com/de; Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://stripe.com; Privacy policy: https://stripe.com/de/privacy.
Visa: payment services (technical connection of online payment methods); service provider: Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO); Website: https://www.visa.de; Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Provision of the online offer and web hosting
We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); content data (e.g. entries in online forms).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Further information on processing processes, procedures and services:

Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Provision of online offer on our own / dedicated server hardware: For the provision of our online offer, we use server hardware operated by us as well as the associated storage space, computing capacity and software; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilisation of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption procedure is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server; legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Content delivery network: We use a "content delivery network" (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or programme scripts, can be delivered more quickly and securely with the help of regionally distributed servers connected via the Internet; legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
netcup: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); Website: https://www.netcup.de/; Privacy policy: https://www.netcup.de/kontakt/datenschutzerklaerung.php; Order processing agreement: https://www.netcup-wiki.de/wiki/Zusatzvereinbarung_zur_Auftragsverarbeitung.
Contact and enquiry management
When contacting us (e.g. via contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data subjects: Communication partners.
Purposes of processing: contact requests and communication; managing and responding to requests; feedback (e.g. collecting feedback via online form); providing our online offer and user experience.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO); contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).
Further notes on processing processes, procedures and services:

Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the communicated request; legal basis: contract performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).
Web analysis, monitoring and optimisation
Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or contents are most frequently used or invite re-use. Likewise, we can understand which areas need optimisation.

In addition to web analysis, we may also use test procedures, e.g. to test and optimise different versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, may be created for these purposes and information may be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); profiling with user-related information (creation of user profiles); tracking (e.g. interest/behaviour-based profiling, use of cookies); provision of our online offer and user experience.
Security measures: IP masking (pseudonymisation of the IP address).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO).
Further information on processing processes, procedures and services:

Google Analytics: web analysis, reach measurement and measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Order processing agreement: https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing the level of data protection for processing in third countries): https://business.safety.google/adsprocessorterms; Opt-out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (Types of processing as well as data processed).
Online marketing
We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, "content") based on users' potential interests and measuring its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the scope of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure and analysed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedure we use and the network links the users' profiles with the aforementioned data. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.

In principle, we only receive access to summarised information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavioural profiling, use of cookies); marketing; profiling with user-related information (creation of user profiles).
Security measures: IP masking (pseudonymisation of the IP address).
Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the objection options (so-called "opt-out") given to the providers. If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective regions: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.
Changing and updating the privacy policy
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Where we provide addresses and contact details of companies and organisations in this privacy statement, please note that the addresses may change over time and please check the details before contacting us.

Rights of data subjects
As a data subject, you have various rights under the GDPR, in particular as set out in Articles 15 to 21 of the GDPR:

Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to withdraw consent: You have the right to revoke any consent given at any time.
Right to information: You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data concerning you be erased without delay or, alternatively, to request restriction of the processing of the data in accordance with the law.
Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to demand that it be transferred to another person responsible.
Complaint to a supervisory authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.
Definitions
This section provides you with an overview of the terms used in this Privacy Notice. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them. The terms are sorted alphabetically.

Conversion measurement: Conversion measurement (also referred to as "visit action evaluation") is a procedure with which the effectiveness of marketing measures can be determined. This is usually done by storing a cookie on users' devices within the websites where the marketing activity takes place and then retrieving it again on the target website. For example, this allows us to track whether the ads we have placed on other websites have been successful.
Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any type of automated processing of personal data that consists of using such personal data to analyse, evaluate or to predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include visitors' behaviour or interests in certain information, such as website content. With the help of reach analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. For reach analysis purposes, pseudonymous cookies and web beacons are often used to recognise returning visitors and thus obtain more precise analyses of the use of an online offer.
Tracking: We speak of "tracking" when the behaviour of users can be traced across several online offers. As a rule, behavioural and interest information is stored in cookies or on servers of the providers of the tracking technologies with regard to the online offers used (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.
Controller: "Controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processing: "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, analysis, storage, transmission or deletion.
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

Overview
Protection of your personal data
A. General information on data processing
B. Provision of the website and log files
C. Use of cookies
D. Registration as a customer
E. Contact by e-mail
F. Disclosure of data to third parties
G. Rights of the data subject

Protection of your personal data
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

MPE.express DIGITAL SERVICES LLC
Limited Liability Company
1621 Central Ave
Cheyenne, WY 82001
United States of America

A. General information on data processing
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.



B. Provision of the website and log files
Every time our website is accessed, data and information are collected by an automated system.
The following data is collected:

IP address of the visit, time, date, type of browser, type of operating system, which pages were viewed, from which domain the access took place, smartphone or PC access as well as the session duration.
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

Purpose of data processing
The storage in log files is done to ensure the functionality of the website. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

C. Use of cookies
Our Internet pages use "cookies" in several places. Cookies are small text files that are stored on your computer and saved by your browser. This makes it possible to store specific information relating to you, the user, on your PC while you are visiting our website. Cookies help to determine the frequency of use and the number of users of a website, as well as to make the website as comfortable and efficient as possible for you.

The following information is stored by cookies:

- A session ID to be able to assign your current shopping basket to you.

- A customer ID to be able to identify you if you are logged into your customer account.

- The most recently viewed items (unless you have disabled this feature).

- A list with the IDs of the products currently in your shopping cart.

Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f DSGVO.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has consented to this.

Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users.

The use of analysis cookies is for the purpose of improving the quality of our website and its content. These purposes also constitute our legitimate interest in processing the personal data in accordance with Art. 6 (1) lit. f DSGVO.

Duration of storage
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time.

Possibility of objection and removal
It is also possible to use our website without cookies. You can deactivate the storage of cookies in your browser, restrict them to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that in this case you will have to expect a restricted display of the page and restricted user guidance. Purchasing is only possible with activated cookies.



D. Registration as a customer
If you wish to take advantage of our offers on our website as a customer, you must register by providing personal data. In the case of registration as a customer, the data entered by you in this connection in the respective input mask will be transmitted to us.

As part of the registration process, the user's consent to the processing of this data is obtained.

Legal basis for data processing
If the user has given his consent, the legal basis for the processing of the data is Art. 6 (1) lit. a DSGVO. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.

Purpose of data processing
Registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. After registration, the stored data will be displayed when the user logs in again and does not have to be entered again. The data entered during registration will also be used as your contact details when concluding a contract.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

Possibility of objection and removal
As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time. You can edit your data after logging in as a registered user and remove or change all data entered.

E. Contacting us by e-mail
You can contact us via the e-mail address given on our website or via the contact form provided.

If you contact us via the contact form, your surname, first name and e-mail address will always be transmitted to us. In addition, the IP address of the user and the date and time are stored.

For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.

If you contact us by e-mail, your e-mail address and your message will be transmitted to us and stored by us.

Legal basis for data processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If an e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of data processing
The processing of personal data from the input mask of the contact form serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

Duration of storage
The data will be deleted after your request has been dealt with and answered, unless the request has become part of a contractual relationship.

Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. The revocation can be made by sending an e-mail or by contacting us by telephone or post.

All personal data stored in the course of contacting us will be deleted in this case.



F. Passing on of data to third parties
In the course of executing the order placed, it is necessary for us to transmit your name and address consisting of street and place of residence to our parcel service provider. This transmission is necessary in order to be able to deliver your order. The transmission of data is limited to the necessary minimum. Only the data necessary for the delivery of your consignment will be transmitted. After delivery of the goods, the data will be deleted from the parcel service provider and the shipping company.

By placing the order, you consent to the transfer of the data described above to our parcel service providers for the delivery of the goods. With regard to your rights, the provisions set out in this and the following sections apply accordingly.



G. Rights of the data subject
If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us ("the data controller"):

1) Right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If there is such processing, you may request information from the controller about the following:

a. the purposes for which the personal data are processed;

b. the categories of personal data which are processed;

c. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

d. the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;

e. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

f. the existence of a right of appeal to a supervisory authority;

g. any available information on the origin of the data, if the personal data are not collected from the data subject;

h. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2) Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller must make the rectification without undue delay.

3) Right to erasure
3.1) You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

a. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

b. You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.

c. You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.

d. The personal data concerning you have been processed unlawfully.

e. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

f. The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

3.2) If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the controller shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

3.3) The right to erasure does not exist to the extent that the processing is necessary

a. to exercise the right to freedom of expression and information;

b. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c. for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) DSGVO;

d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) DSGVO, insofar as the right referred to in (1) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

e. to assert, exercise or defend legal claims.

4) Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:

a. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

b. the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

c. the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims; or

d. if you have objected to the processing pursuant to Article 21(1) DSGVO and it has not yet been determined whether the controller's legitimate grounds override your grounds.

Where the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

5) Right to information
If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

6) Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

a. the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and

b. the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7) Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

After an objection, the controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8) Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9) Automated decision in individual cases

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

a. is necessary for the conclusion or performance of a contract between you and the controller,

b. is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or

c. is made with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in a. and c., the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.

10) Right to complain to supervisory authorities

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.