Please note that our Services may contain links to websites that can be held by partner com-panies. If you follow a link to any of these websites or use these third-party services, you should be aware that they have their own privacy policies and that we do not assume any liability for their processing of your personal data. Therefore, please make sure to read their privacy policies before providing your personal data to them.
The controller in line with the General Data Protection Regulation and other national data pro-tection laws of the member states, as well as other legal data protection provisions, is:
The data protection officer of the controller is:
In general, we record only the personal data which you disclose when using Services as part of your login or registration and possibly during use of fee-based services. Personal data are those which contain information about personal or factual circumstances. When logging in and registering as a user on our website, you only have to provide an email address and, if appli-cable, a username and password. When registering for certain Services, email addresses are not collected during registration but only later during the use of the Service. The password is stored in hasehd form, which never allows for an inference of the actual password.
In the context of implementing the concluded user contract, particularly in the context of fee-based Services you have chosen, the disclosure of further data, such as the full name, ad-dress, account details, credit card numbers, etc., may be required. It is sometimes also nec-essary to request personal information such as your name, address, email address, and telephone number for the purposes of processing your inquiries or providing you with support. Eateasy will handle these data confidentially and in compliance with the legal data protec-tion provisions. In principle, Eateasy will not disclose such information to third parties with-out your permission, unless this is required for the implementation and execution of the con-tract, for processing your request or for your support or in the case of a legal permit.
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6(1)(a) of EU General Data Protection Regulation (GDPR) serves as the legal basis for per-sonal data processing.
In personal data processing required for the fulfilment of a contract of which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to the processing required in order to carry out pre-contractual actions.
Insofar as personal data processing is required for the fulfilment of a legal obligation which our company is subject to, Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require personal data processing, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is required to protect the legitimate interests of our company or of a third party, and if the interests, fundamental rights, and freedoms of the data subject do not prevail over the interests mentioned first, Art. 6(1)(f) serves as the legal basis for processing.
The personal data of the data subject are deleted or blocked as soon as the purpose of stor-age no longer exists. In addition, such storage may occur if this is provided for by the Euro-pean or national legislator in EU regulations, laws or other regulations to which the controller is subject. The blocking or deletion of data also occurs when the storage period prescribed in the abovementioned regulations lapses, unless further storage of the data is required for con-clusion or fulfilment of a contract.
Eateasy makes reasonable efforts to prevent unauthorised access to your personal data as well as unauthorised use or falsification of these data and to minimise the corresponding risks. However, the provision of personal data, whether it be in person, over the phone or over the Internet, always involves risks and no technological system is completely free of the possibility of being manipulated or sabotaged.
Eateasy processes the information collected from you in accordance with UK and European data protection law. All employees are obliged to comply with data secrecy and data protection provisions and are instructed in this regard. Your data are transmitted in an en-crypted form using the SSL method.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected here:
The data is also stored in the log files of our system.
The legal basis for the temporary storage of data and log files is provided by Art. 6(1)(f) GDPR.
The temporary storage of the IP address by the system is necessary to allow delivery of the Services to the computer of the user. For this purpose, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the Services. In addition, the data is used by us in order to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context. Only a statistical evaluation of datasets takes place.
These purposes also constitute our legitimate and predominant interest in data processing according to Art. 6(1)(f) GDPR.
The data are deleted as soon as they are no longer necessary to fulfil the purpose of their collection. In the case when data are collected for the purpose of making the website availa-ble, this is the case when the respective session is over.
Log files which contain personal data are generally deleted after seven days at the latest. Ad-ditional storage is possible in the case of so-called error logs which allow us to fix errors. These error logs are deleted after maximum 30 days, collected IP addresses are anonymised after 30 days.
The collection of data for the purpose of making the website available and the storage of the data in log files is essential for the operation of the website. As a consequence, there is no objection possibility on the part of the user.
On our website, a contact form is available which can be used to contact us electronically. Should a user choose this option, the data entered in the input mask will be transmitted to us and stored. These data are:
Additionally, at the point of sending the message, the following data are stored:
Alternatively, it is possible to contact us via our provided email addresses. In this case, the personal data of the user transmitted with the email are stored.
Alternatively, you can contact us via our support tool integrated into our Service. It will then store your user data and the content of the support inquiry as well as the time of the inquiry.
No data are transmitted to third parties in this context. The data are used exclusively for the processing of the conversation.
Legal basis for data processing is Art. 6(1)(f) GDPR. If the e-mail contact is aimed to con-clude a contract or serves the contract execution, additional legal basis for the processing is Art. 6(1)(b) GDPR.
The processing of the personal data serves us only to process the contact and the support request. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data are deleted as soon as they are no longer necessary to fulfil the purpose of their collection.
At any time after contacting us, you have the option to object to personal data processing, regardless of whether this was done via a contact form, email or support tool. In such a case, the conversation cannot continue and your concern may not be conclusively handled. All per-sonal data stored in the course of contacting will be deleted in this case. This shall not apply if mandatory statutory retention requirements preclude this.
You can subscribe on our websites or in our games for a newsletter on the respective game. For this, we require your email address.
In addition, we must verify, taking into consideration the relevant legal regulations, that you are the actual owner of the provided email address and wish to receive the newsletter. For this purpose, we send you a validation email.
Our newsletters contain a pixel-size image (tracking pixels), which is retrieved by a server of the newsletter sender when the newsletter is opened. As part of this retrieval, technical infor-mation, such as information about your browser or operating system, as well as your IP ad-dress, location, and time of retrieval, is collected. This information is anonymised and evaluat-ed independently of the individual.
Since the submission and receipt of the newsletter depend on your consent, you can revoke this consent for collection and storage of your data at any time without providing the reasons for it. For this purpose, use the unsubscribe link which can be found at the end of our newsletter.
Additionally, you have the option to opt-out of receiving newsletters in the Data Usage Window inside any of our games under “Settings”.
If you have selected the appropriate settings on your device, Eateasy can send push noti-fications to your mobile device to give you updates of relevant news. You can manage push notifications on the page “Options” or “Settings” in the mobile app or in the settings of your device.
The legal basis for data processing in the presence of a contract is according to Art. 6(1)(b) GDPR.
Push notifications are special notifications which are displayed directly on your mobile device. The notifications contain, for instance, the information that one of your buildings in the game has been completed. As a rule, push notifications contain short messages which focus on the essential.
The messages are stored within our push gateway for up to 21 days. The messages are also stored in anonymised form in our event tracking system for an indefinite amount of time. To our knowledge, messages may be stored by the supplier of your mobile device.
You can switch off the push notifications as follows:
Open Settings > Apps & notifications > Notifications > App notifications > Name of the app. On this screen you can control if and how Push Notifications are shown to you.
Open settings > Notifications > Name of the app. On this screen you can control if and how Push Notifications are shown to you.
Cookies are small pieces of data (text files) that are sent to your browser from a web server and stored on your device so that the website can recognize your device. There are two types of cookies, permanent and temporary (or “session”) cookies. Permanent cookies are stored as a file on your computer or mobile device for a longer period of time. Session cookies are temporarily placed on your computer when you visit our Website but are erased when you shut down the page. If you do not want to accept cookies, you can adjust the settings in your web browsers security preferences, see more information on this below.
We and our service providers may use the following categories of cookies:
These cookies are strictly necessary for us to provide our Services. For example, we may use these cookies to authenticate and identify our members when they use our Site so we can provide our Services. Without these cookies we would not be able to recognise you and you would not be able to access our Services. They also help us to enforce our Terms and Conditions and maintain the security of our Services.
These cookies are not strictly necessary but allow us to personalize your online experience of our Site. For example, they allow us to remember your preferences and mean that you do not need to re-enter information you have already provided e.g. when signing-up to our Ser-vices. We also use these cookies to collect information (e.g. popular pages, viewing patterns, click-throughs) about our visitors' usage of our Services so that we can improve our Site and Services and conduct market research. If you choose to delete these cookies you will have limited functionality of our Services.
These cookies use information about your usage of our Site and other websites, e.g. the pag-es you visit or your response to ads, to deliver ads that are more tailored to you, both on and off our Site. These types of ads are called “Interest-Based Advertising.” Many of these types of cookies belong to our service providers. For third party advertisers, see more below.
We use the information from cookies to make our Website user-friendly and to enable us to provide you with personalized recommendations. We may also use several authorised third parties who put cookies on our Website to deliver services that they provide (third party cookies).
We may use session cookies to allow you to move between pages on our Website without having to re-enter information.
Permanent cookies are used in several ways, including:
We (and our authorised third parties) may use non-personal information from both permanent cookies and session cookies for statistical purposes as follows:
We set and read our own cookies to provide the following functions (first-party cookies):
To provide you with ‘remember me’ functionality: We allow users to log into the game via this cookie. This can be disabled by deselecting “Remember Me” on manual login. If you select the "Remember Me" function, a permanent cookie will be installed in the device you are using, so that you do not need to log in again when browsing the Services. If you log out of a Service, the cookie will be deleted again.
To ensure the right language version of the game is shown to you.
To allow us to optimize our landing pages and improve our marketing: we store details of the landing page you visited as well as an identifier in a cookie.
We set a cookie to record your decision about 3rd party tracking snippets and cookies.
We also use several third-party cookies as part of our Services. These cookies are governed by the respective sites and are not controlled by us. You can switch off the installation of some of these cookies in your general browser settings, for others you will need to go to the respective websites and follow the instructions provided.
For instance, it is checked which language version you use to access our Services. If you became aware of our Services through one of our partners, we store the information on who the partner is.
In the abovementioned purposes, our legitimate interest also consists in personal data pro-cessing according to Art. 6(1)(f) GDPR.
The data are deleted as soon as they are no longer necessary to fulfil the purpose of their collection.
If you do not want these cookies to be stored on your computer or wish to be informed of their storage, you can prevent the installation of cookies by a corresponding adjustment to your browser software by selecting the option "do not accept cookies" in your browser settings or declining the use of third party tracking on the first visit to the website. Your browser manufac-turer's instructions will give you more details on how this works or see https://www.aboutcookies.org. You can also opt-out of receiving third-party cookies in general at http://www.youronlinechoices.com. However, we would like to point out that by preventing cookies, you may find that you cannot use all the website's functions to the full extent.
Open the settings in your app list and tap on the “Ad” button. Once you have opened the ad window, you can disable the Google Advertising ID.
Open the settings on your mobile end device (e.g. iPhone or iPad) and select the menu option “Data protection”. Under the option “Advertising”, you can switch off the ad tracking.
Additionally, you have the option to opt-out of using third-party tracking in the Data Usage Window inside any of our games under “Settings”.
Eateasy will only transfer your personal and/or billing-related data to third parties, in the sense of companies cooperating with Eateasy or external service providers, insofar as this is required for the fulfilment of the contract, for payment processing as well as for the pro-tection of other users and is legally permitted or prescribed.
This applies in particular to the processing of payments made via external service providers chosen by you (e.g. banks, credit card companies, payment service providers such as Al-lopass, Amazon, Apple, Boacompra, Facebook, Google, Boku Payments, DaoPay, HiPay, Mobiyo, PayPal, Samsung, Sofortüberweisung, Worldpay). Your legally protected interests will be considered in accordance with the statutory provisions. The external service providers are required to treat your data confidentially and securely and may only use your data to the ex-tent necessary to fulfil their task.
In the event of payment delay, we may commission a debt collection agency or a lawyer to collect the outstanding debt. For this purpose, the necessary data will be passed on and used in compliance with all data protection guidelines.
In addition, your personal information will be shared if it is necessary to protect other users or to counter threats to state or public security or to prosecute criminal offences and if is permit-ted by statutory data protection provisions. Your protectable interests will be considered in accordance with the statutory provisions. Please note that Eateasy may be obliged to dis-close data due to statutory provisions or, for instance, a judicial order (e.g. disclosure to in-vestigative authorities). Disclosure always occurs only insofar as it is necessary and legally permitted or prescribed.
We offer you the possibility to log in to our services via Facebook Connect. This is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or, if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Fa-cebook”). If you use it, additional registration is not necessary. To log in, you are redirected to the Facebook website where you can log in with your user data. This links your Facebook profile and our service. Through the link, we automatically receive information from Facebook. The following information is transferred to us: Email address
This information is mandatory for the conclusion of the contract in order to identify you. Fur-ther information on Facebook and privacy settings can be found in the data protection guide-lines at: https://www.facebook.com/about/privacy/update.
We offer you the possibility to log in to our services via your Google account. This is a service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). If you use it, additional registration is not necessary. To log in, you are redirected to the Google website where you can log in with your user data. This links your Google profile and our ser-vice. Through the link, we automatically receive information from Google. The following infor-mation is transferred to us: Email address
This information is mandatory for the conclusion of the contract in order to identify you. Fur-ther information on Google and privacy settings can be found in the data protection guidelines at: https://policies.google.com/privacy.
We use mobile tracking technologies. For this we use the services of adjust Ltd, Saarbrücker St. 38a, 10405 Berlin, UKy. With the help of these services we collect statistical data about the use of our services to continually improve them. When you use our apps, your device sends us information that we collect and analyse. The following data is collected: IP address that is immediately anonymised, MAC address, anonymised Device ID (IDentifier For Advertisers - IDFA or Google Advertiser ID - GAID), browser type, language, Internet service provider, network status, time zone, access and exit page URL, time and date of access, clickstream data and other statistical information about the use of our services. There are no direct personal identifiers. The data collected in this way is used to create anonymous user profiles. The data collected with the tracking technology will not be used to personally identify the visitor of these websites without the express consent of the person concerned. For more information, please refer to the Adjust data protection policy at: https://www.adjust.com/privacy-policy.
The legal basis for this processing is Art. 6(1)(f) GDPR. We have entered into a data pro-cessing agreement with Adjust.
The purpose is to improve your user experience with our services and to make our offer more attractive to you. In addition, the data collected is used to analyse the performance of marketing campaigns and generate performance reports.
The data will be retained by us for the duration of use of the service and by Adjust for 28 days.
Data collection and storage can be halted at any time with future effect by configuring your mobile device as described above at IX.5.
This website uses the “Google Analytics” service, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for analysis of website usage by us-ers. The service uses “cookies” - text files which are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
IP anonymisation is used on this website. The IP address of users within the member states of the EU and the European Economic Area will be abbreviated. This abbreviation eliminates the personal reference to your IP address. Under the data processing agreement, which we have established with Google Inc., Google uses the information collected to analyse website usage and activity and to provide services related to internet usage.
The legal basis for this processing is Art. 6(1)(f) GDPR. We have entered into a data pro-cessing agreement with Google.
On our behalf, Google uses this information to analyse your website usage, to compile reports on website activity and to provide other services relating to website and internet usage. The IP address transmitted by your browser through Google Analytics is not amalgamated with other Google data.
The data will be retained by Google for 26 months; due to the abbreviation of the IP address-es, no personal data will be stored.
You have the option of preventing the storage of cookies on your device by configuring your browser accordingly. There is no guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link takes you to the required plug-in: https://tools.google.com/dlpage/gaoptout.
More information on how Google Inc. uses your data, can be found here: https://support.google.com/analytics/answer/6004245.
We forward your anonymised Device ID (IDentifier For Advertisers - IDFA or Google Adver-tiser ID - GAID) to some of our marketing partners within and outside of Europe (e.g. in the USA), in order to generate advertising for certain user groups with the help of our partners or to exclude users from certain advertising efforts. You can revoke data collection, storage, and transfer by applying your mobile device settings as described above.
On grounds of our legitimate interests in and for these purposes of analysis, optimisation and economic operation of our Services, our services use the so-called “Facebook pixel” by the Facebook social network, operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
The Facebook pixel is a code snippet placed on our website.
Facebook Pixel allows Facebook to identify the visitors of our online content as a target group for displaying advertisement (known as “Facebook ads”). Accordingly, we use Facebook Pixel to display our posted Facebook ads only to Facebook users who have shown an inter-est in our services or who share certain factors (such as interests in certain topics or prod-ucts determined on the basis of visited web pages), which we transmit to Facebook (which is known as Custom Audiences). Facebook Pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes, by showing whether users have been redirected to our services after clicking on a Facebook ad (known as conversion, and allowing to determine on which devices a user is performing an action), in order to create so-called lookalike audiences or statistical twins (i.e. to broadcast ads to target groups that are similar to existing customers) and to obtain comprehensive statistics about the use of the website. Facebook Pixel establishes a direct connection to the Facebook servers when you visit our website. This way, the Facebook server is notified that you have visited our website and Facebook assigns this information to your personal Facebook user account.
Facebook is certified under the Privacy Shield Agreement and therefore offers a guarantee of compliance with European data protection laws: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
For further information about the collection and use of data by Facebook and your privacy protection rights and options, please see the Facebook data protection policy at https://www.facebook.com/about/privacy/update. For specific information and details about Facebook Pixel and how it works, please visit the Facebook help section at https://www.facebook.com/business/help/651294705016616. You can disable this function as shown at https://de-de.facebook.com/business/help/1415256572060999?helpref=uf_permalink or at https://www.facebook.com/settings?tab=ads. You must be logged into Facebook to do this.
Our websites use maps from Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. When you access one of our pages featuring a relevant map, map content is retrieved from Google's servers. If you are signed in with your Google account, Google can merge your browsing behaviour with other information. The use of Google Maps is in the in-terest of an easy-to-understand representation of our Services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Google's data protection policy applies: https://policies.google.com/privacy?hl=de&gl=de.
Our websites use buttons from LinkedIn Corp., 2029 Stierlin Court, Mountain View, CA 94043, USA. The contents of LinkedIn servers are retrieved when you access one of our pages with a relevant button. If you are logged into your LinkedIn account, LinkedIn can merge your browsing behaviour with other information. The use of LinkedIn buttons is in the interest of exchanging information about our Services and improving them. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. LinkedIn's data protection policy applies: https://www.linkedin.com/legal/privacy-policy.
Our websites use buttons from Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA. The contents of Pinterest servers are retrieved when you access one of our pages with a relevant button. If you are logged into your Pinterest account, Pinterest can merge your browsing behaviour with other information. The Pinterest data protection policy applies: http://pinterest.com/about/privacy/.
Our websites use buttons from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. The contents of Twitter servers are retrieved when you access one of our pag-es with a relevant button. If you are logged into your Twitter account, Twitter can merge your browsing behaviour with other information. The use of Twitter buttons is in the interest of ex-changing information about our Services and improving them. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The Twitter data protection policy applies: https://twitter.com/de/privacy.
Our websites use videos from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. In doing so, we use the “Enhanced Data Protection Mode” option made available by YouTube. By loading one of our sites via a YouTube video, contents from YouTube will be loaded. If you are logged on to your YouTube account, YouTube shall have the possibility to amalgamate your naviga-tion behaviour with other data. The use of You-Tube videos serves the purpose of offering an easy-to-understand representation of our Services. YouTube’s privacy policies apply: https://www.google.de/intl/de/policies/privacy/.
If your personal data are processed, you are a data subject as defined by the GDPR, and you have the following rights before the controller:
You can request the controller to provide you with a confirmation of whether personal data concerning you are being processed by us.
If such processing should exist, you can demand that the controller provide you with the following information:
You shall be entitled to demand information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this regard, you can demand to be briefed on the applicable guarantees pursuant to Art. 46 GDPR associated to said transfer.
We shall respond to inquiries within a month upon receipt of the request.
You also have the right to rectification and/or completion before the controller, provided that the processed personal data concerning you are incorrect or incomplete. The controller shall have the obligation to implement the rectification immediately.
Under the following circumstances, you may claim the restriction of the processing of the per-sonal data concerning you:
If processing has been restricted, such personal data shall, with the exception of storage, only be processed either with your consent; for the purposes of asserting, exercising, or de-fending legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest of the Union or of a Member State.
If the processing restriction was imposed under any of the above circumstances, you will be briefed by the controller before the restriction is lifted.
You shall have the possibility to erase your account yourself at: https://www.eateasy.co.uk/member-profile.php. We will then erase all your personal data, provided that we are not legally mandated to storing them. After one year of inactivity, we will also erase your account with us.
You have the right to claim that the controller erase all personal data concerning you without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
If the controller has made public the personal data concerning you and is obliged, pursuant to Art. 17(1) GDPR, to erase the personal data, the controller, taking account of available tech-nology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as data sub-ject, have requested the erasure by said controllers of any links to, or copy or replication of, this personal data.
The right to erasure shall not apply whenever the processing is required for the purposes of:
If you assert the right to rectification, erasure, or restriction of processing before the control-ler, the latter has the obligation to notify all recipients to whom the personal data concerning you were disclosed of this data rectification, erasure, or the restriction of its processing, un-less this should prove impossible or associated with a disproportionate cost.
You have the right to be informed of these recipients by the controller.
You have the right to receive the personal data concerning you which you have provided to the controller in a structured, accessible, and machine-readable format. Furthermore, you have the right to transfer this data to another controller without restriction from the controller to whom the personal data had been provided, provided that
In exercising this right, you have the further right to request that the personal data concerning you be directly transferred by one controller to another, provided that this is technically feasi-ble. The liberties and rights of other persons may not be compromised by these actions.
The right of data portability shall not apply to processing personal data which is required for the performance of a task carried out in the public interest or in exercise of public authority vested in the controller
You have the right to object to personal data processing concerning you on grounds relating to your particular situation, at any time, on the basis of Art. 6(1)(e) or (f) GDPR, including pro-filing based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the assertion, exercise or defence of legal claims.
If personal data are processed for direct marketing purposes, you shall have the right to ob-ject at any time to processing of personal data concerning you for said marketing purposes, including profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by using automated means which use technical specifications.
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of data processing based on con-sent effective prior to its withdrawal.
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you in a significant manner. The above shall not apply if the decision
Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9, Para. 1 GDPR, unless Article 9, Para. 2, lit. (a) or (g) applies and suita-ble measures are in place to safeguard your rights and freedoms and legitimate interests.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, entailing, at a mini-mum, the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if you consider that per-sonal data processing relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the com-plainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Eateasy may alter these data protection provisions at any time. Eateasy shall notify any such changes through appropriate channels.
© Copyright Eateasy 2018