A. Data protection declaration according to the GDPR

Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

Friedrich Schauer GmbH

Obere Dorfstrasse 12

83101 Rohrdorf

Phone: 0 80 32/18 96 90

Fax 0 80 32/18 96 91

info@schauerbau.de

www.schauerbau.de

Hosting and Content Delivery Networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions with regard to this data.

We host the content of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter IONOS). When you visit our website, IONOS records various log files including your IP addresses. Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Conclusion of a contract / data processing on behalf of

This homepage was created and maintained with the "1&1 IONOS MyWebsite Essential" homepage editor from 1&1 IONOS SE. 1&1 IONOS SE is the technical service provider of this website by way of contract data processing. No personal usage data is stored or processed beyond the scope described in this declaration.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

1&1 IONOS SE is a company of United Internet AG and, along with other subsidiaries and sister companies, belongs to the United Internet AG group, Montabaur.

External services

1&1 Website Editor

To display web content, IONOS uses the Amazon CloudFront service, which operates the domains cdn.website-editor.net, le-cdn.website-editor.net and static-cdn.website-editor.net. The data center storage location is set to Frankfurt am Main.
Furthermore, IONOS has concluded a data processing agreement, including new standard contractual clauses (in the event of a transfer to a third country), with Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, L-1855 Luxembourg).

General information on data processing

1. Scope of processing of personal data

We generally only collect and use our users' personal data to the extent that this is necessary to provide a functional website and our content and services. The collection and use of our users' personal data generally only occurs with the user's consent. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

If we obtain consent from the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

4. Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARAGRAPH 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING IN SO FAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).

5. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties. your

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.

The following data is collected:

(1) Information about the browser type and version used

(2) The user’s operating system

(3) The user’s Internet service provider

(4) The user’s IP address

(5) Date and time of access

(6) Websites from which the user’s system accesses our website

(7) Websites accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users' IP addresses are deleted or altered so that it is no longer possible to assign the calling client.

5. Possibility of objection and removal

The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no option to object.

Use of cookies

Cookies

Our websites use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. Cookies from third-party companies can also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are required to carry out electronic communication (necessary cookies) or to provide certain functions you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure web audience) are stored on the basis of Art. 6 Paragraph 1 Letter f of GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question will be stored exclusively on the basis of this consent (Art. 6 Paragraph 1 Letter a of GDPR); consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection declaration and, if necessary, ask for your consent.

Consent with Usercentrics
This website uses the consent technology from Usercentrics to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics"). When you enter our website, the following personal data is transferred to Usercentrics: • Your consent(s) or the revocation of your consent(s)

• Your IP address

• Information about your browser

• Information about your device

• Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent granted or its revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.

contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass this data on without your consent. This data is processed on the basis of Art. 6 Paragraph 1 Letter b GDPR, provided that your enquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 Paragraph 1 Letter f GDPR) or on your consent (Art. 6 Paragraph 1 Letter a GDPR), provided that this was requested. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your request, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass this data on without your consent. This data is processed on the basis of Art. 6 Paragraph 1 Letter b GDPR, provided that your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Paragraph 1 Letter f GDPR) or on your consent (Art. 6 Paragraph 1 Letter a GDPR), if this was requested. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Plugins, tools, analysis tools and advertising

OpenStreetMap

We use the map service from OpenStreetMap (OSM). The provider is the Open Street Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. When you visit a website that includes OpenStreetMap, your IP address and other information about your behavior on the website will be forwarded to the OSMF. OpenStreetMap may store cookies in your browser for this purpose. These are text files stored on your computer that enable analysis of your website usage. You can prevent cookies from being stored by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Your location may also be recorded if you have allowed this in your device settings – e.g. on your mobile phone. The provider of this site has no influence on this data transfer. For details, please see the OpenStreetMap privacy policy at the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy. OpenStreetMap is used in the interest of an attractive presentation of our online offers and easy findability of the locations we specify on the website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

Ggoogle Fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.

For more information about Google Fonts, seehttps://developers.google.com/fonts/faqand in Google’s privacy policy:https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is intended to check whether the data entered on this website (e.g. in a contact form) is carried out by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The data is stored and analyzed on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time. For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

1&1 Analytics

This website uses the analysis services of 1&1 Webanalytics. The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D - 56410 Montabaur. As part of the analyses with 1&1, visitor numbers and behavior (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (ie which page the visitor comes from), visitor locations and technical data (browser and operating system versions) can be analyzed.

For this purpose, 1&1 stores the following data in particular:

- Referrer (previously visited website)

- requested website or

- File browser type and browser version

- operating system used

- device type used

- Time of access

- IP address in anonymized form (used only to determine the location of access)

According to 1&1, data collection is completely anonymous so that it cannot be traced back to individual people. Cookies are not stored by 1&1 Webanalytics. The data is stored and analyzed on the basis of Art. 6 Paragraph 1 Letter f of GDPR. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 Paragraph 1 Letter a of GDPR; the consent can be revoked at any time. For further information on data collection and processing by 1&1 Webanalytics, please see the following links: https://hosting.1und1.de/hilfe/online-marketing/ https://hosting.1und1.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-companyname- produktes/webanalytics/ https://hosting.1und1.de/terms-gtc/terms-privacy/

Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").

DoubleClick is used to show you interest-based ads across the entire Google advertising network. With the help of DoubleClick, the ads can be tailored to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners that are connected to DoubleClick.

In order to be able to show users advertising that is tailored to their interests, DoubleClick must be able to recognize the respective viewer and assign them the websites they have visited, clicks and other information about user behavior. To do this, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to show the user in question advertising that is tailored to their interests.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. The consent can be revoked at any time.

For more information on how to object to the advertisements displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated .

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing takes place, you can request the following information from the controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria for determining that period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information as to their origin, where the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to request rectification and/or completion from the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.

3. Right to restriction of processing

You can request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them to assert, exercise or defend legal claims, or

(4) if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to delete

You may request that the controller delete the personal data concerning you immediately and the controller is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 Para. 1 GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by them of all links to these personal data or of copies or replications of these personal data.

c) Exceptions

The right to erasure does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously compromise the achievement of the objectives of that processing, or

(5) to assert, exercise or defend legal claims.

5. Right to information

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you were disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure.

You have the right to be informed by the controller about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have made available to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was made available, provided that

(1) the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, regardless of Directive 2002/58/EC.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your consent to data protection at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by Union or Member State law to which the controller is subject and which contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or

(3) with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Source: eRecht24.de