- 48h delivery
- +49 231 2222 3001
- Dealer search
Data privacy notice
We, NORDWEST Handel AG, are glad that you are interested in our company, our products, and our services. Protecting your privacy when you use our Website nordwest.com (“Website”) is very important to us. Because of this, in the following document we will inform you about the type, scope and purposes for which your personal data is collected and used. Please also see our Transparency declaration.
If you do not yet have Adobe Acrobat Reader installed, it is available to you here for installation free of charge.
I. Controller name and address
The controller in accordance with the General Data Protection Regulation and other national data privacy laws of the member states and other data protection law regulations is:
NORDWEST Handel AG
Robert-Schuman-Straße 17
44263 Dortmund
Germany
Tel.: +49 231 2222 3001
Email: info@nordwest.com
Website: nordwest.com
II. I. Data protection officer name and address
The data protection officer for the controller is:
datarea GmbH
Mike Rasch
Meißner Straße 103
01445 Radebeul Germany
Tel.: 0351 2722 0880
Email: info@datarea.de
Website: datarea.de
III. General information on data processing
1. Scope of processing of personal data
In general, we process the personal data of our users only insofar as this is necessary to provide a functional website, as well as our content and services. Normally, the personal data of our users is processed only with their consent. An exception applies in cases where it is not actually possible to obtain their consent in advance, and where the data processing is permitted under the law.
2. Legal basis for processing personal data
If we obtain consent from the data subject for processing procedures involving personal data, then Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR) serves as the legal basis for processing.
When processing personal data necessary to fulfil an agreement to which the data subject is a contractual party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing procedures necessary to carry out steps prior to entering into a contract.
If processing of personal data is necessary to meet a legal obligation to which our company is subject, Art. 6 para. 1 lit. c. GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make the processing of personal data necessary, then Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary for the purpose of the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, then Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
3. Deletion of data and duration of storage
The personal data of data subjects will be deleted or blocked as soon as the purpose for which it was stored no longer applies. It may be stored for a longer period of time if this was provided under European or national laws in EU directives, regulations, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage term specified under the aforementioned standards expires, unless the data must be stored for a longer period to conclude or fulfil a contract.
IV. Provision of the Website and creation of log files
1. Description and scope of data processing
Each time our Website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
(1) Information regarding the browser type and version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user's IP address
(5) The date and time of access
(6) Websites from which the user’s system accesses our page
(7) Websites accessed by the user’s system through our Website
(8) Name and URL of the file accessed
(9) Message regarding whether access was successful
The data is also stored in our system log files. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The system must temporarily store the IP address in order to make it possible to deliver the Website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.
This is stored in log files in order to ensure the Website functions properly. In addition, we use the data to optimise the website and ensure the security of our IT systems. Data is not analysed for marketing purposes in this context.
We have a legitimate interest in data processing for these purposes in accordance with Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
Data is deleted once it is no longer needed to fulfil the purposes for which it was collected. If data is collected in order to provide the Website, this is the case once the respective session has ended.
If data is stored in log files, this is the case at the latest after seven days. Data may be stored for longer. In this case, users’ IP addresses are deleted or anonymised so that it is no longer possible to allocate them to the accessing client.
5. Objection and removal of data
Data collection for the purpose of providing the Website and storing the data in log files are mandatory in order to operate the Website. Therefore, the user has no option to object.
V. Use of cookies
1. Description and scope of data processing
Our Website uses cookies. Cookies are text files that are stored in the user’s web browser, or on the user’s computer system by the web browser. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence of characters used to uniquely identify the browser the next time the Website is accessed.
We also use cookies on our Website to analyse user browsing behaviour.
The following data may be transmitted in this manner:
(1) The search terms entered
(2) The frequency of page views
(3) Which Website functions are used
(4) General data on browsing behaviour
(5) Anonymised IP address
When a user accesses our Website, they are informed that we use cookies for analytic purposes, and their consent is obtained to process the personal data used in this context. They are also referred to this data privacy notice in this context.
2. Legal basis for data processing
The legal basis for processing personal data using cookies for analytic purposes is Art. 6 para. 1 lit. a GDPR, if we have the user's consent to do so.
3. Purpose of data processing
Analytic cookies are used for the purpose of improving the quality of our Website and the contents of the Website. Through analytic cookies, we learn how the Website is used, allowing us to continuously optimise our services.
We use analytic cookies to analyse user browsing behaviour and display ads. In addition, user behaviour is evaluated / reported / analysed. The purpose of these measures is to optimise user behaviour.
We have a legitimate interest in processing personal data for these purposes in accordance with Art. 6 para. 1 lit. f GDPR.
4. Duration of storage, objection and removal of data
Cookies are stored on the user’s computer and transmitted by the user’s computer to our Website. Therefore, as the user, you have full control over how cookies are used. You can change the settings in your web browser to deactivate or restrict the transmission of cookies. Previously stored cookies can be deleted at any time, including automatically. If cookies for our Website are deactivated, it may not be possible to use all of the functions of the Website in full.
VI. Contact form and email contact
1. Description and scope of data processing
There is a contact form on our Website which can be used to contact us electronically. When a user does so, the data entered in the input screen is transmitted to us and stored. This data includes:
Name, company, email address, message
In addition, the following data is stored at the time the message is sent:
(1) remote IP address
(2) user agent
(3) URL
(4) date and time of registration
Your consent will be obtained to process the data during the sending process, and you will be referred to this data privacy notice.
Alternatively, users can contact us using the provided email address. In this case, the user's personal data transmitted with the email will be stored.
Data is not transmitted to third parties in this context. Data is used exclusively to process the conversation.
2. Legal basis for data processing
The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, if the user has given their consent.
The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the purpose of the email contact is to conclude a contract, then Art. 6 para. 1 lit. b GDPR serves as an additional legal basis for the processing.
3. Purpose of data processing
We process personal data from the input screen only for the purpose of processing the contact. If you contact us by email, then this also provides us with the legitimate interest necessary to process the data.
Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
Data is deleted once it is no longer needed to fulfil the purposes for which it was collected. This is the case for personal data from the contact form input screen and data transmitted via email when the respective conversation with the user has ended. The conversation is considered ended when circumstances indicate that the matter in question has been fully clarified.
Additional personal data collected during the sending process will be deleted at the latest after seven days.
5. Objection and removal of data
Users can revoke their consent to processing of their personal data at any time. If a user contacts us via email, they can object to the storage of their personal data at any time. In such cases, it will not be possible to continue the conversation.
Users can raise an objection by sending a message to the email address provided in the legal notice.
In this case, all personal data stored in the course of the contact will be deleted.
VII. Registering in the data portal
1. Description and scope of data processing
We offer users the option to register on our website by providing personal data. Data is entered in an input screen, then transmitted to us and stored. The data is not disclosed to third parties. The following data is collected during the registration process:
User name, password
Access is assigned centrally. Only customers with whom we have business relationships will receive access.
In addition, the following data is stored at the time of registration:
(1) The user's IP address
(2) date and time of registration
The user's consent to process this data is obtained as part of the registration process.
2. Legal basis for data processing
The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, if the user has given their consent.
If the purpose of the registration is to carry out a contract to which the user is a party or to carry out steps prior to entering into a contract, then Art. 6 para. 1 lit. b GDPR serves as an additional legal basis for processing.
3. Purpose of data processing
The user must register in order to fulfil a contract with the user or carry out steps prior to entering into a contract.
Registration is also required to exchange data with the customer. Data can easily be exchanged with customers via the portal. Data must be exchanged and provided in order to fulfil the contract.
4. Duration of storage
Data is deleted once it is no longer needed to fulfil the purposes for which it was collected.
This is the case for data collected during the registration process to fulfil a contract or carry out steps prior to entering into a contract once the data is no longer necessary to carry out the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to meet contractual or statutory obligations.
5. Objection and removal of data
As a user, you can revoke your registration at any time. You can have your stored data rectified at any time.
If data is necessary to fulfil a contract or carry out steps prior to entering into a contract, then it will only be possible to delete the data prematurely if there are no contractual or statutory obligations that would prevent the deletion.
VIII. Investor relations
1. Contact form
The following data is collected in the contact form under Investor relations:
Salutation, title, last name, first name, company, address, phone number, email, country.
The same provisions as under VI. Apply for the legal basis, the purpose of processing and the duration of storage.
2. Investor relations newsletter
a) Description and scope of data processing
Our Website offers the option of subscribing to a free newsletter. Data from the input screen is transmitted to us when you register for the newsletter. The following data is collected:
Salutation, first name, last name, email, stakeholder group.
The following data is also collected during registration:
(1) IP address of the accessing computer
(2) date and time of registration
Your consent will be obtained to process the data during the sending process, and you will be referred to this data privacy notice.
Data will not be transmitted to third parties in conjunction with data processing for the purpose of sending newsletters. Data will only be used in order to send the newsletter.
3. Legal basis for data processing
The legal basis for processing the data after the user registers for the newsletter is Art. 6 para. 1 lit. a GDPR, if the user has given their consent.
4. Purpose of data processing
The user’s email address is collected in order to deliver the newsletter.
Other personal data is collected during the registration process in order to prevent misuse of the services or the email address used.
5. Duration of storage
Data is deleted once it is no longer needed to fulfil the purposes for which it was collected. The user’s email address is, accordingly, stored for as long as their newsletter subscription is active.
Other personal data collected during the registration process is generally deleted after seven days.
6. Objection and removal of data
The user in question can cancel their newsletter subscription at any time. Each newsletter contains a link for this purpose.
This also allows the user to revoke their consent to the storage of personal data collected during the registration process.
IX. Online applications and email contact
1. Description and scope of data processing
1.1 On our website, it is possible to submit online applications (via email message or data upload). This option can be used to contact us electronically. When a user makes use of this option, the data entered in the input screen is transmitted to us for the specific purpose and stored. This data includes, in particular: Salutation, first name, last name, address, email address, the position applied for, if any, as well as the application documents, and optionally a telephone number and date of birth.
In addition, the following data is stored at the time the message is sent:
The details of data processing are referred to specifically in the form-supported online application.
1.2 Alternatively, users can contact us using the provided email addresses. In this case, the personal data transmitted with the email (see 1.1) will be stored. In general, the data is not transmitted to third parties in this context (unless the application is submitted for a group company). Data will be used for the specific purpose of the application process.
1.3 We use a third-party application from Rexx Systems GmbH to manage applicants in the course of the application process. This helps structure the application process and your data, as well as extract data for the purposes indicated.
1.4 If you as a user consent, we can also use your data for future applications or job advertisements. Consent is voluntary and may be revoked at any time. If consent is revoked, this will not affect the legality of processing carried out based on the consent up until the time of revocation.
2. Legal basis for data processing
The legal bases for data processing will depend on the specific processing situation.
Your personal data will be processed in the case of 1.1 to 1.3 for the purposes of and for the decision regarding whether to begin an employment relationship (Art. 6 para. 1 clause 1 lit. b) GDPR, in conjunction with Sec. 26 para. 1 of the German Federal Data Protection Act (BDSG).
The legal basis for data processing in accordance with 1.4 is your consent (Art. 6 paragraph 1 clause 1 lit. a) GDPR).
3. Purpose and legal bases of data processing
Your personal data is processed in order to process and evaluate the application or carry out the application process. Data collected during use serves to prevent misuse of the online application and ensure the security of IT systems.
The legal bases for data processing depend on the specific processing situation.
Your personal data will be processed in the case of 1.1 to 1.3 for the purposes of and for the decision regarding whether to begin an employment relationship (Art. 6 para. 1 clause 1 lit. b) GDPR, in conjunction with Sec. 26 para. 1 of the German Federal Data Protection Act (BDSG).
The legal basis for data processing in accordance with 1.4 is your consent (Art. 6 paragraph 1 clause 1 lit. a) GDPR).
4. Duration of storage
Data is deleted once it is no longer needed to fulfil the purposes for which it was collected. Applicant data is deleted once an application is rejected. Therefore, your applicant data will be deleted after the end of the application process, and at the latest 8 months after it is collected, unless the interests of the data subject override the exclusion of processing. The aforementioned duration of storage is based on a legitimate interest (assertion, exercise or defence against civil law claims necessary – cf., for instance AGG, Art. 6 para. 1 clause 1 lit. f) GDPR.
If an employment relationship is initiated or carried out with the applicant, then the collected data is processed to carry out or end or exercise or fulfil the rights and obligations of the employee representatives (Sec. 26 BDSG) resulting from a law or a collective bargaining agreement, a works or service agreement (collective agreement).
5. Rights of objection and revocation
Please also refer to section XIII. (Rights of data subjects), in particular to the rights of revocation (for the present processing in accordance with 1.4) or right to object (for data processing in accordance with the above number 4. paragraph 1 clause 3).
X. Podcast
We regularly publish a podcast at newsroom.nordwest.com/mediathek. When users access the podcast, we determine how often it is clicked on (click rate) and how long users listen to it.
No other data is collected. This data is not transmitted to third parties.
The podcast is also made available to other providers. When users listen to the podcast through these providers, their respective data privacy provisions apply:
Spotify: https://www.spotify.com/de/legal/privacy-policy/
Apple Podcast: https://support.apple.com/de-de/HT211247
Deezer: https://www.deezer.com/legal/personal-datas
Google Podcast: https://policies.google.com/privacy?hl=de
XI. Borlabs Cookie
This website uses Borlabs Cookie, a technically necessary cookie (borlabs-cookie) in order to save your cookie consent.
Borlabs Cookie does not process any personal data.
The consent you provided when you entered the Website is stored in the borlabs-cookie. If you would like to revoke this consent, simply delete the cookie in your browser. When you enter the Website again / reload the website, you will be asked once again to consent to cookies.
XII. Transmission of personal data to third parties
1. Google Analytics 4
If you have granted your consent, Google Analytics 4, a web analytics service of Google LLC, is used on this website. The controller for user in the EU / EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Type and purpose of processing
Google Analytics uses cookies which make it possible to analyse your use of our Website. Information regarding your use of this website collected using the cookies is generally transmitted to a Google server in the USA and stored there.
We use the User ID function. With the User ID, we are able to assign one or more sessions (and activities during these sessions) a permanent, unique ID and analyse user behaviour across devices.
We use Google signals. because of this, additional information is collected in Google Analytics for users who have activated personalised ads (interests and demographic data), and advertisements can be delivered to these users via cross-device remarketing campaigns.
IP address anonymisation is activated as a standard in Google Analytics 4. Due to IP anonymisation, Google shortens your IP address within a European Union member state or another contracting state to the Agreement on the European Economic Area. The full address is only transmitted to a Google server in the USA and shortened there in exceptional cases. According to Google, the IP address transmitted by your browser in the framework of Google Analytics is not combined with other data from Google.
Your user behaviour is recorded in the form of “events” during your Website visit. Events may include:
The following are also recorded:
Purposes of processing
On behalf of the operator of this Website, Google will use this information to evaluate your [pseudonymous NOT WHEN USING USER ID] use of the website and assemble reports about website activities. The reports provided by Google Analytics are used to analyse the performance of our Website and the success of our marketing campaigns.
Recipients
The recipients of the data may be/are
Third country transfers
The European Commission accepted an adequacy decision for the USA on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google’s servers are distributed around the world, and since it is not possible to fully exclude transmission to third countries (for instance Singapore), we have also concluded the EU standard contractual clauses with the provider.
Duration of storage
Data transmitted by us and linked to cookies will be deleted automatically after 14 months. The maximum service life of Google Analytics cookies is 2 years. Data that has reached its storage term is deleted automatically once a month.
Legal basis
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 clause 1 lit. a GDPR and Sec. 25 para. 1 clause 1 of the TTDSG.
Revocation
You can revoke your consent at any time with future effect by accessing the
Cookie settings
and changing your selection there. The legality of processing carried out based on your consent up to the time of revocation will remain unaffected.
You can also prevent cookies from being stored in advance by changing the settings accordingly in your browser software. If you configure your browser so that all cookies are rejected, however, this may restrict functions on this and other websites. You can also prevent data generated by the cookie related to your use of the Website (including your IP address) from being collected and transmitted to Google, as well as the processing of this data by Google, by
a. not granting your consent to cookies, or
b. downloading and installing the browser-add-on to deactivate Google Analytics
here
.
Further information on the terms of use for Google Analytics and data privacy at Google is available here https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
2. Google Maps
This page uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, we must store your IP address. In general, this information is transmitted to a Google server in the USA and stored there. The provider of this Website has no influence over this data transmission.
We use Google maps in the interest of providing our online services in an appealing manner and making it easier to find the locations we describe on the Website. This is a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
Further information on how user data is handled is provided in the Google data privacy policy: https://www.google.de/intl/de/policies/privacy/.
XIII. Rights of data subjects
If your personal data is processed, then you are considered a data subject in the sense of the GDPR, and you are entitled to the following rights towards the controller:
1. Right of access
You can request confirmation from the controller regarding whether we process personal data concerning you.
If we do carry out such processing, you can request access to the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom personal data concerning you has been or will be disclosed;
(4) the planned duration of storage for personal data concerning you or, if no specific information can be provided in this respect, criteria for determining the duration of storage;
(5) the existence of a right to rectify or delete the personal data concerning you, a right to restrict processing by the controller, or a right to object to this processing;
(6) the existence of a right to submit complaints to a supervisory authority;
(7) all available information regarding the origin of the data, if the personal data was not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – clear information regarding the logic involved and the scope and expected effects of such processing for the data subject.
You have the right to request information on whether personal data concerning you is transmitted to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in conjunction with the transmission.
2. Right to rectification
You have the right to rectification and/or completion towards the controller, if the processed personal data concerning you is incorrect or incomplete. The controller must undertake the rectification promptly.
3. Right to restrict processing
Under the following conditions, you can request the restriction of processing for personal data concerning you:
(1) if you contest the correctness of the personal data concerning you for a term long enough to allow the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you reject erasure of the personal data, and instead request restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, however you need it to establish, exercise or defend against legal claims, or
(4) if you have submitted an objection to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If processing of personal data concerning you has been restricted, then this data may only be processed – apart from storage – only with your consent or to establish, exercise or defend against legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If processing is restricted in accordance with the aforementioned requirements, then you will be informed by the controller before the restriction is revoked.
4. Right to erasure
a) Erasure obligation
You can request that the controller erase personal data concerning you without undue delay, and the controller is obligated to erase this data without undue delay if one of the following grounds applies:
(1) The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You revoke your consent, on which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including 21
technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
c) Exceptions
The right to erasure does not apply if the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 para. 1, in so far as the right referred to in point a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing against the controller, then the controller is obligated to inform all recipients to whom the personal data concerning you was disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or would be associated with an unreasonable level of effort.
You have the right towards the controller to be informed of who these recipients are.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and
(2) the processing is carried out by automated means.
In exercising this right to data portability, you furthermore have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of other persons.
The right to data portability shall not apply to processing of personal data necessary to carry out a task in the public interest or to exercise official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to revoke a declaration of consent granted under data privacy law
You have the right to revoke a declaration of consent granted under data privacy law at any time. If consent is revoked, this will not affect the legality of processing carried out based on the consent up until the time of revocation.
9. Automated, individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless point Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The responsible supervisory authority is:
State Office of Data Privacy and Freedom of Information of
North Rhine Westphalia
PO Box 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Email: poststelle@ldi.nrw.de
Trade
Construction companies
DIYers
Industry
Municipalities
Industrial safety / work clothing
Construction Equipment
Fitting systems and security technology
Industrial needs and operating facilities
Hand Tools
Measuring systems
Surface Technology
Screwing Tools
Clamping Devices
Technical Trade
Machining