DATA PROTECTION STATEMENT IN ACCORDANCE WITH
REQUIREMENTS OF THE GENERAL DATA PROTECTION REFULATION (GDPR)

I.NAME AND ADDRESS OF THE RESPONSIBLE PARTY

 

The party responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

 

Fischbach KG Engelskirchen
Büchlerhausen 18
51766 Engelskirchen
Deutschland
Telefon: +49 (0) 2263 6090
Telefax: +49 (0) 2263 60358
E-Mail: info@fischbach-fi.com

Represented by the managing directors: Werner Brüning, Thomas Langensiepen

 

II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

 

The data protection officer of the responsible party is contactable at datenschutz@fischbach-fi.com oder unter:

 

Fischbach KG Engelskirchen
Datenschutz
Büchlerhausen 18
51766 Engelskirchen

 

III. GENERAL DATA PROCESSING

 

1. Extent of processing of personal data

In principle, we only collect and use personal data of our users to the extent that this is to provide a functioning website and our content and services, which includes, in particular, the supply of cartridge filling machines, sealant guns and cartridges.

 

2. Legal basis for the processing of personal data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations.
In the processing of personal data necessary for the performance of a contract to which the person affected is a party, Art. 6 para. 1 lit. b GDPR serves as a legal basis. This also applies to processing operations required to carry out pre-contractual measures. The services as a company are based on a contract. In particular, the processing serves the provision of services in the context of the sale of goods and other additional products chosen by you, according to your orders and wishes and include the necessary goods, services, measures and activities. This essentially includes contract-related communication, the verifiability of transactions, orders and other agreements as well as quality control through appropriate documentation and goodwill procedures, measures for the control and optimization of business processes as well as for the fulfillment of general due diligence, management and control by affiliated companies (e.g. parent company); Statistical evaluations for corporate management, cost accounting and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of company services, risk management, asserting legal claims and defense in legal disputes; ensuring IT security (including system and plausibility checks) and general security, including e.g. building and plant safety, ensuring and exercising domiciliary rights (e.g. by access control); ensuring the integrity, authenticity and availability of data, preventing and investigating crime; control by supervisory bodies or supervisory bodies (e.g. auditing).

Insofar as we obtain the consent of the person affected for processing of personal data, Art. 6 para. 1 lit. a of GDPR serves as a legal basis. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c of GDPR serves as legal basis. The legal basis applies to legal requirements, regulatory or other official requirements as well as other statutory reporting procedures (e.g. to the tax office, social insurance). Processing may include identity and age checks, prevention of fraud and money laundering, prevention, combating and resolution of terrorist financing and offenses involving assets, comparisons with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes as well as examination by tax and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for the purposes of gathering evidence, prosecuting or enforcing civil claims.

In the event that vital interests of the person affected or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest and the fundamental rights and freedoms of the person affected do not outweigh the former interest, Art. 6 para. 1 lit. GDPR serves as legal basis for processing. Possible purposes are: advertising or market and opinion research, as long as you have not objected to the use of your data; the collection of information and data exchange with credit agencies, insofar as this goes beyond our economic risk; the examination and optimization of requirements analysis procedures; the further development of services and products as well as existing systems and processes; the disclosure of personal data in a due diligence process in company sales negotiations; to enrich our data, e.g. by using or researching publicly available data; for statistical analysis or for market analysis; for benchmarking; the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship; the limited storage of the data, if deletion is not possible or only with disproportionate effort because of the special nature of the storage; the development of scoring systems or automated decision-making processes; the building and plant safety (e.g. through access control and video surveillance), insofar as this goes beyond the general duties of due diligence; internal and external investigations, security checks; the possibility of listening to or recording phone calls for quality control and training purposes; the preservation and maintenance of certifications of a private or regulatory nature; the safeguarding and execution of the domiciliary right by appropriate measures as well as by video surveillance for the protection of our customers and coworkers as well as to secure evidence of crime and its prevention

 

3. Data erasure and storage duration

The personal data of the person affected will be deleted or locked as soon as there is no longer a purpose for the storage. In addition, it may be stored if required by European or national legislators in EU regulations, laws or regulations to which the controller is subject. Locking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a conclusion of contract or a fulfillment of the contract.

 

IV. DEPLOYING THE WEBSITE AND CREATING LOGFILES

 

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the invoking computer.

The following data is collected:

• Information about the browser type and the version used (eg Mozilla Firefox, Google Chrome or Microsoft Internet Explorer, Apple Safari, Opera etc.)

• The operating system of the user

• The user’s Internet service provider

• The IP address of the use

• Date and time of access (so-called “time stamp”)

• Websites accessed by the user’s system through our website

• The page from which the file was requested (so-called referrer URL)

• The name of the file

• The transferred data volumes

• The access status (file transfer, file not found etc.)

• Username (if logged in to webpage)

• HTTP status code request

• HTTP status code response

• Size of the response in bytes

The data is also stored in the log files of our system. There is no storage of this data together with other personal data of the user. There is no transfer of this data to third parties, for commercial or non-commercial purposes.

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR

 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be retained for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data is as per Art. 6 para. 1 lit. f GDPR.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to resolve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed. In the case of the collection of personal data for a contractual relationship or for a pre-contractual measure, the necessity ends with the period required for the contractual relationship.

Deletion of the log files takes place automatically after 3 months.

 

5. Opposition and removal possibility

The collection of the data for the provisioning of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

V. USE OF COOKIES

 

1. Description and scope of data processing

Our website uses cookies. Cookies are small text files that are stored in the web browser on the computer system of the user. When a user visits a website, a cookie may be stored on the user’s operating system. This data is stored here and kept ready for later retrieval. This cookie contains a unique string that allows the browser to be uniquely identified when the website is reopened.
This website uses the following types of cookies, the scope and operation of which are explained below:

– Transient Cookies (see a)

– Persistent Cookies (see b)

a) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
The data of the users collected in this way are pseudonymized by technical measures. Therefore, an assignment of the data to the invoking user is no longer possible. The data is not stored together with other personal data of the users. You can prevent the storage of cookies using the corresponding setting of your browser software; however, note that in this case you may not be able to use all the functions of this website in full.

 

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

 

3. Purpose of data processing

The cookies are primarily used for the technical provision of the website.

The use of additional analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies we learn how the website is used and this enables us to constantly optimize our service.

Use of Google Analytics: This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.
You can prevent the storage of cookies using the corresponding setting of your browser software; however, note that in this case you may not be able to use all the functions of this website in full.

You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed in a shortened form and cannot be attributed directly to a person.
The use of Google Analytics is in accordance with the conditions that the German data protection authorities agreed with Google. Third-party information:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Terms and Conditions: https://www.google.com/analytics/terms/de.html,
Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html,
as well as the privacy policy: https://www.google.de/intl/de/policies/privacy.

This website also reserves the right to use a cross-device analysis of visitor traffic prior to Google Analytics, using a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.
For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DSGVO. Our justified interest lies in the optimization of our online service and our website..

 

4. Duration of storage, objection and removal options

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies already saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website in full.
Individual information on the storage period and the possibility of objecting and removing the respective cookies: s. V. 1 u. 3.

 

VI. TRANSFERS TO OTHER WEBSITES

 

1. Linking

The online service contains links to other websites (so-called external links). We have no control over the compliance of the operators of other websites with the data protection regulations.
Fischbach KG Engelskirchen is responsible as a provider of its own content under the general laws. From these own contents, “links” to the content provided by other providers are to be distinguished. Fischbach KG Engelskirchen assumes no responsibility for third-party content that is provided via links that are specially marked and does not endorse their content. For illegal, incorrect or incomplete contents as well as for damages, which result from the use or disuse of the information, the provider of the website to which reference was made, is liable. The editorial office is only responsible for third-party information if it has positive knowledge of them, and therefore also of any illegal or punishable content, and if it is technically possible and reasonable to prevent their use.

 

2. Integration of Google Maps

Auf dieser Webseite nutzen wir das Angebot von Google Maps. Dadurch können wir Ihnen interaktive Karten direkt in der Website anzeigen und ermöglichen Ihnen die komfortable Nutzung der Karten-Funktion.

We utilize Google Maps on this website. This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. Data is shared in this context as detailed in section IV, para. 1 of this statement. This is done regardless of whether or not Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before clicking the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these user profiles, which you can do by contacting Google.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy policy of the provider. There you will also find further information about your rights and settings for the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield,https://www.privacyshield.gov/EU-US-Framework.

 

VII. EMAIL CONTACT

 

1. Description and scope of data processing

The contact is possible via the provided email addresses. In this case, the user’s personal data transmitted by email will be stored.

When you contact us by email, the information you provide will be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required or limit the processing if there are statutory retention requirements. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

 

2. Legal basis for data processing

The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 (1) lit. f GDPR. If the email contact is for the purpose of concluding a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

 

3. Purpose of data processing

In the case of contact via email, this also includes the necessary legitimate interest in the processing of the data.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.

 

5. Objection and removal possibility

If the user contacts us by email they may object to the storage of their personal data at any time. In such a case, the storage cannot continue.
The objection of storage is possible by email, post or fax.

 

VIII. SECURE AREA FOR REGISTERED USERS

 

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal information. The data is entered into an input form and transmitted to us and stored. Transfer of data to third parties does not take place. The following data is collected during the registration process:

• surname,

• first name,

• Address,

• email address,

• as part of the registration process, the consent of the user to process this information is obtained.
  

 

 2. Legal basis for data processing

Legal basis for the processing of the data is in the consent of the user according to Art. 6 para. 1 lit. a GDPR.

 

3. Purpose of data processing

Registration of the user is a voluntary process that Fischbach KG Engelskirchen offers to selected customers.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This is the case for the data collected during the registration process when the registration on our website is canceled or modified.

 

5. Opposition and removal possibility

As a user, you have the option of canceling the registration at any time. The data stored about you can be changed at any time.

 

IX. CAREER PORTAL

 

1. Description and scope of data processing

On our website, we offer users the opportunity to submit their personal data. The data is entered into an input form and transmitted to us and stored. In addition, applicant data can be uploaded. Transfer of data to third parties does not take place. The following data is collected during the registration process:

• surname,

• first name,

• additional names,

• address,

• email address,

• (Mobil) phone number,

• other information about your career (e.g. resume, qualifications and qualifications, professional experience) and yourself (for example cover letter, personal interests).
  This may include special categories of personal data (for example, information on severe disability). As a rule, your personal data is collected directly during the application process and encrypted during electronic transmission.
  We also process personal information obtained from publicly available sources (e.g. professional networks).
  As part of the application process, the consent of the user to process this data is obtained.

As part of the application process, the consent of the user to process this data is obtained
 

 

2. Legal basis and purpose of data processing

We process your personal data on the basis of the provisions of the GDPR, the BDSG and all other relevant laws (e.g. BetrVG, AGG, etc.).

The data processing serves to initiate an employment relationship. The primary legal basis for this is Art. 6 (1) lit. b GDPR in conjunction with Section 26 (1) of BDSG. In addition, consent can be used as a data protection provision as per Art. 6 para. 1 lit. a, 7 GDPR in conjunction with Section 26 (2) BDSG. If the processing of your data is based on your consent, you have the right at any time to revoke the consent with effect for the future.
In individual cases, we process your data in order to safeguard legitimate interests of the person responsible or of third parties (for example subsidiaries of Fischbach KG). Such a legitimate interest exists in particular if the processing of your data for the investigation of criminal offenses (in accordance with Art. 6 (1) lit. f of the GDPR in conjunction with § 26 (1) Art. 2 BDSG) or for an intra-corporate data exchange for administrative purposes (in accordance with Art. 6 (1) lit. f GDPR). As far as special categories of personal data according to Art. 9 para. 1 of GDPR, this serves in the context of the application process for the exercise of rights or the fulfillment of legal obligations arising from employment law, social security law and social protection (for example informing the representatives of severely handicapped persons § 81 SGB IX). This is done on the basis of Art. 9 para. 2 lit. b GDPR in conjunction with Section 26 (3) BDSG.In addition, the processing of special categories of personal data based on consent is subject to Art. 9 (2) lit. a DPR in conjunction with Section 26 (3) sentence 2, para. 2 BDSG.

 

3. Duration of storage

The data for an application will be stored and processed by us during the current application process. After completing the application process (e.g. in the form of an acceptance or rejection), the application process will be deleted from the system 6 months after the application process has ended.
In the event of an acceptance, we reserve the right to keep your application longer, provided that the entry date is more than 6 months in the future.

 

4. Objection and removal possibility

In the event that we use your personal data with your consent for the purposes of the application, you can object to this use of your data at any time without stating reasons. The data processing is not for justification of the employment relationship, but for the protection of legitimate interests (see IX.2), you can object to this processing for reasons that arise from your particular situation. We will then no longer process your personal data, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing is the assertion, exercise or defense of legal claims. You can withdraw your application at any time to assert your opposition. Alternatively, you can contact the address mentioned in section I.

 

X. RIGHTS OF THE AFFECTED PERSON

 

If personal data about you is processed, according to the GDPR, you are the affected person and you have the following rights towards the responsible party:

 

1. Right to information

You may ask the responsible party to confirm if personal data concerning you is processed by us.If such processing is available, you can request from the party responsible the following information:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for the determination of the retention period;

(5) ) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) ) all available information on the source of the data if the personal data was not collected from the person affected;

(8) the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended impact of such processing on the person affected.
You have the right to request information about whether the personal data relating to you is transferred to a third country or an international organization. In this regard, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

 

2. Right to rectification

You have a right to rectification and / or completion to the responsible party if the personal data processed is incorrect or incomplete. The responsible party must make the correction without delay.

 

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal data for a period of time that enables the responsible party to verify the accuracy of your personal data;

(2) the processing is unlawful and you refuse deletion the personal data and instead demand the restriction of the use of personal data;

(3) the responsible party no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal rights, or

(4) if you objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the responsible party prevail over your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used – with the exception of its storage – with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the limitation of the processing according to the above conditions are restricted, you will be informed by the responsible party before the restriction is lifted.

 

4. Right to deletion

a) Deletion obligations

You may demand the responsible party to delete your personal information without delay, and the responsible party is required to delete that information immediately, if any of the following is true:

(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed

(2) You revoke your consent to the processing as per Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing

(3) You object to processing in accordance with Art. 21 (1) of the GDPR and there are no prior justifiable grounds for processing, or you submit an objection in accordance with Art. 21 (2) GDPR

(4) Your personal data has been processed unlawfully.

(5) The deletion of personal data concerning you is required to fulfill a legal obligation under union law or the law of the Member States to which the responsible party is subject.

(6) The personal data relating to you was collected in relation to information society services offered pursuant to Art. 8 (1) of GDPR.
Information to third parties
If the responsible party has made the personal data relating to you public and is obliged to delete it in accordance with. Art. 17 (1) of GDPR, taking due account of available technology and implementation costs, also of a technical nature, to inform the responsible party processing the personal data that you, as the person affected, have requested that you delete all links to such personal data or copies or replicas of such personal data.

Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information

(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the responsible party is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 (1) of GDPR, in so far as the law referred to in para. (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or

(5) to assert, exercise or defend legal claims.

 

5. Right to information

If you have asserted the right of rectification, deletion or limitation of the processing to the responsible party, they are obliged to disclose details of all the recipients to whom the personal data relating to you, or its rectification, deletion or limitation, has been shared with, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.

 

6. Right to data portability

You have the right to receive personally identifiable information you provide to the responsible party in a structured, common and machine-readable format. You also have the right to transfer this data to another responsible party without hindrance through the responsible party providing the personal data, provided that

(1)) the processing has consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or is based on a contract pursuant to Art. 6 para. 1 lit. b GDPR

(2) ) the processing is carried out using automated methods.
In exercising this right, you also have the right to obtain the personal data relating to you which is transmitted directly from one responsible party to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible party.

 

7. Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, pursuant to Art. 6 para. (1) e or f GDPR; this also applies to profiling based on these provisions.

The responsible party will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, to exercise your right to opt-out by means of automated procedures in which these technical specifications are utilized.

 

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

 

9. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, your workplace or the place of the alleged infringement, if you believe that the processing of your personal data is in breach of the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR