Privacy Notice 

(Last updated: 26.01.2026) 

This privacy notice provides information, pursuant to Article 13 of the General Data Protection Regulation (GDPR), on the processing of personal data in connection with the use of the website www.getivy.io (hereinafter "Website") by Ivy GmbH as the controller. Ivy GmbH processes personal data strictly to the extent necessary for the provision, security, and operation of the Website and its services, adhering to the principle of data minimization. "Personal data" within the meaning of Article 4(1) GDPR refers to any information relating to an identified or identifiable natural person (data subject), such as name, address, telephone number, date of birth, email address, or IP address. Information that cannot be linked to a specific individual, for example as a result of anonymization, is not considered personal data. 

1. Controller 

The controller for the processing of personal data on the website within the meaning of the General Data Protection Regulation (GDPR) is: 

Ivy GmbH 

Rosenthaler Str. 13 

10119 Berlin, Germany 

hello@getivy.de 

For data protection inquiries please contact privacy@getivy.de. 

If you wish to exercise your rights as a data subject in a confidential manner, please contact our Data Protection Officer at dsb@kertos.io 

2. Data Protection Officer 

The following person has been appointed as Data Protection Officer: 

Kertos GmbH 

Brienner Straße 41 

80333 Munich 

Germany 

Email: dsb@kertos.io 

3. Data Processing on Our Website 

3.1. Provision of the Website 

Purpose of processing: 

We process your data to: 

• ensure the reliable operation of the website

• provide user-friendly access to our website 

• and maintain IT security 

Recipients: Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA (Provision and operation of a web-based platform) 

Data processed: 

• IP address of the requesting device 

• Method (e.g., GET, POST), date and time of the request 

• Address of the accessed website and path of the requested file 

• if applicable, previously accessed or requested website/file (HTTP referer)

• Information regarding the browser and operating system used 

• Version of the HTTP protocol, HTTP status code, size of the delivered file

• Request information such as language, content type, content encoding, character encodings 

Legal basis: Article 6(1)(f) GDPR. The processing of the specified data is necessary to provide the website and to ensure secure and user-friendly operation. 

Retention period: The collected data will be deleted as soon as it is no longer required for the operation of the website, but no later than 30 days, unless a statutory retention obligation applies. 

Further information: https://webflow.com/legal/eu-privacy-policy 

3.2. Google Fonts 

Purpose: Display of website content and fonts. 

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Data processed: 

• Access data (e.g., IP address, error timestamp) 

• Device information (e.g., device type, operating system) 

• Browser data (e.g., browser type, version) 

• Location data (e.g., country based on IP address) 

Lawful basis: Legitimate interest pursuant to Article 6(1)(f) GDPR in ensuring a technically secure, consistent, and attractive presentation of content and fonts. 

Retention period: The data are deleted as soon as the purpose of display has been achieved. 

International data transfer: Data may be transferred to servers in the United States. Google is certified under the EU-U.S. Data Privacy Framework, so transfers may be based on Article 45 GDPR. In addition, Standard Contractual Clauses (SCCs) are in place with Google. 

Further information: https://policies.google.com/privacy. 

3.3. Newsletter 

Purpose: Sending email newsletters to inform about products, services, and company activities.

Recipients: HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA, SendGrid by Twilio, Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA 

Data processed: 

• Contact data (e.g., email address, name) 

• Technical data (e.g., time of access, IP address) 

• Usage data (e.g., open rates, click behavior) 

Lawful basis: Consent pursuant to Article 6(1)(a) GDPR 

Retention period: Data will be stored for as long as you are subscribed to the newsletter. After you unsubscribe, your data will be deleted unless statutory retention obligations require otherwise. 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR). 

Further information: You may unsubscribe from the newsletter at any time by clicking the unsubscribe link provided at the end of each newsletter. https://legal.hubspot.com/de/privacy-policy, https://www.twilio.com/legal/privacy 

3.4. Live-Chat 

Purpose: Provision of a live chat system for direct customer communication and support Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA Data processed: 

• Contact information (e.g., name, email address) 

• Chat content (e.g., messages, inquiries) 

• Technical data (e.g., IP address, browser type) 

• Usage data (e.g., time and duration of the chat) 

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR for the use of the live chat, legitimate interest pursuant to Art. 6(1)(f) GDPR for processing to improve our customer service and optimize our services. Please note that you can end the live chat at any time and withdraw your consent to data processing. The lawfulness of the processing carried out prior to withdrawal remains unaffected. 

Retention period: Chat logs and related data are stored for 90 days. Contact information may be retained in the CRM system for a longer period in accordance with statutory retention periods and business requirements. 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR). 

Further information: https://legal.hubspot.com/de/privacy-policy 

3.5. Applications 

Purpose: Selection of candidates for the potential establishment of an employment relationship. Recipients: Ashby, Inc., 548 Market St, PMP 397006, San Francisco, CA 94104, USA Data processed:

• Name 

• Email address 

• Telephone number 

• Curriculum vitae (CV) 

• Cover letter 

• Other application documents provided by you 

• IP address 

• Browser type and version 

• Operating system 

• Date and time of access 

Legal basis: Article 6(1)(b) GDPR (performance of pre-contractual measures) and Section 26(1) BDSG; Article 6(1)(f) GDPR, where we have a legitimate interest in the efficient conduct of the application process. 

Retention period: We store your personal data until the conclusion of the application process. In the event of a rejection, your data will be retained for up to six months following notification of the decision. In the case of legal disputes, retention may be extended until final resolution. If you are hired, your application documents will be stored in your personnel file for the duration of your employment relationship. You may withdraw your application or object to the processing at any time; in this case, your data will be deleted and your application will no longer be considered. 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR). 

Further information: https://www.ashbyhq.com/resources/privacy 

3.6. Analytics and Tracking 

Cookies are small text files stored by your browser on your device. Cookies do not execute programs or install malware. Comparable technologies include web storage (local/session storage), fingerprinting, tags, and pixels. Most browsers accept these technologies by default; however, you can adjust your settings to block their use or to require consent. Please note that blocking cookies or similar technologies may restrict certain functionalities of the website. 

Purpose: We use tracking and analytics tools to continually optimize our website and adapt it to your needs. For this purpose, information is collected using these technologies or device information is combined (device fingerprinting). 

Legal basis: Technically necessary tools required for the operation of the website are used on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR, or for the performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR. The storage of or access to information on your device is strictly necessary in these cases and is based on Section 25(2) TDDDG. Optional tools are used exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Below, we outline the tracking and analytics tools used, their respective purposes, and the data processed.

Google Analytics 4 

Purpose: Web analytics 

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Data processed: 

• Device data (e.g., IP address, device type, screen resolution); 

• Browser data (e.g., browser used, language, installed plug-ins such as ad blockers);

• User data (e.g., pages accessed, dwell time per page, click paths, scroll depth, entry and exit pages); 

• Event data (e.g., clicks on buttons/links, forms submitted); 

• Location data (e.g., country, city); 

• Source and traffic data (e.g., referrer URL, source of access such as search engine);

• Conversion and goal attainment data (e.g., newsletter sign-ups, goals achieved on the website) 

Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

International data transfer: For data transfers to the USA, there is an adequacy decision by the European Commission, the EU-U.S. Data Privacy Framework. Google is certified under this framework, so such transfers are based on Article 45 GDPR. In addition, Standard Contractual Clauses (SCCs) have been concluded with Google. 

Further information: https://policies.google.com/privacy. 

Google Marketing Platform

Purpose: Conducting online advertising, analyzing user behavior, and optimizing marketing campaigns 

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Data processed: 

• Usage data (e.g., pages visited, click behavior) 

• Device information (e.g., device type, screen resolution) 

• IP address (truncated) 

• Location data (e.g., derived location based on IP address) 

• Demographic characteristics (e.g., age group, gender, if available) 

• Interest categories (e.g., derived interests based on browsing behavior)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

Retention period: Depending on the specific service within the Google Marketing Platform, the retention period varies. Typically, data is stored for 14 to 26 months. 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) 

Further information: https://policies.google.com/privacy; https://support.google.com/marketingplatform/answer/9047313 

Google Tag Manager 

Purpose: Management and deployment of website tags via a unified interface 

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Data processed: 

• Access data (e.g., time of page visit, referrer URL) 

• Device data (e.g., IP address, device type) 

• Browser data (e.g., browser used, language settings) 

• Event data (e.g., tag triggers, interactions with integrated scripts) 

• Location data (e.g., country, city – based on IP address) 

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG Retention period: Cookies are stored for up to 90 days. 

International data transfer: Data is transferred to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs). 

Further information: https://policies.google.com/privacy 

Google AdSense 

Purpose: Display of personalized advertising and measurement of advertising effectiveness 

Recipient: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 

Data processed:

• Technical information (e.g., IP address, browser type) 

• Usage behavior (e.g., page views, ad clicks) 

• Device information (e.g., screen resolution, operating system) 

• Location data (e.g., city, country) 

• Interest profiles (e.g., interests derived from browsing history) 

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG Retention period: Data is stored for a maximum of 18 months 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) 

Further information: https://policies.google.com/technologies/ads?hl=en 

HubSpot Analytics 

Purpose: Monitoring of the website as well as supporting and optimizing digital marketing activities. 

Recipient: HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA 

Data processed: 

• Identification data (e.g., unique user token, user ID in the "hubspotutk" cookie)

• Access data (e.g., date and time of visit, website domain) 

• Session data (e.g., number of sessions, duration of individual visits) 

• Device data (e.g., device type, operating system) 

• Browser data (e.g., browser used, language settings) 

Usage data (e.g., pages viewed, recurring visits) 

Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

Retention period: Cookies are stored for up to 150 days. 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) 

Further information: https://legal.hubspot.com/privacy-policy 

LinkedIn Insight Tag 

Purpose: Analysis and optimization of our LinkedIn company page as well as improvement of our social media strategy 

Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland Data processed: 

• Aggregated usage data (e.g., page views, engagement rate) 

• Demographic information (e.g., industry, company size, job title) 

• Interaction data (e.g., likes, comments, shares) 

• Visitor statistics (e.g., number of visitors, visit times) 

Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

Retention period: The data is stored by LinkedIn for a period of 24 months and provided to us in aggregated form

International data transfer: Data is transferred to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) 

Further information: https://www.linkedin.com/legal/privacy-policy 

Note: Data processing is primarily carried out by LinkedIn. We only have access to aggregated statistics and do not have access to individual user data. You can limit data collection by LinkedIn by adjusting your privacy settings in your LinkedIn account. 

Microsoft Advertising 

Purpose: Placement of targeted advertisements and analysis of the effectiveness of advertising measures 

Recipient: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 

Data processed: 

• Device information (e.g., IP address, browser type) 

• User behavior (e.g., clicks, page views) 

• Demographic data (e.g., age range, gender, if provided) 

• Ad interaction data (e.g., impressions, conversions) 

Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

Storage period: Data is stored for up to 18 months 

International data transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs) 

Further information: https://privacy.microsoft.com/en-us/privacystatement Hotjar 

Purpose: Analysis of user behavior to optimize the website, in particular content usage, click paths, and interactions. 

Recipient: Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta. 

Data processed: 

• Access data (e.g., time of visit, pages viewed) 

• Usage data (e.g., scrolling behavior, time spent on pages) 

• Event data (e.g., clicks on buttons, mouse movements) 

• Device data (e.g., device type, screen resolution) 

• Browser data (e.g., browser used, language settings) 

• Location data (e.g., country, city – based on IP address) 

Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

Retention period: Cookies are stored for up to 90 days. 

Further information: https://help.hotjar.com/hc/en-us/sections/360007966773-Data-Privacy Microsoft Clarity

Purpose: Analysis of user behavior using heatmaps and session recordings to enhance user experience and identify errors 

Recipient: 

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA Data processed: 

• Access data (e.g., IP address, time of access) 

• Usage data (e.g., session duration, clicks, scrolling behavior) 

• Source and traffic data (e.g., referrer URL, entry pages) 

• Device data (e.g., device type, screen resolution, device model) 

• Browser data (e.g., browser type, browser version) 

• Event data (e.g., interactions with elements, mouse movements) 

• Location data (e.g., country, region – based on IP address) 

• Cookie data for pseudonymized recognition (e.g., session ID) 

Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG 

Retention period: Data (including cookies and session recordings) are generally stored for up to 13 months 

International data transfer: Data is transferred to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additionally on Standard Contractual Clauses (SCCs) 

Further information: https://privacy.microsoft.com/de-de/privacystatement X Advertising 

Purpose: Displaying personalized advertisements and measuring advertising effectiveness. 

Recipient: X Corp. (formerly Twitter, Inc.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA 

Data processed: 

• Usage data (e.g. content displayed, interactions) 

• Device information (e.g. device type, operating system) 

• Location data (e.g. IP address, country code) 

• Demographic attributes (e.g. age, gender, if provided) 

• Interest preferences (e.g. followed accounts, topics) 

Legal basis: Consent pursuant to Article 6(1)(a) GDPR and Sec. 25(1) TDDDG Retention period: Data are retained for a maximum of 18 months 

International data transfer: Data are transferred to the USA based on Standard Contractual Clauses (Art. 46(2)(c) GDPR) 

Further information: https://business.twitter.com/en/help/ads-policies/other-policy-requirements/policies-for-conversio n-tracking-and-tailored-audiences.html 

Lead Forensics 

Purpose: Identification and analysis of B2B website visitors for sales purposes

Recipient: Lead Forensics Ltd, Communication House, 26 York Street, London, W1U 6PZ, United Kingdom 

Processed data: 

• Technical information (e.g., IP address, browser type) 

• Usage behavior (e.g., visited pages, time spent on site) 

• Company data (e.g., company name, industry) 

• Contact information, if available (e.g., company email, phone number)

• Interest profiles (e.g., viewed products or services) 

Legal basis: Consent pursuant to Article 6(1)(a) GDPR and Sec. 25(1) TDDDG Storage duration: Data is stored for a maximum of 12 months 

Further information: https://www.leadforensics.com/privacy-and-cookies/ Albacross 

Purpose: B2B lead generation and identification of company visitors on the website Recipient: Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden Processed data: 

• IP addresses (anonymized) 

• Browsing behavior (e.g., visited pages, time spent) 

• Technical information (e.g., browser type, operating system) 

• Company information (e.g., company name, industry) 

• Contact details (e.g., business email addresses, phone numbers, if publicly available) 

Legal basis: Consent pursuant to Article 6(1)(a) GDPR and Sec. 25(1) TDDDG Storage duration: Data is stored for a maximum of 12 months 

Further information: https://www.albacross.com/privacy-policy/ 

Vimeo 

Purpose: Embedding and playback of videos as well as analysis of video usage Recipient: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA Data processed: 

• Technical information (e.g., IP address, browser type) 

• Usage data (e.g., videos viewed, playback duration) 

• Device information (e.g., screen resolution, operating system) 

• Account information, if available (e.g., username, email address) 

• Interaction data (e.g., likes, comments) 

Legal basis: Consent pursuant to Article 6(1)(a) GDPR and Sec. 25(1) TDDDG Retention period: Data is stored for the duration of the consent, but no longer than 24 months 

Third-country transfer: Data is transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR)

Further information: https://vimeo.com/privacy 

4. Contact via email or contact form 

Purpose: To process and respond to your inquiry. 

Recipient: HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA 

Data processed: 

• Name 

• Email address 

• Telegram Handle/WhatsApp 

• Monthly Transaction Volume 

• Location of License 

• Content of your message 

Legal basis: Article 6(1)(f) GDPR (legitimate interest in communicating with you). If your inquiry is aimed at concluding or performing a contract, processing is carried out on the basis of Article 6(1)(b) GDPR. 

Retention period: Your data will only be stored for as long as necessary to fully process your inquiry. 

Further information: https://legal.hubspot.com/privacy-policy 

5. Social Media Online Presence 

Purpose: Communication with interested parties, providing information about products and services, and analysing the use of our online social media presences. 

Recipients: 

• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland 

• Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland ("Instagram") 

Categories of Data Processed: 

• Demographic information (e.g. age, gender) 

• Professional information (e.g. industry, professional experience) 

• Interaction data (e.g. likes, shares) 

• Usage statistics (e.g. page views, video views) 

• Content preferences (e.g. popular topics, interests) 

Legal Basis: 

• Article 6(1)(b) GDPR (performance of a contract and pre-contractual measures)

• Article 6(1)(f) GDPR (legitimate interest in effective information and communication) 

Retention Period: In accordance with the privacy policies of the respective platforms. 

International Data Transfer: Data may be transferred to the USA and other third countries, depending on the respective platform. 

Further Information:

• Instagram: 

  • https://de-de.facebook.com/legal/terms/information_about_page_insights_dat a 

  • https://www.facebook.com/legal/terms/page_controller_addendum 

  • https://www.facebook.com/about/privacy/ 

  • https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data _policy_redirect 

• LinkedIn: 

  • https://legal.linkedin.com/pages-joint-controller-addendum 

  • https://www.linkedin.com/legal/privacy-policy 

Note: We have no influence over the independent data processing by the platform providers. When visiting our online presences, usage data may be transferred to these providers, who may use this data for their own purposes. Data subject rights can be exercised directly with the respective platform providers. 

6. International Data Transfers 

Personal data is primarily processed within the EU/EEA. Transfers to so-called "third countries" only occur in compliance with the requirements of the GDPR and where suitable safeguards are in place. Before data is transferred to a service provider in a third country, the level of data protection is assessed. A transfer only takes place if sufficient protection mechanisms exist. All service providers must enter into a data processing agreement. For providers outside the EEA, additional measures are required. Pursuant to Articles 44 et seq. GDPR, a transfer is only permitted if at least one of the following requirements is met: 

• The European Commission has determined that an adequate level of data protection exists. 

• Standard Contractual Clauses have been concluded with the recipient.

• Other appropriate safeguards pursuant to Article 46 GDPR are in place.

• In certain exceptional cases as set out in Article 49 GDPR. 

7. Recipients

Personal data collected by us will only be disclosed if: 

• you have given us your explicit consent pursuant to Article 6(1)(a) GDPR;

• the disclosure is necessary to safeguard our legitimate interests or for the establishment, exercise, or defence of legal claims, and there is no reason to assume that your interests or fundamental rights and freedoms which require the protection of personal data override those interests (Article 6(1)(f) GDPR);

• we are legally obliged to disclose the data (Article 6(1)(c) GDPR); or 

• such disclosure is lawful and necessary for the performance of a contract with you or for the implementation of pre-contractual measures at your request (Article 6(1)(b) GDPR). 

Possible recipients include: 

• Processors: Group companies or external service providers (e.g., for technical infrastructure and processing, maintenance, payment processing) that are carefully selected and monitored. Processors may only process data in accordance with our instructions. 

• Public authorities: Government agencies and public institutions (e.g., tax authorities, public prosecutors, courts) to whom we are required to transfer personal data, for example to comply with legal obligations or to protect legitimate interests. 

8. Data Security and Safeguards 

We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. These measures are designed to protect against unauthorized access, manipulation, loss, or misuse. Our security measures are regularly reviewed and adapted to reflect technological advancements and current industry standards. 

Please note that despite extensive protective measures, data transmission over the internet may involve security vulnerabilities. In particular, unencrypted communication (e.g., standard email) carries the risk that data may be accessed by third parties. We have no influence over the actions of external parties. We therefore recommend that you use encryption or other protective measures when transmitting sensitive information electronically to minimize potential risks. 

9. Retention and Erasure/Blocking of Data 

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage will only take place if required by European Union or national legal provisions to which the controller is subject. Data will also be deleted or blocked once a statutory retention period expires, unless continued storage is necessary for the performance of a contractual relationship. 

10. Data Subject Rights 

You have the following rights with regard to your personal data: 

a. Right of access (Article 15 GDPR, Section 34 BDSG): You may request information as to whether and which personal data we process, for what purpose, to whom or to which categories of recipients the data is disclosed, and how long it is stored. 

b. Right to rectification (Article 16 GDPR): You may request the immediate rectification of inaccurate personal data or the completion of incomplete personal data. 

c. Right to erasure (Article 17 GDPR): You may request the erasure of your personal data, in particular if it is no longer necessary, you withdraw your consent, or the data has been unlawfully processed. 

d. Right to restriction of processing (Article 18 GDPR): You may request the restriction of the processing of your data, for example if the accuracy of the data is contested. 

e. Right to data portability (Article 20 GDPR): You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of this data to another controller, where technically feasible.

f. Right to withdraw consent (Article 7(3) GDPR): You may withdraw any consent given at any time with effect for the future. The lawfulness of processing up to the point of withdrawal remains unaffected. 

Right to object (Article 21 GDPR): You may object at any time to the processing of your personal data for reasons relating to your particular situation, especially in the context of direct marketing or any related profiling. 

Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection regulations. 

Change history