The protection of your personal data is an important concern for us. We process your data in accordance with the applicable national and European data protection laws. In order that you know which data we process for which purposes and which rights you have in this regard, we would like to inform you about the processing of your personal data.
Section I: Controller and Data Protection Officer
1. Name and Address of the controller
The controller for the purposes of the General Data Protection Regulation (GDPR), the German Federal Data protection Act (BDSG) and other provisions related to data protection is:
2. Name and Address of the Data Protection Officer
You can contact the Data protection Officer of the controller by letter or e-mail using the following contact details:
Jenfelder Allee 80
Section II: Processing of data relating to your visit to our website
1. General information on data processing on our website
a) Scope of the processing of personal data
The controller only collects and processes personal data of users, as far as this is necessary for the operation of a functional website and its contents and services. The collection and processing of personal data of the users basically takes place with the user’s content. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
b) Legal basis for the processing of personal data
To the extent that the controller obtains the consent of the data subject for processing operations involving personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. If the processing of personal data is required for the fulfilment of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to data processing operations that are necessary to implement pre-contractual measures. To the extent that the processing of personal data is required to fulfil a legal obligation to which the controller is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) lit. d GDPR serves as the legal basis. If the data processing is necessary to safeguard a legitimate interest of the controller or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6 (1) lit. f GDPR serves as the legal basis for the processing.
c) Erasure of data and storage period
The personal data of the data subject will be erased or blocked, as soon as the purpose of storage ceases to apply. Furthermore, personal data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
2. Processing on behalf of the controller and data security
On the basis of separate written agreements, the controller also has personal data processed by service providers within the frame of order data processing (“contract processors”) pursuant to Ar. 28 GDPR. The controller remains responsible to you under data protection law. The employees of the contract processors are obliged to maintain the confidentiality of your data just as the controllers own employees are. They are subject to the instructions of the controller. All technical and organisational measures required by law to protect your personal data from loss and misuse are guaranteed by the controller. Your personal data is stored in secure operating environments, which are only accessible to employees of the contract processors to the extent that this is absolutely necessary to fulfil the contractual tasks.
3. Access to this website
The controller collects and uses personal data of the users only as far as this is necessary to provide a functional website as well as the contents and services of the controller. Each time this website is called up, the system of the controller automatically collects the following data from the computer system of the calling computer and stores them in log files: name of the file accessed, date and time of access, amount of data transmitted, notification of successful access, type of your browser and version used, user’s IP address, user’s operating system, user’s Internet service provider, websites from which the user’s system accessed this website, websites accessed by the user’s system via this website. This data is not merged with other data sources. The legal basis for the collection of data and their storage in log files is Art. 6 (1) lit. f GDPR.
The temporary collection of data by the system is necessary to enable the website to be delivered to the user’s computer and to ensure its reproduction. The data is also stored in log files to ensure the stability and functionality of the website. Furthermore, the data serves to optimize this website and to guarantee the security of the information technology systems of the controller against possible attacks from outside. This also includes the legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the data collected for the provision of the website at the end of the respective session; within the framework of storing the data in log files after seven days at the latest. Further storage is possible. In this case the IP address of the user is deleted or alienated, so that an assignment of the calling computer is no longer possible. The collection of data for the provision of the website and its storage in log files is absolutely necessary for the operation of the offer, so that there is no possibility of objection on the part of the user.
4. Contact possibility via the website
On this website, you can contact the controller via an online contact form or via e-mail. The personal data (e.g. name, address, telephone number or e-mail address) transmitted to the controller via the input mask of the contact form or by e-mail serve exclusively the processing of contact inquiries of the users. The data will not be passed on to third parties. The legal basis for the processing of data transmitted via the contact form is, with the prior consent of the user, Art. 6 (1) lit. a GDPR, for the processing of data transmitted by e-mail Art. 6 (1) lit. f GDPR. For the aforementioned purposes, the data controller also has a legitimate interest in the processing of the data pursuant to Art. 6 (1) lit. f GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case when the processing of the user’s respective inquiry has been completed, i.e. it can be inferred from the circumstances that the facts in question have been finally clarified. The user has the possibility at any time to revoke his consent to the processing of personal data as well as to object to the storage of his personal data transmitted to the controller by e-mail. In this case, the conversation cannot continue. Users can contact firstname.lastname@example.org for this purpose. All personal data stored in the course of contacting us will then be deleted.y
a) General information on cookies
b) Essential cookies
Some of the cookies used on the website are fundamental for the operation and provision of the website and are absolutely necessary for its proper functioning (essential cookies).
The legal basis for the data processing associated with the essential cookies is Art. 6 para. 1 lit. f GDPR. When you visit our website, our legitimate interest in the proper provision of the website and its basic functions outweighs your interest in confidentiality.
c) Non-essential cookies
Other, non-mandatory (third-party) cookies are used to improve our website and to integrate third-party content into the website.
The website only uses these cookies and your personal data is only processed for the purposes of these cookies if you have consented to this. You can give this consent by clicking on the button provided for this purpose on the cookie banner. You can use the “Cookie details” button to view more detailed information on the individual cookies, their purpose and the respective (third-party) provider and also give your consent for individual cookies only. The legal basis for the data processing associated with the cookies that are not necessary is Art. 6 para. 1 lit. a GDPR in conjunction with your consent.
If you do not give your consent, these non-essential cookies will not be used. By clicking on the button “Only essential cookies”, you can expressly refuse the setting of cookies that are not necessary.
You can revoke your consent at any time (see also section V. point 1 lit. g)), the easiest way to do this is by deactivating the cookies via the “Cookie details” button on the cookie banner.
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
This website contains links to online offers of third parties over which the controller has no influence and therefore cannot assume any responsibility for data protection or content. Please read the privacy policies of the online offers that you access via this website.
The controller has integrated components of the enterprise Facebook on this website and also has his own Facebook page(s) on the Internet. Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests. The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data policy published by Facebook, which is available at https://www.facebook.com/privacy/explanation, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there, which setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
9. Adequacy decision and guarantees
Insofar as the controller transfers personal data to recipients in third countries in the course of operating and providing the website (cf. above), suitable guarantees as defined in Art. 46 of the GDPR exist through the conclusion of EU standard contractual clauses issued by the EU Commission.
Section III: Processing of data for press service purposes
1. Press Service
Only if you have given your consent, Studio Hamburg Produktion Gruppe GmbH, Jenfelder Allee 80, 22039 Hamburg (“SHPG”) and each of the other companies of Studio Hamburg Produktion Gruppe GmbH (jointly “Group”) listed below will process your name and your e-mail address in order to inform you by e-mail within the framework of the “Studio Hamburg Produktion Gruppe GmbH Press Service” about productions of the companies and news of the Group relevant to productions and business (jointly “press service messages”). You will receive press service messages from the following
companies of the Studio Hamburg Produktion Group (“Group”):
– Studio Hamburg Produktion Gruppe GmbH, Jenfelder Allee 80, 22039 Hamburg
– LETTERBOX FILMPRODUKTION GMBH, Jenfelder Allee 80, 22039 Hamburg
– REAL FILM Berlin GmbH, Köthener Straße 3, 10963 Berlin
– Nordfilm GmbH, Büsumer Weg 51, 24106 Kiel
– Riverside Entertainment GmbH, Jenfelder Allee 80, 22039 Hamburg
– Doclights GmbH, Jenfelder Allee 80, 22039 Hamburg
– B.vision Media GmbH, Wilhelm-Kabus-Straße 77, 10829 Berlin
– AMALIA FILM GMBH, Adelgundenstrasse 5b, 80538 München
– Studio Hamburg UK, 5 Market Place, 4th Floor, London WIW 8AE
– FRIDAY FILM GmbH, Köthener Straße 3, 10963 Berlin
– ALWAYSON PRODUCTION GMBH I.G., Willy-Brandt-Straße 23, 20457 Hamburg
Your consent to receive the press service messages is voluntary and revocable at any time. You are under no contractual or legal obligation to provide your name and e-mail address for the purpose of sending press service messages. If you do not provide the data, you will not receive any press service messages. You can also revoke your consent by using the link provided for this purpose in each press service message or by e-mail to email@example.com.
The legal basis for the described data processing for the dispatch of press service messages is your consent in conjunction with Art. 6 (1) lit. a GDPR.
2. Processing to meet legally binding requirements
Data provided by you for receiving the press service message will be processed for these purposes only insofar as this is required to fulfil legally binding requirements to which SHPG or the other companies of the Group (see “Responsibility for press service messages”) are subject in each case. The legal basis for data processing to fulfil legal obligations is Art. 6 (1) lit. c GDPR.
3. Responsibility for press service messages
4. Data recipients, (sub-) contract processors, data transmission to third countries
a) General information on (sub-) contract processing
For data processing within the scope of the press service, SHPG commissions external service providers (contract processors) with tasks in connection with registration and deregistration, the design, content management and the dispatch of press service messages and grants them access to your personal data for this purpose to the extent necessary in each case. This is done on the basis of processing contracts concluded for this purpose within the meaning of Art. 28ff. GDPR. The external service providers process personal data on behalf of and on the instructions of SHPG or – indirectly – on the instructions of the respective responsible company of the Group (see “Responsibility for press service messages”). The same applies to subcontractors who are used by external service providers within the frame of their (sub-)contract for the commissioned data processing. In the context of this (sub-)contract processing, personal data is transmitted to service providers in third countries. In these cases, suitable guarantees within the meaning of Article 46 of the GDPR exist through the conclusion of EU standard contractual clauses issued by the EU Commission.
b) MailChimp ((sub-) contract processor)
SHPG GmbH uses the “MailChimp” service for the technical implementation of de-registration and registration as well as the dispatch of press service messages. MailChimp is a cloud-based service for managing newsletter distribution. MailChimp is offered and operated by The Rocket Science Group LLC, Georgia, 674 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308. The Rocket Science Group LLC processes your personal data in connection with its press service as an external service provider (contract processor) on behalf and under the instructions of SHGP. If another company of the group is responsible for sending the press service messages (see “Responsibility for press service messages”), MailChimp is a subcontractor of this company.
c) Data transmission for the purposes of third parties
A transmission of personal data to state institutions and authorities only takes place within the framework of mandatory legal regulations. In addition, the data you provide for receiving the press service messages will not be passed on to third parties for their purposes.
5. Duration of storage and erasure
The data controller stores and processes your personal data only as long as this is necessary for the respective purpose (cf. Section III No. 1). Beyond this, storage and processing will only occur if it is permissible on the basis of another legal basis, e.g. for the fulfilment of legal requirements (cf. Section III No. 2).
Section IV: Processing of Data for purposes of productions
Note on data processing for journalistic or artistic purposes: Within the framework of Art. 85 (2) of the EU General Data Protection Regulation (GDPR), EU member states may deviate from the GDPR for the processing of personal data for journalistic or artistic purposes. This privilege is specified by law in Germany, for example in the KunstUrhG. Comprehensive information of the data subjects, for example about the purposes, scope and legal basis of the processing, is not mandatory by law in these cases. In this section 12, we inform you about processing activities in connection with the realisation of productions that are not subject to the privileges in the sense of Article 85 (2) of the GDPR.
2. Scope, purposes of data processing, legal basis
a) Performance of the contract with you
The controller stores and uses the personal data provided by you for the conclusion and performance of the contract or collected during the making of the audio and video recordings for the performance of the contract between you and the controller.
This includes, in particular, the making of audio and video recordings of you, their subsequent production as well as their exploitation as agreed in the contract. In addition, we retain the contract and the personal data provided by you therein until the contract has been fully processed and we process your contact data for communication with you relevant to the contract.
The legal basis for this data processing is Art. 6 para. 1 b) GDPR.
b) Pursuit of legitimate interests
The data controller also processes photographs and video recordings taken and personal data provided by you in the context of the contract to the extent that this is necessary to safeguard legitimate interests, provided that your interests or fundamental rights and freedoms do not override these.
In particular, the use of the contract document may be necessary to safeguard legitimate interests, to provide evidence of rights granted by you in connection with the production and to assert or defend against any claims.
The legal basis for this data processing is Art. 6 para. 1 f) GDPR.
c) Fulfilment of legal requirements
The controller is subject to a number of legal obligations and requirements, such as storage and reporting obligations under commercial and tax law. Only to the extent necessary to comply with legal requirements, the controller will also process your personal data for these purposes.
The legal basis for this data processing is Art. 6 (1) c) GDPR.
3. Disclosure of personal data
a) Disclosure to other data controllers
The controller will only disclose your personal data to other controllers if this is necessary for the performance of the contract with (cf. Section IV No. 2. a.) or for the protection of legitimate interests (cf. Section IV No. 2. b.), or if it is obliged to do so by law or by enforceable official or court order (Section IV No. 2. c.).
For the performance of the contract (Section IV Item 2. a.) it may be necessary in particular for the responsible party to make the sound and image recordings available to third parties involved in the production (e.g. commissioning broadcasters, co-financing partners, E&O insurance) for exploitation.
Insofar as third parties process data transmitted by the responsible party for their own purposes (e.g. within the framework of the handling and execution of the production), the processing shall be carried out by the respective third party on its own responsibility.
b) Data processing on behalf of third parties
The data controller also commissions external service providers with tasks in connection with the production, such as data hosting, contract filing, holding, accounting. These “processors” have been carefully selected by the responsible party and are regularly monitored, particularly with regard to the careful handling and safeguarding of data stored with them. All service providers are obliged to maintain confidentiality and to comply with legal requirements. This is done on the basis of order processing contracts concluded for this purpose within the meaning of Art. 28 et seq. GDPR. The external service providers process personal data on behalf of and on the instructions of the data controller. The same applies to sub-processors.
4. Data recipients in third countries
a) General information
A data transfer to bodies in states outside the EU/EEA (so-called third countries) only takes place insofar as
– it is necessary for the execution of the contract (e.g. handling of the production with the commissioning broadcaster),
– it is required by law (e.g. reporting obligations under tax law); or
– the responsible party uses order processors (cf. Section IV No. 4. a.) outside the EU/EEA.
b) Adequacy decision and guarantees
Insofar as the controller transfers personal data to recipients in third countries, the recipient is either certified under the EU-US Privacy Shield, for which there is an adequacy decision within the meaning of Art. 45 GDPR, or there are appropriate safeguards within the meaning of Art. 46 GDPR through the conclusion of EU standard contractual clauses issued by the EU Commission.
c) Storage period and deletion
The data controller stores and processes your personal data only as long as this is necessary for the respective purpose (cf. Section IV No. 2). Beyond that, storage and processing will only take place insofar as this is permissible on the basis of another legal basis, for example to comply with legal requirements (cf. section IV point 2.c.).
Section V: General information (your rights, amendments)
1. Your Rights
a) Right of access (Art. 15 GDPR)
You can obtain confirmation of the controller whether personal data concerning you are being processed by the controller. If such processing has taken place, you can request the following information from the person responsible: the purposes for which the personal data are processed; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed; the planned period of the storage of the personal data concerning you or, if specific information on this is not possible, criteria to determine the storage period; the existence of a right to have your personal data corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing; the existence of a right of appeal to a supervisory authority; all available information on the origin of the data if the personal data are not collected from the data subject; the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
b) Right to rectification (Art. 16 GDPR)
You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
c) Right to erasure (Art. 17 GDPR)
You may request the data controller to delete the personal data relating to you without undue delay and the controller is obliged to delete this data without undue delay if one of the following reasons applies: The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed. You revoke your consent, on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing. You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 (2) GDPR. The personal data concerning you have been processed unlawfully. The deletion of personal data concerning you is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject. The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
The right to erasure does not exist where processing is necessary: to exercise the right of freedom of expression and information; to fulfil a legal obligation required by the law of the EU or the Member States to which the controller is subject, or to perform a task in the public interest or in the exercise of official authority conferred on the controller; for reasons of public interest in the field of public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in paragraph 1 of this section is likely to make it impossible or seriously impair the achievement of the objectives of such processing, or for the assertion, exercise or defense of legal claims.
d) Right of restriction of processing (Art. 18 GDPR)
You may request the restriction of the processing of personal data concerning you under the following conditions: if you dispute the accuracy of the personal data concerning you for a period which allows the data controller to verify the accuracy of the personal data; the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; the data controller no longer needs the personal data for the purposes of the processing but you need them for the assertion, exercise or defence of legal claims, or if you object to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible override your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the EU or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
e) Right to information according to Art. 19 GDPR
If you have exercised your right to have the data controller correct, delete or limit the processing, the data controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You shall have the right vis-à-vis the data controller to be informed of such recipients.
f) Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without obstruction by the controller to whom the personal data was provided, provided that the processing is based on a consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and the processing is carried out using automated procedures. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
g) Right to withdraw data protection consent (Art. 7 (3) GDPR)
You have the right to withdraw your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal.
h) Right of appeal to a supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to the NDR Broadcasting Data Protection Officer in Hamburg if you believe that the processing of your personal data is in violation of the GDPR. The supervisory authority shall inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy according to Article 78 GDPR.
i) Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you under Article 6(1) lit. e or f of the GDPR; this also applies to profiling based on these provisions. In this case, the controller no longer processes the personal data concerning you, unless the controller can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
You also have the right to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR for reasons arising from your particular situation, unless such processing is necessary to fulfil a task in the public interest.