Data privacy statement 

The protection of your personal data during the collection, processing and use on the occasion of your visit to our website and in connection with our services is important for us.

Your data is protected within the framework of the General Data Protection Regulation (GDPR).

Below you will find information on which data is collected and how it is used.

In the course of the further development of our website and the implementation of new technologies to improve our services for you, changes to this data privacy statement may also be necessary. We therefore recommend that you read this data privacy statement again from time to time.

I. Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions pertaining to data privacy and protection laws is:

German American Chamber of Commerce, Inc.
80 Pine Street, 24th Floor
New York, NY 10005, USA
Tel.: +1 (212) 974-8830
E-Mail: dataprivacy(at)gaccny.com
Website: www.gaccny.com

II. Name and address of the representative in the EU

The representative of the controller in the sense of the General Data Protection Regulation in the EU is:

DIHK Deutscher Industrie- und Handelskammertag e.V.
Breite Straße 29
10178 Berlin
E-Mail: ahk-vertreter@dihk.de

III. General information regarding data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent it is required to provide a functioning website as well as for our content and services. The collection and use of personal data of our users is carried out regularly only after consent is given by the respective user. An exception applies in cases in which a previous obtaining of a consent is not possible for actual reasons and where the processing of data is permitted on the basis of statutory provisions.

2. Legal basis for the processing of personal data

To the extent that we obtain consent from the data subject for the processing of personal data, Section 6 Subsection 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data.

For the processing of personal data required to execute a contract whose contractual party is the data subject, Section 6 Subsection 1 lit. b GDPR serves as legal basis. This also applies to processing that is required for the execution of pre-contractually measures.

To the extent that the processing of personal data is required for the fulfillment of a legal obligation our company is subject to, Section 6 Subsection 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Section 6 Subsection 1 lit. d GDPR serves as the legal basis.

If such processing is required to maintain a legitimate interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest, Section 6 Subsection 1 lit. f GDPR serves as legal basis for such processing.

3. Data deletion and duration of storage

Personal data of the data subject will be deleted or blocked as soon as the purpose for storing such data no longer applies. Furthermore, personal data may only be stored if the European, US or German legislator has provided for this in ordinances, laws or other regulations to which the controller is subject and which take precedence over GDPR. Blocking or deletion of data is also affected if a storage period expires that is prescribed by the cited standards, unless there is a requirement for further storage of such data to enter into a contract or to execute a contract.

IV. Provisioning of website and creation of logfiles

1. Description and scope of data processing

Any time our website is visited, our system collects data and information in an automated fashion from the computer system of the accessing computer. The following data is collected in the process:

(1) Information regarding the browser type and the version used
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the system of the user reaches our website

The data is also stored in the logfiles of our system. Storing of such data together with other personal data of the user is not affected.

2. Legal basis for the processing of data

Legal basis for the temporary storage of data and the logfiles is Section 6 Subsection 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the computer of the user. To do so, the IP address of the user must remain stored for the duration of the session.

Storing of logfiles is affected to ensure the functionality of the website. In addition, such data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of such logfile data for marketing purposes will not be carried out in this context.

Our legitimate interest in data processing pursuant to Section 6 Subsection 1 lit. f GDPR also rests on these purposes.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. In the event of collection of data for the provisioning of the website this is the case whenever the respective session ends.

In the event of storing of data in logfiles this is after seven days the case at the latest. Storage to exceed such a period is possible. In such a case, the IP addresses of the users are deleted or scrambled so that an assignment of the accessing client is no longer possible.

5. Option for objection and removal

Collection of data for the provisioning of the website and storing of data in logfiles is required for the operation of the website. Consequently, the user has no possibility to object.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. If a user accesses a website, a cookie can be stored on the operating system of the user. Such a cookie contains a characteristic string, facilitating a clear identification of the browser whenever the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can also be identified when the user moves from one page to the next.

To do so, the following files are stored and transmitted in the cookies:

(1) fonts = standard cookie variable used by us to reload the fonts in the browser after a page refresh.

(2) fullcss = standard cookie variable used by us to reload the CSS file in the browser after a page refresh.

Maximum cookie lifetime: 730 days

In addition, we use on our website cookies that enable an analysis of the surfing behavior of users.

When visiting our website, the users are informed via web banner about the use of cookies for analytical purposes and referred to this data privacy statement. In this context, it is also pointed out how the storing of cookies can be disabled in the browser settings. This service is provided via the Consent Manager of teh Piwik PRO Analytics Suite.

Analysis cookies are used to improve the quality of our website and its content.. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

We use cookies of the Piwik PRO Analytics.

pk id = Used to recognize visitors and hold their various properties. Expires after 13 months if user consents; expires after 30 minutes if user does not consent.

ppms privacy =  Stores visitor's consent to data collection and usage. Expire after 365 days.

pk ses = Shows an active session of the visitor. Expires after: 30 minutes

b) Legal basis for the processing of data

The legal basis for the processing of personal data while using technically required cookies is Section 6 Subsection 1 lit. f GDPR. The legal basis for the processing of personal data while using technically not required cookies is Section 6 Subsection 1 lit. f GDPR.

c) Purpose of data processing

The purpose of using technically required cookies is the simplification of use of websites for the users. Some functions or our website cannot be provided without the use of cookies. For such it is necessary that the browser is also recognized when the user moves from one page to the next.

We need cookies for the following applications:

(1) fonts = standard cookie variable used by us to reload the fonts in the browser after a page refresh.

(2) fullcss = standard cookie variable used by us to reload the CSS file in the browser after a page refresh.

Maximum cookie lifetime: 730 days

User data collected via technically required cookies is not used to create user profiles.

The use of analytical cookies also serves to improve the quality of our website and its content. From analytical cookies we gain knowledge of how the website is used; we are then able to constantly optimize our services.

Our legitimate interest in the processing of personal data pursuant to Section 6 Subsection 1 lit. f GDPR also rests on these purposes.

We use cookies of the Piwik PRO Analytics:

pk id = Used to recognize visitors and hold their various properties. Expires after: 13 months if user consents; expires after 30 minutes if user does not consent.

ppms privacy = Stores visitor's consent to data collection and usage. Expires after: 365 days.

pk ses = Shows an active session of the visitor. Expires after: 30 minutes

d) Duration of storage, option for objection and removal

Cookies are stored on the computer of the user and transmitted from such to our website. This is why you as the user have full control of the use of cookies. By changing your browser’s settings, you may disable or limit the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done in an automated fashion. If cookies are disabled for our website, it is possible that not all functions of the website may be used to the full extent.

VI. Newsletter

1. Description and scope of data processing

On our website, there is the option to subscribe to a free newsletter. When registering for the newsletter, data from the input mask is transmitted to us.

Furthermore, the following data is collected upon registration:

  • Date and time of registration
  • IP address of the accessing computer

For the processing of data, in line with the registration process, we obtain your consent and refer to this data privacy statement.

In connection with the processing of data for the sending of newsletters, with the exception of the provider of email marketing software, data is not forwarded to third parties. Such data is only used for the newsletter to be sent to you.

2. Legal basis for the processing of data

Legal basis for the processing of data after registration for the newsletter by the user is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. To the extent this pertains to the sending of a newsletter in line with membership to registered data of our database, legal basis is Section 6 Subsection 1 lit. b GDPR.

3. Purpose of data processing

Collection of the email address of the user is done to deliver the newsletter.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. The email address of the user is therefore stored for as long as the newsletter subscription is active.

5. Newsletter tracking

To optimize our newsletter offer, we use personalized newsletter tracking. In    this context, besides the email address, we also collect activities connected to the newsletters (click behavior).

6. Option for objection and removal

A newsletter subscription may be cancelled by the respective user at any time. A special link is provided in every newsletter for this purpose. Alternatively, you may also cancel the newsletter subscription by sending an email to dataprivacy@gaccny.com. 

VII. Registration

1. Description and scope of data processing

On our website we give our users the option to register while providing personal data. In the process, data is entered into an input mask, transmitted to us and stored.

At the time of the registration, also the following data is stored:

• Date and time of registration
• Browser used
• Operating system
• The IP address of the user

In line with the registration process, consent is obtained from the user for processing of such data.

2. Legal basis for the processing of data

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand.

If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR.

3. Purpose of data processing

A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures.

Further information regarding the processing of your personal data in line with your membership application, event registration, events of AHK New York, the programs Go-J1 and Talent Pool can be found in our separate data privacy notices:

Data privacy notice for membership
Data privacy notice for event registration
Data privacy notice for events of AHK NY
Data privany notice for Talent Pool

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection.

This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.

5. Option for objection and removal

As user, you have at any time the option to cancel the registration. Your stored personal data can be amended at any time.

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

Should you have an objection, a request for amendment or deletion regarding your personal data, please send an email to dataprivacy(at)gaccny.com.

VIII. Email contact

1. Description and scope of data processing

You can contact us via the email addresses provided on our website. In such a case, the personal data of the user transmitted via email is stored. In this context, such data is not forwarded to third parties. Such data is only used for the processing of the conversation.

2. Legal basis for the processing of data

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand.

Legal basis for the processing of data transmitted in line with the sending of an email is Section 6 Subsection 1 lit. f GDPR. If the purpose of the contact via email is the entering into a contract, the additional legal basis for processing is Section 6 Subsection 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data only helps us to process the contact that was established. If contact is established via email, our required legitimate interest is also in the processing of such data.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case if the respective conversation with the user has ended. The conversation is finished if it can be deduced from the circumstances that the respective matter is clarified in a concluding fashion.

5. Option for objection and removal

The user has the option to revoke his consent for the processing of personal data. The user  may object at any time to the storing of his personal data. In such a case, the conversation cannot be continued. All personal data stored in the process of establishing contact will be deleted in such a case.

However, if the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

Your stored personal data can be amended at any time.

Should you have an objection, a request for amendment or deletion regarding your personal data, please send an email to dataprivacy(at)gaccny.com.

IX. Disclosure of personal data to third parties

1. Website operators

In line with processing, personal data is forwarded to the agency commissioned to run the website as well as to the technical service provider. Such is regulated via a corresponding agreement with the service provider.

2. Social media sharing button

General notice: Social media plugins usually lead to the fact that every visitor to a website is immediately captured by such services by means of his IP address and that his subsequent browser behavior is logged. This can also occur if you do not press the button. To prevent this, we use the Shariff method. Here, our social media buttons only establish direct contact between the social network and you only if you click on the respective sharing button.

Facebook

Our website uses plugins of the social network Facebook. Facebook is a Meta Product provided by Meta Platforms, Inc., 1601 Willow Road Menlo Park, CA 94025 United States. By using the Shariff method, Facebook only gains knowledge of your IP address and your visit to our website if you click the button. If you use the plugin while being logged in on Facebook, Facebook is able to allocate your use to your user account. We have no knowledge of any subsequent potential collection and use of your data by Facebook and also have no influence on such. More information can be found in the data privacy statement of Facebook at de-de.facebook.com/policy.php. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this data privacy statement.

Twitter

Our website uses plugins of the social network Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. By using the Shariff method, Twitter only gains knowledge of your IP address and your visit to our website if you click the button. We have no knowledge of any subsequent potential collection and use of your data by Twitter and also have no influence on such. More information can be found in the data privacy statement of Twitter at twitter.com/privacy. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this data privacy statement.

LinkedIn

Our website uses the LinkedIn share plugin of the social network LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. By clicking the button, your browser connects to LinkedIn to carry out the functions of the plugin. In this context, no personal data is stored by LinkedIn, and your use is also not recorded via a cookie. More information can be found in the data privacy statement of LinkedIn at www.linkedin.com/legal/privacy-policy. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this data privacy statement.

Instagram

Our website uses plugins of the social network Instagram. Instagram is a Meta Product provided by Meta Platforms, Inc., 1601 Willow Road Menlo Park, CA 94025 United States. By using the Shariff method, Instagram only gains knowledge of your IP address and your visit to our website if you click the button. If you use the plugin while being logged in on Instagram, Instagram is able to allocate your use to your user account. We have no knowledge of any subsequent potential collection and use of your data by Instagram and also have no influence on such. More information can be found in the data privacy statement of Instagram at privacycenter.instagram.com/policy. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this data privacy statement.

3. YouTube videos

In some instances, we have embedded YouTube videos on our website that are stored on the servers of the provider YouTube and that are playable by our website via such embedding. Embedding of the videos is carried out with the activated option for advanced data privacy settings. If you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer, and data is potentially transmitted to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of YouTube.

When playing videos stored by YouTube, according to current information, at the very minimum the following data is transmitted to Google Inc. as operator of YouTube and operator of the DoubleClick network: IP address and cookie ID, the specific address of our accessed page, system date and time of access, your browser ID. Transmission of such data is carried out independent of whether you have a Google user account via which you are logged in or you do not have a user account. If you are logged in, such data is potentially directly allocated to your account by Google. If you do not want such allocation to your profile, you have to log out prior to activating the playback button for the video.

YouTube or Google Inc. store such data as usage profiles and, if applicable, use such for purposes of marketing, market research and/or for the demand-driven design of their websites. Such an analysis is carried out in particular (also for users who are not logged in) to provide demand-driven advertising and to inform other users about your activities on our website. You have the right to object to the creation of such usage profiles; to exercise your right, you will have to contact Google as the operator of YouTube.

4. Website Analysis with Piwik PRO

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool.  We collect data about website visitors based on cookies. The collected information may include a visitor's IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.

We calculate metrics like bounce rate page views, sessions and the like to understand how our website/app is used.  We may also create visitors' profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.

We host our solution on Microsoft Azure in Germany, and the data is stored for 25 months.

The purpose of data processing; analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO's privacy policy.

5. Other third parties

Furthermore, personal data will only be forwarded to other third parties if this is provided for by the European, US or German legislator in ordinances, laws or other regulations to which the controller is subject and which take precedence over GDPR.  Please also see the information sheets that are linked under Section VII. Subsection 3. above for further information about the collaboration with third party providers we use to facilitate those services.

X. Rights of the data subject

If your personal data is processed, you are a data subject pursuant to GDPR. You have the following rights towards the controller. To assert your rights, please send an email to dataprivacy(at)gaccny.com.

1. Right to information

You may request from the controller a confirmation as to whether your personal data is processed by the controller.

If such processing is the case, you may request information from the controller about the following:

(1) the purposes for which personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or the categories of recipients your personal data was disclosed towards or will still be disclosed;

(4) the planned duration of storage of your personal data, or, if concrete information cannot be given in this context, criteria for the determination of such duration of storage;

(5) the existence of a right to correction or deletion of your personal data, a right to limiting the processing by the controller or a right to object to such processing;

(6) the existence of a right to appeal with a supervisory authority;

(7) all available information regarding the origin of data, if personal data is not collected with the data subject;

(8) the existence of an automated decision-making model including profiling pursuant to Section 22 Subsections 1 and 4 GDPR and - at least in these cases - meaningful information regarding the logic involved as well as the scope and the desired effects of such processing for the data subject.

You have the right to request information as to whether your personal information is transmitted to a third country or to an international organization. In this context, you may request to be informed regarding the suitable guarantees pursuant to Section 46 GDPR in connection with such transmission.

2. Right to correction

You have a right to correction and/or completion towards the controller to the extent that your processed personal data is incorrect or incomplete. The controller must make these corrections immediately.

3. Right to limitation of processing

Under the following conditions you may request the limitation of processing of your personal data:

(1) if you dispute the correctness of your personal data for a period that enables the controller to review the correctness of such personal data;

(2) if processing is unlawful and if you reject the deletion of personal data and instead request the limitation of use of such personal data;

(3) if the controller no longer requires the personal data for the purposes of processing; however, if you require such personal data for the assertion, exercise or defense of legal claims, or

(4) if you have filed an objection against such processing pursuant to Section 21 Subsection 1 GDPR and if it not yet determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data was limited, such data - apart from storing - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

If the limitation of processing was limited according to the above-mentioned prerequisites, you will be informed accordingly by the controller before such limitation is lifted.

4. Right to deletion

a) Obligation to delete

You may request from the controller that your personal data is deleted immediately, and the controller is obligated to delete such data immediately provided that one of the following reasons applies:

(1) Your personal data was collected for such purposes or processed in such a way for which it is no longer required.

(2) You revoke your consent the processing was based on pursuant to Section 6 Subsection 1 lit. a GDPR or Section 9 Subsection 2 lit. a GDPR, and there is no other legal basis for such processing.

(3) You object to the processing pursuant to Section 21 Subsection 1 GDPR, and there are no overriding authorizing reasons for the processing, or you object to the processing pursuant to Section 21 Subsection 2 GDPR.

(4) Your personal data was unlawfully processed.

(5) The deletion of your personal data is required to fulfill a legal obligation pursuant to European Union law or the law of the Member States the controller is subject to.

(6) Your personal data was collected in regard to offered information society services pursuant to Section 8 Subsection 1 GDPR.

b) Information to third parties

If the controller has made public your personal data and if he is obligated to delete such personal data pursuant to Section 17 Subsection 1 GDPR, he will take the appropriate measures, also of a technical kind, while taking into consideration the available technology as well as implementation costs to inform controllers who process personal data that you as the data subject have requested the deletion of all links to such personal data or of copies or replications of such personal data. 

c) Exceptions

The right to deletion does not exist to the extent that processing is required

(1) for the exercise of the right to freedom of expression and information;

(2) to fulfill a legal obligation that requires such processing pursuant to the law of the European Union or the Member States the controller is subject to, or to execute a task that is in the public interest or is carried out in the exercise of official authority that was delegated to the controller;

(3) for reasons of public interest in the area of public health pursuant to Section 9 Subsection 2 lit. h and i as well as Section 9 Subsection 3 GDPR;

(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Section 89 Subsection 1 GDPR, unless the right mentioned in paragraph a) renders impossible the realization of the goals of such processing or severely compromises such, or

(5) for the assertion, exercise or defense of legal claims.

5. Right to be informed

If you have asserted your right to the correction, deletion or limitation of processing towards the controller, the controller is obligated to inform all recipients your personal data was disclosed to about this correction or deletion of data or limitation of processing, unless this proves to be impossible or unless such undertaking involves a disproportionate effort.

You have the right towards the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive your personal data that was provided by you to the controller in a structured, standard and machine-readable format. You also have the right to transmit such data to another controller without being hindered by the controller such personal data was provided to the extent

(1) that the processing is based on consent pursuant to Section 6 Subsection 1 lit. a GDPR or Section 9 Subsection 2 lit. a GDPR or on a contract pursuant to Section 6 Subsection 1 lit. b GDPR, and

(2) that processing is carried out by means of automated processes.

In exercising this right, you also have the right for it to be affected that your personal data is directly transmitted by a controller to another controller to the extent that this is technically feasible. The freedoms and rights of other persons must not be impaired by such doing.

The right to data portability does not apply to the processing of personal data required for the execution of a task that is in the public interest or is carried out in the exercise of official authority that was delegated to the controller.

7. Right to objection

You have the right, for reasons that pertain to your specific situation, to object at any time to the processing of your personal data that is carried out on the basis of Section 6 Subsection 1 lit. e or f GDPR; this also applies to any profiling that is based on these provisions.

The controller no longer processes your personal data in the event of an objection, unless he is able to establish compelling reasons worthy of protection for such processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right at any time to object to such processing of your personal data for the purpose of such direct marketing; this also applies to profiling to the extent that it is connected to such direct marketing.

To the extent that you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In connection with the use of information society services - regardless of the Directive 2002/58/EC - you are free to exercise your right to objection by means of automated processes for which technical specifications are used.

8. Right to revoke consent pertaining to data protection

You have the right to revoke your consent pertaining to data protection at any time. By revoking your consent, the lawfulness of processing that was carried out on the basis of such consent until such revocation remains unaffected.

9. Automated decision in individual cases including profiling

You have the right not to be subjected to a decision that is based exclusively on automated processing - including profiling - that has a legal effect towards you or that substantially impairs you in a similar fashion. This does not apply if the decision

(1) is required for the entering into or the execution of a contract between you and the controller,

(2) is permissible on the basis of statutory provisions of the European Union or the Member States the controller is subject to, and to the extent that these statutory provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or

(3) is affected with your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Section 9 Subsection 1 GDPR unless Section 9 Subsection 2 lit. a or g applies and appropriate measures were taken to protect the rights and freedoms as well as your legitimate interests.

In view of the cases cited in (1) and (3), the controller will take the appropriate measures to protect the rights and freedoms as well as your legitimate interests; this includes at the very minimum the right to affect the intervention of a person on the part of the controller, the right to present the own position and the right to contest the decision.

10. Right to appeal with a supervisory authority

Without prejudice to any other judicial remedy or remedy pertaining to administrative law, you have the right to appeal to a supervisory authority, in particular in the Member State of your residence, your place of work or the location of the alleged violation if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation (GDPR).

The supervisory authority with which the appeal was lodged informs the appellant about the status and the results of the appeal including the option for judicial remedy pursuant to Section 78 GDPR.