Home Shop Privacy Policy

Privacy Policy

W&W Cycle AG processes personal data belonging to customers as described hereafter; it does so in accordance with the relevant laws and in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and their associated directives.

We are, by introducing the following notice, satisfying our statutory information obligations and are hereby informing you of the collection of personal data by us and your rights in this context.

1. General object of data protection

The object of data protection is personal data that is processed by us (as controller).

Personal data means any information relating to an identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Name and contact details for the controller according to Art. 13 (1)(a), 14 (1)(a) GDPR

The controller is:

W&W Cycles AG, Ohmstraße 2, 97076 Würzburg, Germany; telephone: +49 / (0) 931 / 250 61 16; fax: +49 / (0) 931 / 250 61 20; email: postmaster@wwag.com; represented by the Director: Mr Wolfgang Schmidt, commercial register number: AG Würzburg HRB 5217, VAT ID no.: DE 134182653, website: www.wwag.com

3. Contact details for the data protection officer according to Art. 13 (1)(b), 14 /1)(b) GDPR

The data protection officer is:

Isabella Schober, W&W Cycles AG, Ohmstraße 2, 97076 Würzburg, Germany; telephone: +49 / (0) 931 / 250 61 711; email: ischober@wwag.com.

4. General information on data processing

In the following we will provide general information on the scope, legal grounds and data erasure, i.e. duration of storage, before proceeding to describe the actual form of data processing by us.

a) Scope of processing of personal data

We collect and use personal data of our users only in the extent that is necessary to ensure website functionality and to provide our content and services. Collection and use of personal data of our users ordinarily takes place only with the prior consent of the user. Excepted from this are cases in which obtaining prior consent is not possible for factual reasons and where processing the data is lawful.

b) Legal grounds for the processing of personal data

Where we obtain consent from the data subject for processing of personal data, this shall be based on Art. 6 paragraph 1 point (a) EU General Data Protection Regulation (GDPR).

Where processing of personal data is necessary for the performance of a contract in which the data subject is party to the contract, this shall be based on Art. 6 paragraph 1 point (b) EU General Data Protection Regulation (GDPR). This applies also to processing procedures that are necessary for the performance of pre-contractual measures.

Where processing of personal data is necessary for the fulfilment of a legal obligation applicable to our company, this shall be based on Art. 6 paragraph 1 point (c) EU General Data Protection Regulation (GDPR).

Where processing of personal data is necessary for the protection of the vital interests of the data subject or another natural person, this shall be based on Art. 6 paragraph 1 point (d) EU General Data Protection Regulation (GDPR).

Where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and where such interests are not overriden by the interests or fundamental rights and freedoms of the data subject, this shall be based on Art. 6 paragraph 1 point (f) EU General Data Protection Regulation (GDPR).

c) Data erasure and duration of storage

Personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place where this is foreseen by regulations, laws or other directives under European or national legislation to which the controller is subject. The data shall also be blocked or erased after expiry of the retention period set out in the legal standards above, except where continued storage of the data is necessary for the conclusion or performance of a contract.

5. Individual forms of processing of personal data

W&W Cycles AG processes personal data as follows:

a) Collection of personal data when visiting our website/creation of log files

Data is collected as follows when you visit our website:

(1) Description and scope of data processing

We do not collect any personal data in the case of simple informative use of this website, i.e. if you do not login, register or otherwise transmit information to us or order products, with the exception of the data transmitted by your browser to our server. We collect the following data:

  • IP address;
  • date and time of the enquiry;
  • time difference to Greenwich Mean Time (GMT);
  • content of the request (actual page), pages you access, name of the accessed file;
  • access status/HTTP status code, message whether access was successful;
  • data volume transferred in each case;
  • referring website;
  • browser;
  • operating system and its interface;
  • language and version of browser software;
  • data volume transferred;
  • page from which the file was requested (referrer URL);
  • access status (file transferred, file not found etc.).

  • The data is also stored in our system in the form of log files. This data is not stored together with other personal data of the user.

    (2) Legal grounds for data processing

    Temporary storage of data and log files takes place according to Art. 6 paragraph 1 point (f) GDPR.

    (3) Purpose of data processing

    The log files are saved to ensure functionality of the website. We also use the data to optimise the website and to ensure security and stability of our information technology systems. The data is not analysed for marketing purpose in this context.

    These purposes represent our legitimate interest in data processing according to Art. 6 paragraph 1 point (f) GDPR.

    (4) Duration of storage

    The data is erased as soon as the purpose of its storage no longer applies. Where this refers to log files, erasure takes place after seven days at maximum. Storage beyond this period is possible. In these cases the IP addresses of the users are deleted or pseudonymised to ensure that an identification of the requesting client is not possible.

    (5) Information according to Art. 13 (2)(e) GDPR

    The provision of the data is absolutely necessary for the provision and operation of our website. You are therefore obliged to provide this data in order to use the website, otherwise it is not possible to use the website. There is no possibility of objection.

    b) Use of cookies

    Our website uses cookies in the following way:

    (1) Description and scope of data processing

    In addition to the data described above, cookies are placed on your computer when you visit our website. Cookies are small text files that are saved on on your hard drive and contain information about the browser you use. A cookie can be placed on the operating system of a user when the user visits our website. This cookie contains a characteristic sequence of characters that enable definite identification of the browser the next time that you access our website.

    Our website uses the following cookie types, whose scope and functions are explained in the following:

  • transient cookies;
  • persistent cookies.

  • Transient cookies are deleted automatically when you close your browser. Session cookies belong to this group in particular. They store what is known as a session ID that enables assignment of your browser to various requests during your visit to our website. This allows identification of your browser if you return to our website. The session cookies are deleted when you log out or close the browser.

    Persistent cookies are deleted automatically after a set period, which may differ according to the cookie. You can adjust your browser settings to delete the cookies.

    We use the following proprietary cookies:

  • opt-out cookie: This cookie ensures that you were informed of our Privacy Notice and our use of cookies in particular. It is a persistent cookie.
  • Session ID cookie: This cookie stores your session ID that enables assignment of your browser to various requests during your visit to our website. It is therefore possible to recognise your browser if you return to our website. It is a transient cookie.
  • shopping basket cookie: This cookie stores the items you have placed in your shopping basket in our online shop. It is a persistent cookie.

  • (2) Legal grounds for data processing

    Processing of personal data through the use of cookies takes place according to Art. 6 paragraph 1 point (f) GDPR.

    (3) Purpose of data processing

    We use these cookies to simplify the use of our website for visitors. Some of the functions on our website cannot be provided without the use of cookies. For these functions, it is necessary to recognise your browser if you move between pages. We require cookies for the following functions:

  • reference to our privacy notice, i.e. opt-out cookie;
  • shopping basket.

  • The user data collected by cookies that is technically necessary is not used to compile user profiles.

    These purposes represent our legitimate interest in the processing of personal data according to Art. 6 paragraph 1 point (f) GDPR.

    (4) Duration of storage

    Cookies are stored on the device of the user, which transfers them to our page. This means that you retain full control over the use of cookies. You can adjust your browser settings to disable or restrict the use of cookies. Saved cookies can be deleted at any time. This can take place automatically. Bear in mind that by disabling cookies you may not be able to use our website or some of its functions. In particular, you may not be able to place orders in our web shop.

    Transient cookies are deleted automatically when you close your browser. Persistent cookies are deleted automatically after a set period. This is one week from closing the browser after visiting our website in the case of our opt-out and shopping basket cookies.

    (5) Information according to Art. 13 (2)(e) GDPR

    The use of cookies is stipulated neither by contract nor by law for the provision of data. Neither is this data necessary for the conclusion of a contract. You are not required to provide this data. Notwithstanding, the use of cookies is essential for operation of the website. Therefore, you will be unable to use our website and hence place orders in our web shop if you object to the use of cookies

    c) Use of Google Analytics

    We use Google Analytics as follows:

    (1) Description and scope of data processing

    In addition, we use Google Analytics, a web analysis service by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). We use the "Universal Analytics" version. This allows us to assign data, sessions and interaction across several devices to a pseudonymised user ID and therefore to analyse the activities of a user on any device.

    Google Analytics uses "cookies," which are text files placed on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website, for instance browser type/version, operating system used, referrer URL (last visited page), host name of the accessing computer (IP address), time of server request, is generally transmitted to and stored on a Google server in the United States. The IP address transmitted by your browser within the scope of Google Analytics will not be associated with any other data held by Google. Further, we have added the code "anonymizeIP" to Google Analytics on this website. This ensures masking of your IP address, so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there.

    We have concluded a Data Processing Agreement with Google and implement the full requirements of the data protection authorities in the use of Google Analytics.

    (2) Legal grounds for data processing

    The legal grounds for the use of Google Analytics are set out in Section 15 (3) Telemedia Act (TMG), i.e. in Art. 6 paragraph 1 point (f) GDPR.

    (3) Purpose of data processing

    On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website and Internet use.

    These purposes represent our legitimate interest in data processing.

    (4) Duration of storage, right of objection and rectification

    Sessions and campaigns expire after a certain period. Sessions ordinarily expire after 30 minutes without activity, and campaigns after six months. A time limit of two years at maximum applies to campaigns. For further information on terms of use and data privacy, visit www.google.com/analytics/terms/us.html or https://policies.google.com/?hl=us.

    You may refuse the use of cookies by selecting the appropriate settings in your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser add-on to disable Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=us).

    Opt-out cookies prevent your data from being collected in future when you visit this website. You must complete opt-out on all devices in order to prevent logging by Universal Analytics on various devices.


    (5) Information according to Art. 13 (2)(e) GDPR

    The use of Google Analytics is stipulated neither by contract nor by law for the provision of data. Neither is this data necessary for the conclusion of a contract. You are not required to provide this data. A failure to provide this data will have no repercussions whatsoever.

    d) Using our contact form, email, telephone or fax merely to make contact

    We allow you to make contact with us via the contact form on our website, or by email, telephone and fax. We will process your data as follows if you do so:

    (1) Description and scope of data processing

    If you wish to make contact with us without seeking to conclude a contract, please use our contact form on the website, or do so by email, telephone or fax. When a user makes contact with us by means of the contact form, the data entered in the input screen is transferred to us and stored. This refers to the following data: email address, possibly your salutation, first name and surname, telephone number and your enquiry. The following data is also stored when you send us your message:

  • the IP address of the user;
  • the data and time of registration.

  • You may also make contact us via the email address, telephone or fax numbers provided. If you do so, your personal data associated with your email address, telephone or fax numbers will be stored. This data will not be passed on to third parties. The data will be used exclusively for processing the correspondence or conversation.

    (2) Legal grounds for data processing

    The legal grounds for processing the data provided via the contact form, or for processing the data transferred during communication by email, telephone or fax, are set out in Art. 6 paragraph 1 point (f) GDPR.

    (3) Purpose of data processing

    The personal data you provide in the contact form, in emails, in telephone conversations or by fax is used by us exclusively to process your enquiry. This represents our legitimate interest in data storage according to Art. 6 paragraph 1 point (f) GDPR, as we are unable to communicate with you if we do not store the data. Any other personal data that is processed when you send us the contact form is used to prevent abuse of the contact form and to protect the security of our information technology systems.

    (4) Duration of storage

    The data is erased as soon as the purpose of its storage no longer applies. This applies to the personal data in the input screen of the contact form and to the data transmitted to us by email, telephone or fax, once the respective conversation or correspondence with the user is complete. A conversation or correspondence is deemed complete when the circumstances indicate that the matter at hand has been clarified definitively. Any additional personal data collected during the sending process will be deleted after seven days at the latest. This period begins when the conversation or correspondence has ended.

    (5) Information according to Art. 13 (2)(e) GDPR

    The provision of data is stipulated neither by law nor by contract if you use the contact form or email merely to make contact with us. Neither is this data necessary for the conclusion of a contract. You are not required to provide this data. We are unable to make contact with you and answer your questions if you object to the provision of this data.
    e) Mere registration in our web shop

    You have the option of registering on our website. The following applies if you merely register, without the intention to conclude a contract:

    (1) Description and scope of data processing

    We allow users to register a customer account on our website, for which they must provide personal data. Data is entered in the input screen, transferred to us and stored. This data is not disclosed to third parties. The following data is collected during the registration process:

    Salutation, first name and surname, address, delivery address, telephone number, email address and method of payment (cash on delivery, on account, credit card, PayPal) and password.

    The following data is also stored at the time of registration:

  • the IP address of the user;
  • the data and time of registration.

  • During the registration process, the user will be asked to grant consent for the processing of this data. This data will not be passed on to third parties. The data will be used exclusively for creating a customer account.

    (2) Legal grounds for data processing

    The legal grounds for processing the data where the user has provided consent are set out in Art. 6 paragraph 1 point (a) GDPR. However, this applies only to registration without the intention to conclude a contract.

    (3) Purpose of data processing

    Users must register on our website to access certain content and services. By registering, you will have access to our shopping basket function and will be able to place items in your shopping basket. This will allow you to compile individual products that interest you. The shopping basket is individual, so user identification is necessary.

    (4) Duration of storage

    The data is erased as soon as the purpose of its storage no longer applies. This applies to the data collected during the registration process insofar as the registration on our Internet page is cancelled or altered.

    (5) Information according to Art. 13 (2)(e) GDPR

    As a user, you are entitled at any time to close your account. You may alter the data stored about you at any time. To do this, you can use the delete button in your customer account and/or alter the information in your customer account. The provision of your data is neither stipulated by law nor by contract if you are registering merely to use a customer account, without the intention of concluding a contract. Neither is this data necessary for the conclusion of a contract. You are not required to provide this data. If you object to the provision of data, you will not be able to register and create a customer account.

    e) Orders/contractual conclusions by telephone, fax, email, contact form and on our web shop, or other pre-contractual measures

    You may place orders for products and enquiries for the purpose of concluding a contract by telephone, fax, email, by contact form or on our web shop. The following applies in this regard:

    (1) Description and scope of data processing

    Where orders of products and pre-contractual enquiries with the intention of concluding a contract are submitted to us by telephone, fax, email or via the contact form, we shall require the following data from you:

    Salutation, first name and surname, address, delivery address, telephone number, email address and method of payment (cash on delivery, on account, credit card, PayPal).

    It is first necessary to register on our website and create a customer account if you wish to place orders of products via our web shop or register with the intention of concluding a contract with us. We require the following data from you:

    Salutation, first name and surname, address, delivery address, telephone number, email address and method of payment (cash on delivery, on account, credit card, PayPal) and password.

    The following data is also stored when you register with our web shop:

  • the IP address of the user;
  • the data and time of registration.

  • We are unable to accept any orders without this data.

    In the event of a contract being concluded, the data processed by us will be forwarded to logistics service providers in the form of title, first and last name, address, delivery address in order to send the goods to you. Moreover, if you have selected payment by PayPal, we will redirect you to the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A.; we will redirect you to the payment service provider Computop GmbH if you select payment by credit card.

    W&W Cycles AG will also pass on the personal data of customers to the following categories of recipient, insofar as this is necessary for the fulfilment of your order: assignees, payment service providers (especially our banks and banking institutions), logistics providers, third-party debtors, residents' registration officers, courts, bailiffs, solicitors, credit agencies.

    (2) Legal grounds for data processing

    The legal grounds for the processing of data in the order of products and pre-contractual enquiries with the intention to conclude a contract are set out in Art. 6 paragraph 1 point (b) GDPR.

    (3) Purpose of data processing

    Processing as described above is necessary for the performance of a contract with the user or for the completion of pre-contractual measures. We are unable to conclude a contract with you in the absence of this data.

    (4) Duration of storage

    The data is erased as soon as the purpose of its storage no longer applies. This applies to the duration of contractual performance. Following payment of receivables for the order of products, we check after 2 years, counting from the end of the year in which the order was placed, whether we still require your data and whether erasure would be precluded by statutory retention periods, in particular according to Section 257 German Commercial Code (HGB) and Section 147 German Fiscal Code (AO). Where registration was made and orders were placed via the customer account on our web shop, the data collected during the registration process will be stored even after the fulfilment of the order process and the retention period, until such time as the registration on our website has been cancelled or altered.

    (5) Information according to Art. 13 (2)(e) GDPR

    According to Section 2 (2) of our Terms and Conditions, you are obliged to provide the data listed in this section. The data is necessary for the conclusion of the contract and for the completion of the pre-contractual measures, especially for the submission of a valid offer to us. If you do not provide the data, we will be unable to conclude a contract for the products, i.e. you will be unable to submit an a valid offer to us. Section 5 (e)(5) of this notice shall otherwise apply.

    6. Rights of the data subject

    In the following we will inform you of your rights according to Art. 13 (2)(b-d), 14 (2)(c-e) GDPR. Where your personal data is processed, you are the data subject in the meaning of the GDPR, and you therefore have the following rights in regard to the controller:

    a) Right of access, Art. 15 GDPR

    You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed. Where that is the case, you are entitled to demand access from the controller to the following information:

    (1) the purposes of the processing of personal data;
    (2) the categories of personal data that is processed;
    (3) the recipients or categories of recipient to whom the personal data has been or will be disclosed;
    (4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    (5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    (6) the right to lodge a complaint with a supervisory authority;
    (7) where the personal data are not collected from the data subject, any available information as to their source;
    (8) the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

    You are also entitled to demand access to information whether your personal data is transferred to recipients in third countries or to an international organisation. In this regard, you may insist on instruction of the appropriate safeguards according to Art. 46 GDPR in regard to the transfer of your personal data.

    b) Right to rectification, Art. 16, 19 GDPR

    You have the right to obtain from the controller rectification and/or completion insofar as the processed personal data concerning you is inaccurate or incomplete. The controller must rectify the data without undue delay.

    c) Right to restriction in processing, Art. 18, 19 GDPR

    You have the right to obtain from the controller restriction of processing your personal data where the following applies:

    (1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
    (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead;
    (3) the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
    (4) you have objected to processing pursuant to Article 21 paragraph 1 GDPR and it is not yet ascertained whether the legitimate grounds of the controller override your own.

    Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

    Where restriction of processing has been enforced for the reasons set out above, you will be informed by the controller before the restriction of processing is lifted.

    d) Right to erasure, Art. 17, 19 GDPR

    aa) Obligation to erase

    You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

    (1) The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
    (2) You withdraw consent on which the processing is based according to point (a) of Article 6 paragraph 1 or of point (a) of Article 9 paragraph 2 GDPR, and where there is no other legal ground for the processing.
    (3) You object to the processing pursuant to Article 21 paragraph 1 and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR.
    (4) The personal data concerning you was unlawfully processed.
    (5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
    (6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 paragraph 1 GDPR.

    bb) Information to third parties

    Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 1 paragraph 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

    cc) Exemptions

    The right to erasure shall not apply to the extent that processing is necessary:

    (1) for exercising the right of freedom of expression and information;
    (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    (3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 paragraph 2 as well as Article 9 paragraph 3 GDPR;
    (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 paragraph 1 GDPR insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    (5) for the establishment, exercise or defence of legal claims.

    Right to instruction

    Where you have enforced the right to rectification, erasure or restriction of processing toward the controller, the controller shall be obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or the restriction of processing, except where compliance proves impossible or would be associated with an unreasonable expense.

    You have the right to instruction by the controller as to the names of these recipients.

    e) Right to data portability, Art. 20 GDPR

    You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where:

    (1) the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 GDPR or point (a) of Article 9 paragraph 2 GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 GDPR; and
    (2) the processing is carried out by automated means.

    In exercising your right to data portability, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of other persons.

    The right to data portability shall not apply to the processing of personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    f) Right to object, Art. 21 GDPR

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 paragraph 1 GDPR, including profiling based on those provisions.

    The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

    Where personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

    Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

    In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

    g) Right to revoke your declaration of consent under data protection laws, Art. 7 (3) GDPR

    You are entitled at any time to revoke your declaration of consent under data protection laws according to Art. 6 (1)(a) or Art. 9 (2)(a) GDPR. Revoking your declaration of consent is without prejudice to the lawfulness of processing conducted until your revocation of consent.

    h) Automated individual decision-making, including profiling, Art. 22 GDPR

    You have right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you in a significant way. This does not apply if the decision:

    (1) is necessary for entering into, or performance of, a contract between you and a data controller;
    (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
    (3) is based on your explicit consent.

    Decisions of this kind must not be based on special categories of personal data referred to in Article 9 paragraph 1 GDPR, unless point (a) or (g) of Article 9 paragraph 2 GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

    In the cases referred to in paragraphs (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

    i) Right to lodge a complaint with a supervisory authority

    Without prejudice to any other administrative or judicial remedy, you have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

    The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

    7. Information according to Art. 13 (2)(f), 14 (2)(g) GDPR

    When you order products from us and wish to make payment by credit card, we apply an automated decision-making process to check that your credit card is valid. The order process cannot continue if it is not valid. This check is necessary according to Art. 22 paragraph 2 point (a) GDPR for the conclusion and performance of a contract between us. Therefore, Art. 22 paragraphs 1 or 4 GDPR do not apply in this case.
    up ↑