Here you will find the data protection notice for the website of X2E System Engineering GmbH at“www.x2e-se.de”.In it, we inform you about the processing of your personal data in connection with the use of this website.
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
X2E System Engineering GmbH
Große Ahlmühle 19
76865 Rohrbach
Phone: +49 6349 995 99 500
Fax: +49 6349 995 99 500
Website: www.x2e-se.de
E-mail: info@x2e-se.de
In accordance with Section 38 (1) sentence 1 BDSG, we are currently not obliged to appoint and designate a data protection officer. Any data subject can contact the controller directly at any time with any questions or suggestions regarding data protection at the address given above
The data protection notice of X2E System Engineering GmbH is based on the defined terms of the General Data Protection Regulation (GDPR). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Data protection, data security and confidentiality are a high priority for us. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us. In principle, you can visit our website without providing any personal information. However, if you make use of our company’s services via our website, this will require you to provide your personal data. As a rule, we use the data provided by you and collected by the website and data stored during use exclusively for our own purposes, namely to implement and provide our website and to initiate, implement and process the services/offers offered via the website (contract fulfillment) and do not pass them on to external third parties unless there is an official obligation to do so. In all other cases, we will obtain your separate consent. Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection regulations that apply to us. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, this data protection notice informs you of your rights. We have implemented technical and organizational measures to ensure adequate protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed.
The website of X2E System Engineering GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems. When using these general data and information, the X2E System Engineering GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the X2E System Engineering GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
| Date / Data | Legal basis | Purpose of storage | Storage period | Objection / removal option |
| General system data | Art. 6 para. 1 lit. f GDPR (legitimate interest) | Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. | The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client. | No, as absolutely necessary for operation of the website |
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are (e.g.):
The fields marked with * are mandatory. The following data is also stored when the message is sent:
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. It is also possible to contact us by telephone using the telephone number provided. No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
| Date / Data | Legal basis | Purpose of storage | Storage period | Objection / removal option |
| Data from contact form and e-mail / telephone contact | The legal basis for the processing of data in the case of inquiries via the contact form and/or e-mail/telephone is generally Art. 6 para. 1 lit. b. GDPR (contract fulfillment; pre-contractual measures); Art. 6 para. 1 lit. c. GDPR (fulfillment of a legal obligation, e.g. answering questions about data protection) and otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest). | The processing of personal data from the input mask/email serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. | The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The above does not apply if the correspondence is subject to a retention obligation under commercial law. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. | The user has the option to object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. |
We collect and process personal data from applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
X2E System Engineering GmbH uses an additional contact form for questions about applications and application procedures. Here, interested parties can contact the responsible HR employee directly and, in addition to the data from the contact form, also send their application portfolio as an electronic file (PDF). If a user makes use of this option, the data entered in the input mask and the application folder will be transmitted to us and stored. These data are
The information marked with * is mandatory information.
| Date / Data | Legal basis | Purpose of storage | Storage period | Objection / removal option |
| Data from contact form and e-mail / telephone contact | The legal basis for the processing of data in the case of inquiries via the contact form and/or e-mail/telephone is generally Art. 6 para. 1 lit. b. GDPR (contract fulfillment; pre-contractual measures); Art. 6 para. 1 lit. c. GDPR (fulfillment of a legal obligation, e.g. answering questions about data protection) and otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest). | The processing of the personal data from the input mask/email serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. | The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The above does not apply if the correspondence is subject to a retention obligation under commercial law. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. | The user has the option to object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. |
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies:
We also use cookies on our website that enable an analysis of the user’s surfing behavior. The following data can be transmitted in this way:
We have integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising. The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The data controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the data subject’s Internet connection is shortened and anonymized by Google if access to our website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website. Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements. The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs. Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must install a browser add-on under this Download and install this link . This browser add-on informs Google Analytics via JavaScript that no data and information on website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on. Further information and the applicable data protection provisions of Google may be retrieved here .
We use “Google Tag Manager” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Tag Manager enables us as marketers to manage website tags via an interface. The Google Tag Manager tool, which implements the tags, is a cookie-free domain and does not itself collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Further information on data protection can be found on the following website.
Our website uses the cookie consent technology of “Complianz GDPR/CCPA Cookie Consent” to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter referred to as Complianz). When you visit our website, a Complianz cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. The data collected will be stored until you ask us to delete it or delete the Complianz cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Complianz can be found at the following link. Complianz cookie consent technology is used to obtain and document the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. No cookies are set when you access the page. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system’s default font. X2E System Engineering GmbH is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. Information on the data protection conditions of Google Webfonts can be found at this link. General information on data protection can be found in the Google Privacy Center here.
| Legal basis | Purpose of storage | Duration of storage | Objection / removal option |
| Art. 6 para. 1 lit. f GDPR. (legitimate interest) | The purpose of storage is to improve our website, both visually and functionally. | The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders. | As a user, you have the option to object to the processing of your data at any time in accordance with section 11.7 |
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, only the technically necessary data is transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. X2E System Engineering GmbH is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure the lawful and secure processing of your personal data. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. Here you will also find further information on your rights in this regard and setting options to protect your privacy.
| Legal basis | Purpose of storage | Duration of storage | Objection / removal option |
| Art. 6 para. 1 lit. f GDPR. (legitimate interest) | The purpose of the storage is to improve our offer, the visual and functional optimization of the website and the provision of a function that makes it easier to find locations and our business. | The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders. | As a user, you have the option to object to the processing of your data at any time in accordance with section 11.7 |
10.4.1 Facebook
This website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook social plugins can be viewed here. When a participant accesses a website of this offer that contains such a plugin, their browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which integrates it into the website. The provider therefore has no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs the participants according to its level of knowledge(link): By integrating the plugins, Facebook receives the information that a participant has accessed the corresponding page of the offer. If the participant is logged in to Facebook, Facebook can assign the visit to their Facebook account. If participants interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If a participant is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for protecting the privacy of participants, can be found in Facebook’s data protection information(link). If a participant is a Facebook member and does not want Facebook to collect data about them via this offer and link it to their membership data stored on Facebook, they must log out of Facebook before visiting the website. It is also possible to block Facebook social plugins with add-ons for your browser, for example with the “Facebook Blocker“.
10.4.2 Twitter
Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in the process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter’s privacy policy(link). You can change your data protection settings on Twitter in the account settings(link).
10.4.3 LinkedIn
If you click on the LinkedIn “Recommend button” and are logged into your LinkedIn account at the same time, you have the option of linking content from our website to your LinkedIn profile page. In doing so, you enable LinkedIn to associate your visit to our websites with you or your user account. You should be aware that we have no knowledge of the content of the data transmitted or its use by LinkedIn. For more details on the collection of data and your legal options and settings options, please contact LinkedIn. These are made available to you here.
10.4.4 Tumblr
You can also share posts and articles via the Tumblr platform. If you are logged into your Tumblr account at the same time, you have the direct option of sharing content from our website on your Tumblr profile page. In doing so, you enable Tumblr to assign your visit to our website to you or your user account. We have no knowledge of the content of the transmitted data and its use by Tumblr. Further details on the collection of data and your legal options as well as setting options can be found at Tumblr. These are provided here.
10.4.5 Further social media plug-ins
If we use other social media plug-ins, you will find further information on data protection in the respective data protection notices of these providers. If you cannot find this, please contact us in confidence at info@x2e-de.de.
| Date / Data | Legal basis | Purpose of storage | Storage period | Objection / removal option |
| Data transmission through third-party cookies (third-party cookies) | Art. 6 para. 1 lit. f GDPR (legitimate interest) | The purpose and legitimate interest in setting third-party cookies is to improve our offer for you by analyzing your user behavior. As a rule, only pseudonymized data is transmitted to the third parties. Furthermore, you can prevent the transmission of third-party cookies yourself by making the appropriate settings in your Internet browser. Please compare the details in sections 10-12. | Third-party cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of third-party cookies. | You can deactivate or restrict the transmission of third-party cookies by changing the settings in your Internet browser. Third-party cookies that have already been saved can be deleted at any time. This can also be done automatically. The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings |
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, machine-readable and interoperable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
You have the right to revoke your declaration of consent under data protection law at any time and without giving reasons. In the event of revocation, we will delete your personal data immediately and no longer process it. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for the conclusion or performance of a contract between you and the controller,
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Status: June 2025
Responsible body: X2E System Engineering GmbH