Data protection declaration

zetVisions takes the protection of individual privacy seriously and would like to emphasize its commitment to its protection with this privacy statement.

General information

This Privacy Policy applies to personal data that you provide to us or from which personal data is derived as described below.

The responsible body is zetVisions GmbH, Mittermaierstraße 31, 69115 Heidelberg, Germany, phone: +49 6221-33938-0, e-mail: info@zetvisions.com, website: www.zetvisions.de. The data protection officer of zetVisions is Werner Willeke, address as above; e-mail: privacy@zetvisions.com

Automatic data processing on this website

When you visit our website, information that your browser transmits to us is automatically stored in our "server log files". These are

• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• Host name of the accessing computer (IP address)
• Date and time of the server request
• Name and URL of the retrieved data
• Amount of data transferred
• Message as to whether the request was successful (HTTP status code)

This data cannot be technically assigned to specific persons. This data is not merged with other data sources (e.g. any registration data); the data is also deleted by us after a statistical evaluation and is not stored as a single data record.

Contact us

When you contact us (e.g. via contact form, e-mail, telephone, fax), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. We cannot process your request without this mandatory information. All other information is voluntary.

1. Purpose of processing: Answering your request
2. Legal basis: Art. 6 para. 1 lit. b GDPR for pre- or contractual matters. Art. 6 para. 1 lit. a GDPR for your voluntary information. Art. 6 para. 1 lit. f GDPR for all other inquiries and the use of our technical service providers.
3. Legitimate interests: The processing using the service providers is based on our overriding legitimate interest in responding to your request securely, promptly and professionally.
4. Storage period: Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary. In the case of pre-contractual and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer a legal reason for storage, the data will be deleted.

Services requiring registration (newsletter, contact form, information material)

If you wish to use the personalized offers and services offered on the website, we may require further information from you in order to provide these services. This includes, in particular, your name, your (valid) e-mail address and other information (address, telephone number, etc.) that allows us, for example, to verify that you are the owner of the e-mail address provided or that the owner agrees to receive the relevant services in order to be able to provide the services you require. It is necessary to enter a valid e-mail address so that we can prevent abusive registrations, for example for newsletters. The aforementioned data is so-called personal data, i.e. data that can be used to determine your identity. In principle, however, you can use our access-free website as such without having to disclose all or part of your identity. Furthermore, as part of the registration/login process, you can voluntarily provide us with additional data beyond that required for the provision of services (e.g. industry, professional group, etc.), for example in the relevant form fields. This data is used by us to tailor our offers to your needs, for product information for advertising and also for customer care. The data may be passed on to external service providers for the purposes described in the privacy policy. Your personal data may be transferred to countries outside the EEA. In this case, this may include countries where the level of data protection is comparable to the level of data protection within the EEA or where the level of data protection is equivalent to that of the European Union due to regulations.

1. Double opt-in procedure: Registration for our newsletter is always carried out using a so-called double opt-in procedure. After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to check the accuracy of your e-mail address. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.
2. Purpose of processing: Direct marketing, customer communication Legal basis: When subscribing to our newsletter, the subscriber gives their consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
3. Right of revocation/opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent, by informing us by e-mail (see above under Responsible person) or by clicking on the link that can be found at the end of each newsletter. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
4. Obligation to provide: We need at least your valid e-mail address to send you the newsletter. Otherwise it will not be possible to send you the newsletter.
5. Storage period: Your data will be stored until you withdraw your consent. After that, its processing will be restricted and it will be stored for up to three years in order to be able to provide legally compliant proof of consent previously granted. This is done on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the verifiability of data protection compliance.

Disclosure of data to third parties

We will only pass on your personal data to third parties if you have given your express consent. As part of our webinar registration, your data (name, e-mail address and telephone number) will be passed on to the respective partner expressly mentioned on the registration page in order to provide you with information and offers for the webinar. This forwarding takes place on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent at any time. You can find details on revocation and your other rights in our section "Rights of data subjects".

Links to other sites

Our website also contains links to other third-party sites. zetVisions is not responsible for the privacy practices or the content of other websites.

Cookies

1. cookies

The Internet pages use so-called cookies in several places. These serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. We do not store any personal data in connection with cookies.

Essential cookies
These cookies are always activated as they are necessary for the basic functions of the website. They contribute to the safe and proper use of the site.

2. google tag manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States. The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website.

3. google analytics

This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Our website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes direct personal reference. The extension means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's parent company in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

We use Google signals (Google Analytics function). When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

1. Purposes of Processing: Tracking (e.g. profiling based on interests and behavior), Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors). These purposes apply to us as well as to Google and its parent company. As far as we are aware, Google also uses the data collected in this way for its own purposes. In this respect, we refer to Google's privacy policy.
2. Legal basis: For the use of Google Analytics, you may give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you can revoke at any time with effect for the future by deselecting "Marketing" or "Google Analytics" in the cookie settings on our website. For any necessary transmission of the full IP address to the USA, this processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
3. Storage period: We store the anonymized data collected in this way for a maximum period of 14 months. The data is then automatically deleted. With regard to the storage period by Google, we refer to their privacy policy.
4. Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google's privacy policy: https://policies.google.com/privacy
5. Third country transfer: Insofar as non-anonymized data is processed in the USA, we would like to point out that an order processing agreement has been concluded with Google in accordance with Art. 28 GDPR, which guarantees compliance with European data protection law.

4. google reCAPTCHA

Our primary goal is to ensure that our website is as secure and safe as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). With reCAPTCHA, we can determine whether you are really a flesh-and-blood person and not a robot or other spam software.

Spam is any unsolicited information that is sent to us electronically. With the classic CAPTCHAS, you usually had to solve text or picture puzzles for verification. With reCAPTCHA from Google, we don't usually have to bother you with such puzzles. In most cases, all you have to do is tick a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you no longer even have to tick the box. You can find out exactly how this works and, above all, which data is used for this in the course of this privacy policy.

The legal basis for the use is Article 6 (1) f GDPR (lawfulness of processing), because there is a legitimate interest in protecting this website from bots and spam software.

Marketing and remarketing

1. google remarketing

Our website uses the functions of Google Remarketing to advertise this website in Google search results and on third-party websites. The integration of Google Remarketing therefore allows a company to create user-related advertising and consequently to display interest-relevant advertisements to the Internet user. Google places cookies on the user's computer for this purpose. By setting the cookie, Google is able to recognize the visitor to our website when he or she subsequently accesses websites that are also members of the Google advertising network. Each time a website on which the Google Remarketing service has been integrated is accessed, the data subject's internet browser automatically identifies itself to Google.

If you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

Purposes of Processing: Tracking (e.g. profiling based on interests and behavior, use of cookies), Remarketing, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors), Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content), Cross-Device Tracking (Device-independent processing of user data for marketing purposes). These purposes apply to us as well as to Google and its parent company. As far as we are aware, Google also uses the data collected in this way for its own purposes. In this respect, we refer to Google's privacy policy.

Legal basis: For the use of Google Remarketing, you may give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you can revoke at any time with effect for the future.

Storage period: We store the anonymized data collected in this way for a maximum period of 14 months. The data is then automatically deleted. With regard to the storage period by Google, we refer to their privacy policy.

Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy policy of Google: https://policies.google.com/privacy

Terms of use for advertising: https://policies.google.com/technologies/ads?hl=de

Third country transfer: Insofar as non-anonymized data is processed in the USA, we would like to point out that an order processing agreement has been concluded with Google in accordance with Art. 28 GDPR, which guarantees compliance with European data protection law.

2. google ad and conversion tracking

Our website uses the online advertising program "Google Ads" and, as part of Google Ads, Google's conversion tracking. Conversion tracking works by means of a cookie. If a Google Ads ad is clicked, a cookie is set for this. These actions are visible in the Google Ads account.

1. Purposes of Processing: Tracking (e.g. profiling based on interests and behavior, use of cookies), Remarketing, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors), Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content), Cross-Device Tracking (Device-independent processing of user data for marketing purposes). These purposes apply to us as well as to Google and its parent company. As far as we are aware, Google also uses the data collected in this way for its own purposes. In this respect, we refer to Google's privacy policy.
2. Legal basis: For the use of Google Remarketing, you may give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you can revoke at any time with effect for the future.
3. Storage period: We store the anonymized data collected in this way for a maximum period of 14 months. The data is then automatically deleted. With regard to the storage period by Google, we refer to their privacy policy.
4. Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google's privacy policy: https://policies.google.com/privacy Terms of use for advertising: https://policies.google.com/technologies/ads?hl=de
5. Third country transfer: Insofar as non-anonymized data is processed in the USA, we would like to point out that an order processing agreement has been concluded with Google in accordance with Art. 28 GDPR, which guarantees compliance with European data protection law.

3. hubspot

Our website uses the services of HubSpot, a software-based marketing service provided by HubSpot Ireland Ltd. HubSpot aims to generate initial contacts. These are visitors to the zetVisions websites, blogs or landing pages. Calls-to-action are used to record personalized data in the HubSpot CRM, which is then used for marketing purposes, e.g. as part of email marketing and social media marketing.

This involves the use of so-called "web beacons" and "cookies", which are stored on your computer and enable us to analyze your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on behalf of zetVisions in order to generate reports on the visit and the zetVisions pages visited.

If the zetVisions newsletter is subscribed to and studies and other documents are obtained, we can also use HubSpot to link a user's visits to zetVisions websites with personal details (in particular name/email address) on the basis of consent given, thus recording personal data and informing users individually and in a targeted manner about preferred topics.

1. Data recipient: HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, parent company: HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, https://www.hubspot.de/
2. Privacy policy of HubSpot: https://legal.hubspot.com/de/datenschutz
3. Legal basis and legitimate interests: The data transfer is based on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in the security and stability of a professional customer management system.
4. Third country transfer: Insofar as non-anonymized data is processed in the USA, we would like to point out that HubSpot Inc. has entered into an order processing agreement with Hubspot Inc. in accordance with Art. 28 GDPR, which guarantees compliance with European data protection law.
5. Storage period: With regard to the storage period at HubSpot, we refer to their privacy policy.

4. salesforce sales cloud

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter "Salesforce").

1. Purpose of processing: Salesforce Sales Cloud is a CRM system and enables us, among other things, to manage existing and potential customers and customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer-related processes. Customer data is stored on Salesforce servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. Details on the functions of Salesforce Sales Cloud can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/
2. Data recipient: salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany, parent company: salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA, https://www.salesforce.com/de
3. Privacy policy of salesforce.com Germany GmbH: https://www.salesforce.com/de/company/privacy/full_privacy/
4. Legal basis and legitimate interests: Data is passed on on the basis of our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) in the security and stability of a professional customer administration system. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
5. Third-country transfer: We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding corporate rules that legitimize internal data transfers to third countries outside the EU and EEA. You can find details here: https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html
6. Storage period: With regard to the storage period at Salesforce, we refer to their privacy policy.

5th LinkedIn Insight Tag

Our website uses the services of LinkedIn, a software-based marketing service provided by LinkedIn Ireland Unlimited Company ("LinkedIn"). The LinkedIn Insight tag is a JavaScript that allows us to use LinkedIn functions such as website target groups, conversion tracking and demographics. The Insight tag is part of the website. It collects data such as URL, IP address and user agent for your page visit.

1. Data recipient: LinkedIn Ireland Unlimited Company, Wilton Place Dublin 2, Ireland ("LinkedIn")
2. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy
3. Legal basis: For the use of LinkedIn, you may give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you can revoke at any time with effect for the future by deselecting cookies in the cookie settings on our website.
4. Data processing agreement with LinkedIn: https://de.linkedin.com/legal/l/dpa
5. Third country transfer: Insofar as non-anonymized data is processed by the parent company in the USA, we would like to point out that an order processing agreement has been concluded with LinkedIn Corp. in accordance with Art. 28 GDPR, which guarantees compliance with European data protection law.

Social Media

Within the company, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Data may also be transferred to external service providers that we use as part of order processing relationships. Our website uses social plugins from various social networks. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but only by using an HTML link. This type of integration ensures that no connection is established with the servers of the respective social network when a page of our website containing such buttons is accessed. When you click on the button, a new browser window opens and calls up the page of the social network. If necessary, after entering your login data, you can then perform the function provided (e.g. "like" or "share"). By clicking on the respective plugin, you give us your personal consent to the transfer of data to the respective social network. In particular, your IP address will be transmitted to the respective social network. The legal basis for this is Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent at any time. Data processing remains lawful until you withdraw your consent. The revocation only applies to the future.

• LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy
• Privacy policy of Facebook: https://www.facebook.com/policy.php
• Privacy policy of Twitter: https://twitter.com/de/privacy
• Privacy policy of YouTube: https://policies.google.com/privacy?hl=de&gl=de
• Privacy policy of Instagram: https://help.instagram.com/519522125107875
• Privacy policy of Xing: https://privacy.xing.com/de/datenschutzerklaerung

Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any other legal basis are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator.

Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.

Existence of automated decision-making

Automated decision-making does not take place.

Rights of the data subject

1. right to information

Any person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to obtain from the controller free information at any time about the personal data stored about him or her and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

• the purposes of processing
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data is not collected from the data subject: All available information about the origin of the data
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

2. right to rectification

Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

3. right to erasure (right to be forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
• The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
• The personal data was processed unlawfully.
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the personal data has been made public by zetVisions and if our company is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, zetVisions shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for data processing who process the published personal data, that the person concerned has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other persons responsible for data processing, insofar as the processing is not necessary.

4. right to restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
• The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

5. data portability

Any person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

6. right to object

Any person affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

The zetVisions shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If zetVisions processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to zetVisions to the processing for direct marketing purposes, zetVisions will no longer process the personal data for these purposes.

7. automated decisions in individual cases including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.

8. right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to withdraw consent to the processing of personal data at any time.

If you wish to assert one of the rights described as a data subject, please contact the controller or its data protection officer. You will find the contact details at the top of this page.