• +49 (0) 8273 9933899

    Mo.-Fr. Tage die Woche ab 9:00 bis 18:00 Uhr

Privacy

Privacy policy
Thank you for your interest in our website. As a member of the Verein sicherer und seriöser Internetshopbetreiber e. V., the protection of your personal data is a serious concern for us. In the following, we inform you, transparently and in understandable language, among other things, about the data collection and its scope, what your data is used for and what rights you have. Your data will be collected, stored and processed in compliance with the relevant statutory provisions. Personal data are all types of data with which you can be identified as a person.
1.) Who is responsible for data processing?
Within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other provisions of data protection law, the responsible party is a natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, contact details, etc.).
Responsible for data processing on this website is:
Bettina Büber
Schulstr.19
86707 Westendorf
Phone:082739933899
E-Mail: bettina.bueber@bio-weinkiste.de  
2.) What data is collected and processed on our website?
2.1 Automated collection of data:
Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer, in so-called server log files. This data is partly technically necessary in order to display our website to you. It is not merged with data from other sources. The following data is collected:
- The pages called up
- Browser types and versions used
- The operating system used by the accessing system
- The website from which an accessing system arrives at our site
- The date and time the page was accessed
- The Internet service provider of the accessing computer
- The Internet protocol address (IP address) used
The legal basis for data processing is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is the reliable and error-free functioning of our website. No other processing of this data takes place.

2.2 Collection of personal data
2.2.1 Data collection and processing when opening a customer account and processing a contract
If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for the conclusion of a contract. Data is only collected to the minimum extent necessary, the mandatory data can be recognized by the correspondingly marked input fields. The deletion of the customer account is possible at any time and free of charge. In case of a deletion request, please contact the person responsible for data processing. This person is named under point 1 of this data protection declaration.
We use your data only for the purpose for which you have registered or for contract processing. The legal basis for data processing is Article 6 (1) (b) of the General Data Protection Regulation (DSGVO), which allows us to process data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
The collected customer data will be blocked after completion of the order, after termination of the business relationship or after deletion of your customer account and deleted after expiry of retention periods under tax and commercial law, unless you have consented to further use of your data.
2.2.2 Data collection and processing when using our email address or contact function
In the case of emails or messages via the contact form, we store your data until the processing of your message has been completed. The mandatory data in the mask of the contact form, can be identified by the correspondingly marked input fields. The data will be used exclusively for the processing of your request, after completion of the processing your data will be deleted. The legal basis for data processing is Art. 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is to respond to your message or to process your request.
2.2.3 Newsletter function, data processing and possibility to object.
2.2.3.1 You have registered for our newsletter subscription:
If you subscribe to our free newsletter, data from the registration mask will be transmitted to us. The mandatory data can be recognized by the correspondingly marked input fields and are limited to the minimum required (email address). For the processing of your data, consent is obtained in the registration process and reference is made to this privacy policy. The legal basis for data processing is Article 6 (1) (a) of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing.
The data will not be passed on to third parties, but will be used exclusively for sending newsletters. The subscription to the newsletter (your consent) can be revoked at any time for the future. To revoke your consent, you will find a link to unsubscribe from the newsletter in every newsletter, but optionally you can also unsubscribe directly via our website. The request to unsubscribe from the newsletter can of course also be addressed directly to the data controller. This person is named under point 1 of this data protection declaration. After unsubscribing from the newsletter, the data will be deleted unless you have agreed to further use or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.

2.2.3.2 When we send newsletters to our existing customers
If you have purchased goods or services on our website and have provided us with your e-mail address, we may use this to send you a newsletter, unless you have objected to this. In such a case, only direct advertising for similar goods or services from our range will be sent via the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (DSGVO), which allows us to process data in the event of a legitimate interest. Our legitimate interest in this case is to send you personalized advertising. You can object to the use of your data for this purpose at any time with effect for the future. To object, please contact the data controller. This person is named under point 1 of this data protection declaration.
2.2.3.3 Newsletter2Go
This website uses Newsletter2Go to send newsletters. The provider is Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany.
Newsletter2Go is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Newsletter2Go's servers in Germany.
If you do not want any analysis by Newsletter2Go, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.
Data analysis by Newsletter2Go
With the help of Newsletter2Go, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.
In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). We can thus see, for example, whether you have made a purchase after clicking on the newsletter.
Newsletter2Go also allows us to subdivide ("cluster") newsletter recipients based on various categories. In doing so, newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.
Detailed information about the functions of Newsletter2Go can be found at the following link: https://www.newsletter2go.de/features/newsletter-software/.
Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
Storage period
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Newsletter2Go after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
For more details, please refer to the data protection provisions of Newsletter2Go at: https://www.newsletter2go.de/features/datenschutz-2/.
Conclusion of a contract for order data processing
We have concluded a contract with Newsletter2Go in which we oblige Newsletter2Go to protect our customers' data and not to pass it on to third parties. This contract can be viewed at the following link: https://www.newsletter2go.de/docs/datenschutz/ADV_Muster_Newsletter2Go_GmbH_latest_Form.pdf?x48278.

2.3 Disclosure of data to third parties for the purpose of fulfilling the contract 
2.3.1 Disclosure to shipping service providers in general and credit institution
For payment transactions and, if necessary, for the delivery of goods, we pass on personal data, to the minimum extent necessary, to service providers (third parties), insofar as this is necessary for the performance of the contract.
If we pass on your data to a shipping service provider (such as DHL, DPD, UPS Hermes or GLS), the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (DSGVO), which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
If we pass on your payment data to the commissioned credit institution, the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (DSGVO), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.
2.3.2 Disclosure of email address and/or telephone number to shipping service providers. 
You have the choice on our website to agree to the transfer of your email address and/or telephone number to enable the selected shipping service provider to announce the delivery or to coordinate with you. In the following, we inform you about which data is passed on to which shipping service provider and on the basis of which legal situation this occurs:
2.3.2.1 DHL
If the delivery of your goods is carried out by the shipping service provider DHL, and you have expressly agreed to the forwarding of your email address during the ordering process, this will be forwarded to DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn) for the purpose of announcing the delivery or coordinating the delivery date. The legal basis for the data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing. If you do not consent to the disclosure of the email address, the delivery will be made according to the conditions of paragraph 2.3.1 of this privacy policy. An announcement of the delivery, or a coordination of the delivery date, by DHL is then not possible.
Consent to the use of data can be revoked at any time for the future. To do so, please contact the person responsible for data processing (this person is named under point 1 of this data protection declaration), or the shipping service provider directly.
2.3.2.2 UPS
If the delivery of your goods is carried out by the shipping service provider UPS, and you have expressly agreed to the forwarding of your email address during the ordering process, this will be forwarded to UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss) for the purpose of announcing the delivery or coordinating the delivery date. The legal basis for data processing is Article 6 (1) (a) of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing. If you do not consent to the disclosure of the email address, the delivery will be made according to the conditions of paragraph 2.3.1 of this privacy policy. An announcement of the delivery, or a coordination of the delivery date, by UPS is then not possible.
Consent to the use of data can be revoked at any time for the future. For this purpose, please contact the person responsible for data processing (this person is named under point 1 of this data protection declaration), or the shipping service provider directly.
2.3.3 Payment service provider 
On our website, you have the choice of various payment service providers. In the following, we will inform you about which data is passed on and on the basis of which legal situation this occurs:

2.3.3.1 PayPal/PayPal Plus
If you choose this payment service provider, the data required for payment will be passed on to PayPal (PayPal Europe, S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this of Art. 6 (1) (a) of the General Data Protection Regulation (GDPR), which allows us to process the data if you have consented to the processing and Art. 6 (1) (b) of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure. You have the right to revoke your declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If you choose the PayPal Plus payment methods by "credit card", "invoice", "direct debit" or "PayPal installment payment", PayPal reserves the right to obtain credit information about you.  A credit report may contain scoring values (=probability values). The so-called scoring values have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values also (but not exclusively) includes your address data.
The legal basis for data processing is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows data to be processed in the event of a legitimate interest. The legitimate interest in this case is to establish your identity or solvency.
You may object to the processing of your personal data at any time. However, PayPal may still be entitled to process, use and transmit the personal data if this is necessary for PayPal to process payments in accordance with the contract, is required by law, or is demanded by a court or an authority.
If you wish to object to the use of your data or to communicate changes regarding the stored data, you can contact PayPal directly. You can also obtain more information about PayPal's privacy policy at the following Internet address:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
3.) What are cookies and what data is processed?
3.1 Cookies that are set by our website
Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer. We use cookies to make our website more user-friendly for you. Some elements of our website require that the calling browser can be identified even after a page change. For example, to store and transmit the items in your shopping cart or your login information. Most of the cookies we use, are so-called "session cookies", which are automatically deleted after closing the browser. Some cookies remain stored on your device and allow recognition the next time you visit the site (so-called persistent cookies). These are automatically deleted after a specified duration. You can find more detailed information on individual cookies in the settings of your browser. 
The legal basis for the data processing is either Art. 6 para. 1 lit. a of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have consented to the processing, or Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure, or Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the case of a legitimate interest. Our legitimate interest in this case is to offer you a technically error-free and functionally optimized website. 
If we store other cookies (for example from partner companies or to analyze your surfing behavior) on your device, we will inform you about this in detail below.
You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. Likewise, you can generally exclude the acceptance of cookies or only accept them for certain cases. In addition, you can set your browser so that set cookies are deleted after closing the browser window. The setting options differ depending on the browser. You can find help on the possible settings (for the most common browsers) under the following

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Opera: https://help.opera.com/de/latest/web-preferences/#cookies  
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Please note that if you do not accept cookies, the functionality of our website may be significantly limited.
3.2 Comment functions on our website
For this function, your comment, (if specified) your username (nickname), the time of creation of your comment, your IP address and your email address will be stored. Your data will be stored until the content you commented on has been completely deleted (or had to be deleted for legal reasons). We reserve the right to delete comments which have been objected to by third parties as being illegal. The legal basis for the storage and processing of your comment, the user name and the time of creation of the comment is Art. 6 para. 1 lit. a of the General Data Protection Regulation (DSGVO), which allows us to process the data if you give us your consent to do so. You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The legal basis for the data processing of your IP address and your email address is Article 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process the data in the case of a legitimate interest. Our legitimate interest in this case is to be able to take action against you in the event of legal violations such as insults or propaganda. We need the email address in order to contact you if your comment should be objected to by a third party as illegal.
3.3 Web analytics/marketing
3.3.1 Google Analytics
We use the analysis tool Google Analytics on our website. The provider of this analysis tool is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". Cookies are small text files that are stored on your computer and thus enable an analysis of your use of the website. This analysis data is usually transferred to a Google server in the USA and stored there.
We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" in order to ensure anonymized collection of IP addresses (so-called IP masking). By activating IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage.
The IP address transmitted by your internet browser as part of Google Analytics will not be merged with other data from Google.
The processing of the data and the setting of cookies is carried out on the legal basis for data processing pursuant to Art. 6 (1) a of the General Data Protection Regulation (DSGVO), which allows us to process the data if you have given us your express consent to do so. Without consent, Google Analytics will not be used while you are visiting our pages. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on our pages.

Weitere Hinweise zu Google Analytics finden Sie hier: https://policies.google.com/privacy?hl=de&gl=de

3.3.2 Matomo (formerly Piwik)
On our store pages, user information is collected using the web analysis service Matomo, by means of which pseudonymized user profiles can be created and evaluated.
The provider of this analysis service is "Matomo" (www.matomo.org, InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand).
The data collected with the analysis service (including your pseudonymized IP address) is processed on our servers. Our store pages use Matomo exclusively without the use of cookies.
Insofar as personal data is also processed during the described processes, the processing is carried out for optimization and marketing purposes. The legal basis for the data processing is Art. 6 (1) (f) of the General Data Protection Regulation (DSGVO), which allows us to process the data in the case of a legitimate interest. Our legitimate interest in this case is an optimized presentation of our offer.
If you do not agree with the collection and storage of your data, then you can object to the storage and at any time and for the future. In this case, a so-called. Opt-Out Cookie will be placed in your browser, which has the effect that Matomo does not collect any data. 
3.3.3 YouTube
We use plugins from YouTube, a site operated by Google, on our website. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit one of our pages that are equipped with a YouTube plugin, a connection to the YouTube servers is established. This transmits to the YouTube server which of our pages you have visited.
If you are logged into your YouTube account at the time of access, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The legal basis for the data processing is Art. 6 (1) lit. f of the General Data Protection Regulation (DSGVO), which allows Google to process the data in the case of a legitimate interest. The legitimate interest in this case is the display of personalized advertising and market research.
For more information on the handling of your data, please refer to YouTube's privacy policy: https://www.google.de/intl/de/policies/privacy
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

3.3.4 Vimeo
We use plugins from the video portal Vimeo on our website. The operator of the pages is Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages that is equipped with a Vimeo plugin, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited.
If you are logged into your Vimeo account at the time of access, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
The legal basis for the data processing is Art. 6 (1) lit. f of the General Data Protection Regulation (DSGVO), which allows Vimeo to process the data in the case of a legitimate interest. The legitimate interest in this case is market research and the needs-based design of the Vimeo service.
For more information on the handling of your data, please refer to Vimeo's privacy policy: https://vimeo.com/privacy.
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.
4.) How is the data secured?
The transmission of personal data is exclusively encrypted via an SSL or a TLS connection. This applies to messages via our contact function as well as to data regarding your order and payment transactions. Due to the encryption, your sensitive personal data cannot be intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the address line of the browser starts with "https://" (and by the lock symbol in the browser line).
The data stored in the systems of our website are secured by passwords and cannot be viewed by unauthorized third parties.
Data transmission on the Internet, for example when sending an email, is not 100% secure and may in some cases have security gaps.
5.) How long will personal data be stored?
How long your personal data is stored by us depends on the respective legal retention period. The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After expiry of the periods, the data is regularly deleted, unless it is still required for the initiation or fulfillment of the contract or we have a legitimate interest in continuing to store it.
6.) What rights do you have against the data controller?
Below we list the rights you have under the General Data Protection Regulation (GDPR), against the data controller. The data controller is named under point 1 of this privacy policy. If personal data is processed by you, you are a "data subject" within the meaning of the General Data Protection Regulation (DSGVO).

6.1 Your right to information pursuant to Art. 15 of the General Data Protection Regulation (GDPR)
You may request information from the data controller as to whether personal data relating to you is being processed. If such processing is taking place, you may also request information on the following: the purposes for which this personal data is processed; the categories of personal data processed; the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed; the planned storage period of the personal data relating to you or, if no specific information is possible in this regard, the criteria for determining the storage period; the existence of a right to rectification or erasure of the personal data concerning you, the existence of a right to restriction of processing by the data controller or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority (the competent authority is the State Data Protection Commissioner of the Federal State in which We are based - addresses and links can be found here); any available information on the origin of the data if the personal data are not collected from the data subject (i.e. you); the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) DSGVO and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation (GDPR) in connection with the transfer.
6.2 Your right to rectification pursuant to Art. 16 of the General Data Protection Regulation (GDPR).
You have a right against the data controller to rectification and/or completion without undue delay if the processed personal data concerning you are inaccurate or incomplete. 
6.3 Your right to erasure pursuant to Art. 17 of the General Data Protection Regulation (GDPR).
You may request the data controller to erase the personal data concerning you without undue delay, and the data controller is obliged to erase such personal data without undue delay, provided that one of the grounds under Art. 17(1) DSGVO applies. 
The right to erasure does not exist insofar as the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
6.4 Your right to restrict processing in accordance with Art. 18 of the General Data Protection Regulation (GDPR). 
You have the right to request the data controller to restrict processing as long as the accuracy of the personal data concerning you is verified, you refuse the erasure of the personal data and instead request the restriction of the use of the personal data, the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or if you have objected to the processing pursuant to Art. 21(1) DSGVO and it is not yet clear whether the controller's legitimate grounds override your grounds.
6.5 Your right to information pursuant to Art. 19 of the General Data Protection Regulation (GDPR).
If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the controller is obliged to inform all recipients to whom the personal data relating to you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.

6.6 Your right to data portability pursuant to Art. 20 of the General Data Protection Regulation (GDPR)
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another data controller without hindrance from the data controller to whom the personal data was provided, insofar as this is technically feasible. 
This right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. 
The right to data portability shall not affect the rights and freedoms of other persons.
6.7 Your right to withdraw consent given in accordance with Art. 77 of the General Data Protection Regulation (GDPR).
You have the right to revoke your declaration of consent under data protection law at any time with effect for the future. In the event of a revocation, the data concerned will be deleted immediately, provided that there is no legal basis for further processing that does not require consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
6.8 Automated decision in individual cases including profiling.
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permitted by legislation of the European Union or the Member States to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
6.9 Your right to complain to a supervisory authority pursuant to Art. 77 DSGVO.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. 
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the General Data Protection Regulation (GDPR).
+++++++++++++++++++++++++++++

6.10 RIGHT OF OBJECTION
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO, with effect for the future; this also applies to profiling based on these provisions. 
The data controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.