Data protection declaration
We manage our websites in accordance with the principles regulated below:
We undertake to comply with the legal provisions on data protection and endeavour to take the principles of data avoidance and data minimisation into account at all times.
1. Name and address of the person responsible, as well as that of the data protection officera)
The responsible body within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union, as well as within the meaning of other data protection regulations is:
SPRINTIS Schenk GmbH & Co. KG
personally liable company: SCHENK Verwaltungs-GmbH
Managing director: Christian Schenk - Matthias Schenk
Ludwig-Weis-Straße 11 D-97082 Würzburg
The data protection officer of the responsible body at SiDIT GmbH is:
2. Explanations of terms
We have designed our data protection declaration in accordance with the principles of clarity and transparency. However, if there be any ambiguities regarding the use of different terms, the corresponding definitions can be found here.
3. Legal basis for the processing of personal data
We only process your personal data such as your first and last name, your e-mail address and IP address etc. if there is a legal basis for this. Here, according to the General Data Protection Regulation, three regulations in particular come into question:
- You have given us your consent to process your personal data for one or more purposes, Section 6 Par. 1 S. 1 lit. a GDPR. Within this context, we will inform you in detail about the purpose or purposes of processing, and we will document your express consent.
- The processing of your personal data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures with you, Section 6 Par. 1 S. 1 lit. b GDPR.
- The processing of personal data is necessary to protect our legitimate interests, unless your interests or fundamental rights and freedoms prevail, Section 6 Par. 1 S. 1 lit. f GDPR.
However, at the respective positions, we will always point out to you on which legal basis the processing of your personal data is based.
4. Passing on of personal data
Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
- you have provided your express consent in accordance with Section 6 Par. 1 S. 1 lit. a GDPR,
- the disclosure according to Section 6 Par. 1 S. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest in not disclosing your data that is worthy of protection,
- a legal obligation exists for the transfer according to Section 6 Par. 1 S. 1 lit. c GDPR
- this is legally permissible and is required according to Section 6 Par. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.
5. Storage period and deletion
We only store all personal data that you transmit to us for as long as required so as to fulfil the purposes for which this data was transmitted or for as long as this is required by law. The data will be deleted or blocked by us upon fulfilment of the purpose and/or expiry of the statutory storage periods.
6. SSL encryption
This website uses SSL encryption for security reasons and so as to protect the transmission of confidential content, such as requests you send to us as a website operator. You can recognise an encrypted connection by looking at the address line of the browser and noticing the change from "http://" to "https://" and by the lock symbol in your browser line.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
7. Collection and storage of personal data as well as its type and purpose of use
a) When you visit the website
When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without your assistance and stored until its automatic deletion:
- IP address of the requesting computer
- Access date and time
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- the browser used and, if applicable, your computer's operating system as well as the name of your access provider
The mentioned data will be processed by us for the following purposes:
- Ensuring convenient use of our website
- Evaluation of system security and stability
- For other administrative purposes
Data that allow us to draw conclusions about your person, such as your IP address, will be deleted, at the latest, after 7 days. When we store the data beyond this period, this data will be pseudonymised so that it can not longer be allocated to you.
The legal basis for data processing is Section 6 Par. 1 S. 1 lit. f GDPR. Our legitimate interest for data collection follows from the purposes listed above. Under no circumstances do we use the collected data to draw conclusions about you personally.
b) Contractual relationship
aa) Conclusion of contract
Within the framework of establishing the contractual relationship, only the personal data that is essential for executing the contract is processed in accordance with Section 6 Par. 1 S. 1 lit. b GDPR.
If you provide any additional information voluntarily, it will only be processed with your consent in accordance with Section 6 Par. P. 1 lit a GDPR . We use this voluntary information to offer a customer-friendly service and to constantly improve it.
bb) customer account
You have the possibility to create a customer account with us. For this purpose, in addition to your personal data for contract processing, your other voluntary data and the purchases you made from us in the past will also be stored and processed. You can access this data at any time to gain an overview of your purchases made with us. This data has the purpose of ensuring that you can simply log in with your login data with your next purchase. It should also support you in controlling your purchasing activities.
The legal basis is based on your consent pursuant to Section 6 Par. 1 S. 1 lit. a GDPR.
You have the possibility to change or delete your data in the customer account at any time and to delete the account as a whole. If you make use of this function, your customer account with all the data contained therein will be deleted immediately.
cc) Disclosure of data for shipping
We pass on the data that is necessary for shipping our goods (first name and surname, address, e-mail address, telephone number, to the extent this is necessary for freight goods) to the appropriate dispatch service provider for notification/coordination of the shipment and delivery of the goods.
The legal basis for the transfer is provided in Section 6 Par. p. 1 lit. b GDPR.
Within this context, we will pass on your data to one of the following shipping service providers . They will then provide you with further information on the processing of your data:
DHL Paket GmbH, Sträßchensweg 10, PLZ/Ort: 53113 Bonn, Telefon: +49/ (0) 228/ 18 20, [email protected]dhl.com https://www.dhl.de/de/toolbar/footer/datenschutz.html
DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Deutschland, [email protected], Tel. +49 6021 843-0; https://www.dpd.com/de/siteutilities/data_protection
United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Telefon: +49 1806 882 663; https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page
dd) Disclosure of data when using online payment service providers
If, within the framework of your order process, you decide to pay with one of our online payment service providers, your contact data will be transmitted to them within the context of the order triggered in this way. The legality of the transmission of the data results from Section 6 Par. S. 1 lit. b GDPR, for the execution of the method of payment chosen by you as well as our legitimate interests according to Section 6 Par. P. 1 lit. f GDPR to enable a user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider is usually first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of articles, article number, invoice amount and taxes in percent, invoice information, etc. The data will not be passed on to third parties.
This transfer is necessary to process your order using the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.
However, please note that: Personal data may also be passed on by the online payment service provider to service providers, sub-contractors or other affiliated companies, insofar as this is necessary to fulfil the contractual obligations arising from your order, or when the personal data is to be processed on behalf of the service provider.
Depending on the selected PayPal payment method, e.g. invoice or direct debit, the personal data transmitted to PayPal is transmitted to credit agencies by PayPal. This transfer serves to verify your identity and creditworthiness with regard to your placed order. You can find out which credit agencies are involved and which data is generally collected, processed, stored and passed on by the respective provider in the respective provider's data protection declarations. :
PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de/webapps/mpp/ua/privacy-full
SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany
For further questions regarding the use of your personal data you can contact SOFORT by e-mail ([email protected]) or in writing (SOFORT GmbH, data protection, Theresienhöhe 12, 80339 Munich).
Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany
For further information on data protection, please contact Heidelpay directly www.heidelpay.de/datenschutz
HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxemburg; [email protected]
Newsletter content and registration data
We will only send you a newsletter when you order it from us and provide your consent pursuant to Section 6 Par. p. 1 lit. a GDPR. The contents of the newsletter are described in detail when registering for the newsletter. All you need to register for the newsletter is your e-mail address. When you provide further voluntary information, such as your name and/or gender, this will be used exclusively for the personalisation of the newsletter addressed to you.
Double opt-in and logging
For security reasons, we use the so-called double opt-in procedure to subscribe to our newsletter so that no one can register with other e-mail addresses. After subscribing to our newsletter, you will therefore receive an e-mail asking you to confirm your subscription. This only becomes effective with registration confirmation.
Furthermore, your registration for the newsletter will be logged. The logging includes storage of the time of registration and confirmation, your provided data as well as your IP address. When you make changes to your data, these changes are also logged.
When you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click on the link to unsubscribe from the newsletter at the end of each newsletter, or you can send us an e-mail to the following e-mail address: [email protected]
The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.
Use of "MailChimp"
We send our newsletter with the help of the newsletter service "MailChimp", which is offered by the Rocket Science Group, LLC (675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA).
The e-mail addresses of our newsletter recipients and also their further data described in the context of these notification are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp can use this data to optimise or improve its own services, e.g. to technically optimise the sending and presentation of newsletters or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to pass it on to third parties.
You will find the data protection policy of MailChimp here: https://mailchimp.com/legal/privacy/
Statistical surveys and analyses
The newsletters sent via MailChimp contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, the following technical information is initially collected:
- Information regarding the browser
- Information regarding your system
- Your IP address
- Date and time of retrieval
This information is used to improve the services based on the technical data, the target groups and their reading behaviour, the retrieval locations (which can be determined using the IP address) and the access times.
The statistical surveys also include determining whether and when the newsletters are opened and which links are clicked in the newsletter. This information can be assigned to the individual newsletter recipients for technical reasons, but it is neither our endeavour, nor that of MailChimp to observe individual users. Rather, the evaluations serves to recognise our users' reading habits and to adapt our contents accordingly or to send different contents, depending on our users' interests.
The use of the MailChimp newsletter service, the performance of statistical surveys and analyses, and the logging of the registration procedure are based on our legitimate interests pursuant to Section 6 Par. S. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and satisfies our users' expectations.
Use of rapidmail
We use rapidmail (rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br. Germany), to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. It is forbidden for rapidmail GmbH to use your data for other purposes than for sending the newsletter. rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a certified German newsletter software provider that was carefully selected in accordance with the requirements of the GDPR and the Federal Data Protection Act.
We have concluded an order processing contract with rapidmail.
Further information on data protection at rapidmail can be found here: https://www.rapidmail.de/datenschutzbestimmungen
The use of the dispatch service provider rapidmail GmbH is based on our legitimate interests in accordance with Section 6 Par. 1 S. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and satisfies our users' expectations.
d) Contact form / e-mail contact
We provide you with a form on our website so that you can contact us at any time. For using the contact form, a name for a personal form of address and a valid e-mail address is required to make contact, so that we know from whom the enquiry originates and can process it.
When you send us enquiries using the contact form, your details from the enquiry form, including the contact data you have provided there and your IP address in accordance with Section 6 Par. S. 1 lit. b and f GDPR will be used for executing pre-contractual measures that take place on your request or are processed for the exercise of our legitimate interest, namely for exercising our business activity.
You are also welcome to send us an e-mail using the e-mail address provided on our website instead. In this case, we will store and process your e-mail address and the information you provide within the scope of the e-mail in accordance with Section 6 Par. S. 1 lit. b and f GDPR for processing your message.
The requests and the associated data will be deleted no later than 3 months after receipt, unless they are required for a further contractual relationship.
e) Google Fonts
We use Google Fonts on our website. This enables the display of fonts. Google Fonts is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043). These web fonts are integrated by a server call, usually a Google server in the USA. This may result in the following being transmitted to the server and stored by Google:
- Name and version of the browser used
- Website from which access was triggered (referrer URL)
- Operating systems of your computer
- Screen display resolution of your computer
- IP address of requesting computer
- Language settings of the browser and/or the operating system used by the user
The use of Google Fonts is intended to simplify reading our website and making it graphically more pleasant for you, and it is therefore based on our legitimate interests in accordance with Section 6 Par. S. 1 lit. f GDPR.
f) Use of Google Maps
Our website uses the Google Maps API. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to the USA and stored there by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043).
If this is required by law or if third parties process this data on behalf of Google, Google may transfer the information obtained through Maps to third parties. However, under no circumstances will your IP address be linked to other data from Google. However, we must point out that it is technically possible for Google to identify individual users on the basis of the data received.
The data processed by cookies is required for the above-mentioned purposes, so as to protect our legitimate interests and those of third parties pursuant to Section 6, Par. S. 1 lit. f GDPR.
Most browsers automatically accept cookies due to the browser settings. However, you can configure your browser in such a manner that either no cookies are stored on your end device or, at least, a message is displayed before a new cookie is stored. If you completely deactivate the cookie function in your browser, you may not be able to use all functions of our website.
Below we explain the different types of cookies we use.
a) Session cookies
In order to make your use of our website more pleasant, we use so-called session cookies to recognise that you have already visited individual pages of our website.
These session cookies are automatically deleted after leaving our site.
b) Temporary cookies
These temporary cookies are stored on your terminal for a specified period of time.
c) Cookies for optimisation purposes
These cookies are automatically deleted after a defined period of time.
9. Analyse and tracking tools
We use the analysis and tracking tools listed below on our website. These serve to ensure the continuous optimisation of our website and to design it according to requirements.
These interests are to be regarded as legitimate within the meaning of Section 6 Par. S. 1 lit. f GDPR . The respective data processing purposes and data categories can be found in the corresponding tools.
a) Google Analytics
We use Google Analytics on our website, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google").
- Name and version of the browser used
- Operating systems of your computer
- Website from which access is made (referrer URL)
- IP address of the requesting computer
- Date and time of the server enquiry
are usually transferred to a Google server in the USA and stored there.
However, because we have activated IP anonymisation on our website, your IP address will first be abbreviated by Google within Member States of the European Union or in other countries party to the Agreement on the European Economic Area.. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activities and to provide us with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google, by downloading and installing the browser plug-in available under the following link http://tools.google.com/dlpage/gaoptout?hl=de
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set which prevents the collection of your data on future visits to our website: deactivate Google Analytics
b) Hotjar (hotjar Ltd.)
This website uses the Hotjar web analysis service of Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
This tool enables us to retrace movements on our websites, on which Hotjar is deployed (so-called heatmaps). For example, it explains how far users scroll and which buttons they click how often. Furthermore, it is possible, when using this tool, to directly get feedback from our website users. We are so provided with valuable information to make our websites even faster and more customer-friendly. The above analysis is carried out on the basis of our legitimate interests in optimization and marketing purposes and in interest-based design of our website in accordance with art. 6 (1) f GDPR. We pay particular attention to the protection of your personal data when using this tool. Therefore, we only can retrace which buttons you click and how far you scroll. Areas of sites that may contain personal information about you or third parties are automatically hidden by Hotjar and cannot be retraced at any time.
With the help of a "Do Not Track Headers", Hotjar gives every user the opportunity to prevent the Hotjar tool from being used, so that no data about the visit of the respective website is recorded. It is a setting that all common browsers in up-dated versions support. To this end, your browser sends a request to Hotjar, demanding the tracking of the respective user to be deactivated. If you visit our website with different browsers/computers, you must use the "Do Not Track Header" for each browser/computer separately.
For more detailed instructions and information about your browser, please refer to: https://www.hotjar.com/opt-out.
For more information about Hotjar Ltd. and the Hotjar tool, please refer to: https://www.hotjar.com
c) Google Remarketing
We use the remarketing function of Google Analytics to direct advertising campaigns - including Google AdWords campaigns - to visitors to our website.
Based on your previous visits to our website, relevant advertisements are presented to you when you visit other websites in the Google Display Network.
The DoubleClick cookie allows Google to target advertisements to us and other third parties that match the interests identified as a result of your previous visits to our website and/or other websites. This advertising may be displayed on websites operated by Google and/or other Google network operators. We also use the Google Analytics advertising functions to analyse the effectiveness of our own advertising campaigns.
You can personalise your Google ad settings and object to Google's interest-based ads. In this case, the cookie ID (assigned individually for each cookie) of the DoubleClick cookie is overwritten and can no longer be associated with a specific browser.
If you delete all cookies from your device, a new DoubleClick cookie may be placed. Then you may have to renew your objection settings. You can permanently disable the DoubleClick cookie by clicking here: http://www.google.com/settings/ads/plugin download and install the appropriate browser plugin. You may disable the use of third-party cookies for the purpose of online advertising on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ .
If you've agreed in your Google Account that your Google web and app browsing history will be linked to your Google Account and information from your Google Account will be used to personalise ads, Google will use information from you along with Google Analytics data to create cross-device remarketing targeting lists. To do this, Google Analytics first collects Google authenticated IDs linked to your Google Account for you as a user on our website. Google Analytics then temporarily links these IDs to Google Analytics data in order to optimise our target groups.
d) Google AdWords
We use Google AdWords on our website, which is an online advertising programme of Google Inc, which also uses conversion tracking. With this tool, Google AdWords sets a cookie on your device when you visit our website via a Google ad.
After 30 days, the cookie is no longer valid. It is not used for any form of personal traceability. If you visit our website as a user, and the cookie is still working, we can see together with Google that you have clicked on the corresponding advertisement and have been redirected to our page. Each Google AdWords customer is assigned a different cookie. Cookies are therefore not traceable via the AdWords customers' websites.
The data collected through conversion cookies is used to generate conversion statistics for AdWords customers. As Google AdWords customers, we gain information on the total number of users who responded to our ad and were then directed to a website that was tagged with a conversion tracking tag. We do not receive any information during this process with which we could personally identify you as a user.
If you choose not to allow the tracking process, you can disable the Google Conversion Tracking cookie from your Internet browser.
10. Video integration
Our website uses the plugin YouTube, which is used by YouTube, LLC (901 Cherry Ave., San Bruno, CA 94066, USA).
If you activate the YouTube plugin during your visit, a connection to YouTube's servers is established and the YouTube server is informed regarding which of our pages you have visited. Thus, YouTube can assign your surfing behaviour directly to your personal profile. You can prevent this when you log out of your member account before visiting our website.
The legal basis is provided for in Section 6 Par. S. 1 lit. f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.
11. Rights of the party concerned
You have the following rights:
a) Help desk
According to Section 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information on
- the purposes of processing
- the categories of personal data
- the recipients or categories of recipients to whom your information has been or will be disclosed
- the planned storage period or, at least, the criteria for determining the storage period
- the existence of a right to rectification, deletion, restriction of processing or objection
- the existence of a right of appeal to a supervisory authority
- the origin of your personal data, insofar as this was not collected by us
- the existence of an automated decision-making process including profiling and, if necessary, meaningful information on the details
You have a right to immediate rectification of incorrect or incomplete stored personal data by us pursuant to Section 16 GDPR.
According to Section 17 GDPR, you have the right to request the immediate deletion of your personal data from us, unless further processing is necessary for one of the following reasons:
- exercising freedom of expression and information
- for satisfying a legal obligation required for processing under the law of the European Union or of the Member States to which the controller is subject to, or for the performance of a task in the public interest, or in the exercise of official authority conferred on the controller
- on grounds of public interest in the field of public health, in accordance with Section 9 Par. 2 lit. h and i. as well as Section 9 Par. 3 GDPR
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Section 89 Par. 1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing
- for asserting, exercising or defending legal claims
d) Limitation of of processing
In accordance with Section 18 GDPR, you may request that the processing of your personal data be restricted for one of the following reasons:
- You contest the correctness of your personal data.
- The processing is unlawful and you refuse to have your personal data deleted.
- We no longer need the personal data for processing purposes, but you do need it to assert, exercise or defend legal claims.
- You file an objection to the processing pursuant to Section 21 Par. 1 GDPR.
If you have requested the correction or deletion of your personal data or a restriction on processing in accordance with Section 16, Section 17 Par. 1 and Section 18 of the GDPR, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can ask us to inform you of these recipients.
You have the right to receive the personal data you have provided to us in a structured, commonly-used and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing was carried out using automated procedures and is based on a consent pursuant to Section 6 Par. 1 S. 1 lit. a or Section 9 Par. 2 lit. a or a contract pursuant to Section 6 Par. 1 S. 1 lit. b GDPR.
In accordance with Section 7 Par 3. GDPR, you have the right to revoke your consent to us at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation. In the future, we may no longer continue processing data, based on your revoked consent.
According to Section 77 GDPR, you have the right to submit a complaint to a supervisory authority if you believe that the processing of your personal data violates GDPR.
If your personal data is processed on the basis of legitimate interests in accordance with Section 6 Par. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Section 21 GDPR if there are reasons for this which arise from your particular situation,or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the particular situation. If you would like to make use of your right of revocation or objection, simply send an e-mail to [email protected].
j) Automated decision in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and us
- is admissible under European Union or Member State legislation to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
- with your explicit consent
However, these decisions may not be based on specific categories of personal data under Section 9 Par. 1 GDPR, unless Section 9 Par. 2 lit a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in i) and iii), we will take reasonable measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on our part, to state our position and to challenge the decision.
12. Changes to the data protection declaration