We are very pleased about your interest in our company. The management of Lohn-Pack K. A. Wolf GmbH & Co. KG gives highest priority to data protection. Use of the website of Lohn-Pack K. A. Wolf GmbH & Co. KG is generally possible without entering any personal data. However, if a data subject wishes to use special company services available on our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
Lohn-Pack K. A. Wolf GmbH & Co. KG, as the data controller, has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed on this website. However, since all data transfer via the Internet has unavoidable security issues, absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
- a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) Data subject
is any identified or identifiable natural person whose personal data are processed by the controller.
- c) Processing
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
means the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling
means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- f) Pseudonymisation
means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- g) Controller
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for in Union or Member State law.
- h) Processor
means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- i) Recipient
means a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- j) Third party
means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- k) Consent
of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
Controller within the meaning of the General Data Protection Regulation (GDPR), other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:
Lohn-Pack K. A. Wolf GmbH & Co. KG
61197 Florstadt, Germany
The data subject can stop our website from setting cookies at any time by means of setting up their Internet browser accordingly and thereby permanently objecting to the setting of cookies. Furthermore, previous cookies can be deleted at any time via an Internet browser or other software application. This feature is supported by all common Internet browsers. Disabling the setting of cookies in their Internet browser may render some website functions unavailable to the data subject.
4. Collection of general data and information
Website www.lohn-pack.com collects various general data and information when a data subject or automated system accesses the website. This general data and information is stored in the server’s log files. Data and information that can be captured: (1) types and versions of browsers, (2) operating system used by the accessing system, (3) website from which a system accesses our website (so-called referrer), (4) sub-websites of our website accessed by an external system, (5) date and time of access to the website, (6) Internet Protocol address (IP address), (7) Internet service provider of the accessing system and (8) other similar data and information used for security in case of attacks on our information technology systems.
Using this general data and information does not allow Lohn-Pack K. A. Wolf GmbH & Co. KG to identify the data subject. This information is needed to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for it, (3) ensure the permanent functioning of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. Lohn-Pack K. A. Wolf GmbH & Co. KG therefore evaluates this anonymously collected data and information for statistical reasons and with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
5. Subscription to our newsletter
Our website www.lohn-pack.com allows users to subscribe to our company's newsletter. The Subscribe screen tells you which personal data will be transmitted to the controller when subscribing to the newsletter.
Lohn-Pack K. A. Wolf GmbH & Co. KG regularly informs its customers and business partners about company news via a newsletter. There are two prerequisites for this mailing, i.e. (1) the data subject has a valid e-mail address and (2) the data subject subscribes to the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address the data subject enters when subscribing to the newsletter. This “double opt-in” method uses the confirmation e-mail to verify that the owner of the e-mail address is the data subject who actually authorised the receipt of the newsletter.
When a data subject subscribes to the newsletter, we also store the IP address of its computer system as transferred by the Internet Service Provider (ISP) as well as the date and time of registration. Collecting these data is necessary to understand a (possible) misuse of the data subject’s e-mail address at a later date and therefore serves the legal protection of the controller.
We use the personal data collected when a data subject subscribes to the newsletter exclusively for the sending of our newsletter. They can also be used to inform subscribers by e-mail, if this is necessary for the operation of the newsletter service or a registration related to it, as might be the case in the case of changes to the newsletter offer or in the case of technical changes. No personal data collected in the context of the newsletter service is passed on to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the sending of the newsletter may be revoked at any time by following the link each newsletter contains for this purpose. Or data subjects can unsubscribe from the newsletter by accessing the controller’s website or by informing the controller in another way.
6. Newsletter tracking
The newsletter of Lohn-Pack K. A. Wolf GmbH & Co. KG contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. The tracking pixel tells Lohn-Pack K. A. Wolf GmbH & Co. KG whether and when a data subject opened an e-mail and which links in the e-mail it followed.
Such personal data collected via the tracking pixels in the newsletters are stored and evaluated by the controller in order to optimise newsletter distribution and to better adapt the content of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects may, at any time, revoke their consent declared by means of the double opt-in procedure. After a revocation, these personal data will be deleted by the controller. Lohn-Pack K. A. Wolf GmbH & Co. KG will automatically consider unsubscribing from the newsletter a revocation .
6. a. Data protection rules on the use of MailChimp
The newsletter is sent via MailChimp, a newsletter delivery platform of US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their other data described in the context of this policy, are stored on MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. According to information provided by MailChimp, the company can use these data to optimise or improve its own services, e.g. for technically optimising the shipping and presentation of the newsletters, or for economic purposes to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.
6. b. Statistical survey and analysis
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file, which is retrieved by the MailChimp server when the newsletter is opened. In the process, technical information such as information about the browser and your system as well as your IP address and time of retrieval are collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on the points of retrieval (which can be determined by the IP address) or access times.
The statistical surveys also include determining whether and when newsletters are opened and which links are clicked. While technical reasons allow this information to be attributed to individual newsletter recipients, it is neither our nor MailChimp’s ambition to observe individual users. Instead, the evaluations help us recognise the reading habits of our users and to adapt our content to them or to send different contents according to the interests of our users.
7. Contact via the website
Due to legal regulations, the website of Lohn-Pack K. A. Wolf GmbH & Co. KG contains information that enables a quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). When a data subject contacts the controller by e-mail or using a contact form, the personal data it transfers are stored automatically. Such personal data transferred voluntarily by a data subject to the controller are stored for the purpose of processing or contacting the data subject. No personal data will be passed on to third parties.
8. Protection of data relating to applications or application procedures
The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out by electronic means. This is particularly the case when an applicant submits the relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. Where the controller enters into a contract of employment with an applicant, the data transferred will be stored for the purpose of handling the employment relationship in compliance with statutory provisions. If the controller does not enter into a contract of employment with the applicant, the application documents will be automatically deleted two months after notification of the decision of cancellation, provided that no other legitimate interests of the controller conflict with the cancellation. Any other legitimate interest in this sense is, for example, an obligation to provide evidence in a procedure under the General Equal Treatment Act (GTC).
9. MyFonts Counter
Option to object
10. Data protection rules on the use of Facebook
The controller has integrated Facebook components in this website. Facebook is a social network.
A social network is a social meeting point on the Internet to create an online community that generally enables users to communicate with each other and interact in cyberspace. A social network can serve as a platform for the exchange of opinions and experiences or it allows the Internet community to provide personal or business-related information. As a social network, Facebook enables users to create private profiles, upload photos and network through friend requests.
The company operating Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller for the processing of personal data of data subjects living outside the United States or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website operated by the controller and containing a Facebook component (Facebook plug-in) is accessed, that Facebook component automatically prompts the Internet browser on the data subject’s information technology system to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed of the specific sub-page of our website that the data subject is visiting.
If the data subject is logged in to Facebook at the same time, Facebook will recognise each specific sub-page of our website the data subject accesses separately or during an entire visiting session. This information is collected by the Facebook component and assigned by Facebook to the data subject’s Facebook account. If the data subject activates the “like” or any other of the Facebook buttons integrated in our website or if the data subject makes a comment, Facebook assigns this information to the data subject’s personal Facebook user account and stores these personal data.
If the data subject is simultaneously logged in to Facebook at the time of accessing our website, the Facebook component tells Facebook that the data subject is visiting our website, regardless of whether the data subject clicks on the Facebook component or not. To suppress the transfer of such information to Facebook, the data subject should simply log out of his or her Facebook account before accessing our website.
The data policy published by Facebook at https://de-de.facebook.com/about/privacy/ provides information on the collection, processing and use of personal data by Facebook. It also explains the settings Facebook provides to protect the privacy of the data subject. In addition, various applications are available that enable users to suppress any data transfer to Facebook. Data subjects can use such applications to suppress a data transfer to Facebook.
11. Data protection rules on the use of Instagram
The controller has embedded Instagram service components on this website. Instagram is an audiovisual platform service that allows users to share photos and videos and to send out such data to other social networks.
The company operating Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time one of the individual pages of this website operated by the controller and containing an Instagram component (Instagram button) is accessed, that Instagram component automatically prompts the Internet browser on the data subject’s information technology system to download a representation of the corresponding Instagram component from Instagram.. As part of this technical process, Instagram is informed of which specific sub-page of our website the data subject is visiting.
If the data subject is logged in to Instagram at the same time, Instagram will recognise each specific sub-page of our website the data subject accesses separately or during an entire visiting session. This information is collected through the Instagram component and assigned to the individual's Instagram account by Instagram. If the data subject activates one of the Instagram buttons integrated in our website, the data and information transferred with it will be assigned to the data subject’s personal Instagram user account and stored and processed by Instagram.
If the data subject is simultaneously logged in to Instagram at the time of accessing our website, the Instagram component tells Instagram that the data subject is visiting our website, regardless of whether the person clicks on the Instagram component or not. To suppress the transfer of such information to Instagram, the data subject should simply log out of his or her Instagram account before accessing our website.
12. Data protection rules on the use of LinkedIn
The controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that enables users to connect to existing or establish new business contacts. LinkeIn has over 400 million registered users in more than 200 countries. LinkedIn is currently the largest business contact platform and one of the most visited websites in the world.
Each time our website equipped with a LinkedIn component (LinkedIn plug-in) is accessed, this component prompts the data subject’s browser to download a representation of the component from LinkedIn. For more information on the LinkedIn plug-ins, visit https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn is informed about which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn will recognise each specific sub-page of our website the data subject accesses separately or during an entire visiting session. This information is collected by the LinkedIn component and assigned by LinkedIn to the data subject’s respective LinkedIn account. If the data subject activates a LinkedIn button integrated in our website, LinkedIn assigns this information to the data subject’s personal LinkedIn user account and stores this personal data.
If the data subject is simultaneously logged in to LinkedIn at the time of accessing our website, the LinkedIn component tells LinkedIn that the data subject is visiting our website, regardless of whether the data subject clicks on the LinkedIn component or not. To suppress the transfer of such information to LinkedIn, the data subject should simply log out of his or her LinkedIn account before accessing our website.
13. Routine erasure and restriction of processing of personal data
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage or provided that this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage does not apply or if a storage period prescribed by the European legislator or another competent legislator expires, the processing of personal data will be restricted or the data deleted routinely and in accordance with legal requirements.
14. Legal basis of processing
Art. 6 I lit. a of the GDPR is our company’s legal basis for processing operations for which we obtain consent for a particular processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party – for example, for processing operations necessary for the supply of goods or for the provision of other services or consideration – the processing shall be based on Article 6 I lit. b of the GDPR. The same applies to processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data may become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our company were injured and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third parties. Then the processing would be based on Art. 6 I lit. d of the GDPR. Ultimately, processing operations could fall under Art. 6 I lit. f of the GDPR as the legal basis for processing operations not covered by any of the aforementioned cases, assuming that processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it assumed a legitimate interest if the data subject is a customer of the controller (recital 47 sentence 2 of the GDPR).
15. Legitimate interests in the processing pursued by the controller or a third party
Art5 6 I lit. f of the GDPR justifies the processing of personal data if our legitimate interest is conducting our business for the benefit of all our employees and our shareholders.
16. Personal data storage period
The criterion for the personal data storage period is the applicable statutory retention period. After that period, the data will be routinely deleted, provided that they are no longer necessary for the performance or initiation of a contract.
17. Legal or contractual rules on the provisioning of personal data; need to conclude a contract; obligation for the data subject to provide the personal data; possible consequences of non-provision
We will inform you that the provisioning of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information about the contractual partner). Sometimes concluding a contract may require a data subject to provide us with personal data, which we subsequently have to process. For example, the data subject is obliged to provide us with personal data when our company enters into a contract with it. Failure to provide personal data would mean that the contract could not be concluded with the data subject. Prior to provisioning any personal data, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis, whether the provisioning of personal data is required by law or by contract or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences the non-provisioning of the personal data would have.
18. Rights of the data subject
- a) Right to confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to use this right of confirmation, he or she may at any time contact an employee of the controller.
- b) Right to information
Every data subject shall have the right granted by the European legislator to obtain from the controller, free of charge, information on his or her personal data stored and a copy of that information. Furthermore, the European legislator grants the data subject information on:
- the purposes of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations
- if possible, the schedule data storage period, or, if this is not possible, the criteria for determining that period
- the existence of a right to rectification or erasure of the personal data relating to them or to restricting the processing by the controller or a right of objection against such processing
- the existence of a right of appeal to a supervisory authority
- where the personal data are not collected from the data subject, and available information as to their source the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information on the logic involved, as well as the scope and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has a right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate guarantees relating to the transfer.
If a data subject wishes to make use of this right of access, he or she may at any time contact an employee of the controller.
- c) Right to rectification
Every data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact any employee of the controller.
- d) Right to erasure (right to be forgotten)
The data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing was based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing he data subject withdraws his consent, on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data collected by Lohn-Pack K. A. Wolf GmbH & Co. KG, it may at any time contact any employee of the controller. The employee of Lohn-Pack K. A. Wolf GmbH & Co. KG will ensure that the erasure request is complied with promptly. Where Lohn-Pack K. A. Wolf GmbH & Co. KG has made public the personal data and our company, as the controller, is obliged to erase the personal data pursuant to Article 17 (1) of the GDPR, Lohn-Pack K. A. Wolf GmbH & Co. KG, taking into account the available technology and the implementation costs, will take appropriate measures, including technical measures, to inform other data controllers processing the published personal data that the data subject has requested from these other data controllers the erasure of all links to these personal data or of copies or replicas of these personal data, insofar as the processing is not necessary. The employee of Lohn-Pack K. A. Wolf GmbH & Co. KG will arrange the necessary steps as the case requires.
- e) Right to restriction of processing
The data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject for a period that allows the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. If one of the aforementioned conditions is met and a data subject restricts the processing of personal data stored by Lohn-Pack K. A. Wolf GmbH & Co. KG may at any time contact an employee of the controller. The employee of Lohn-Pack K. A. Wolf GmbH & Co. KG will arrange the restriction of processing.
- f) Right to data portability
The data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which she or he has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on the consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means. Also, the processing must not be necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller.
Furthermore, in exercising its right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that it does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact an employee of Lohn-Pack K. A. Wolf GmbH & Co. KG.
- g) Right to object
The data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
Lohn-Pack K. A. Wolf GmbH & Co. KG shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where Lohn-Pack K. A. Wolf GmbH & Co. KG processes personal data direct marketing purposes, the data subject shall have the right at any time to object time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Lohn-Where the data subject objects to processing by Lohn-Pack K. A. Wolf GmbH & Co. KG for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Where personal data are processed by Lohn-Pack K. A. Wolf GmbH & Co. KG for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise its right to object, the data subject may contact directly any employee of Lohn-Pack K. A. Wolf GmbH & Co. KG or another employee. The data subject shall also be free to exercise its right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
- h) Automated decision-making on a case-by-case basis, including profiling
The data subject shall have the right granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and the controller; or ((2) is authorised by Union or Member State law to which the controller is subject and which lays down suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is made with the express consent of the data subject, Lohn-Pack K. A. Wolf GmbH & Co. KG shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to claim rights relating to automated decisions, he or she may at any time contact an employee of the controller.
- i) Right to withdraw data protection consent
The data subject shall have the right granted by the European legislator to withdraw its consent to the processing of personal data at any time.
If the data subject wishes to assert his or her right to withdraw its consent, he or she may at any time contact any employee of the controller.
19. Legal validity/scope