INFORMATION ON THE DECLARATION OF CONSENT
pursuant to the processing of personal data
I. General information, voluntary nature, withdrawal
The purpose of this “Information on the Declaration of Consent” is to enable you to make an informed decision on your consent. This means the following: if you provide us your consent that we may process your personal data, then you should know what this means specifically for you. This includes not only knowledge of the data we collect in this context, but also the purposes for which we do so, and what data processing activities we then perform to achieve these purposes. We would furthermore like to point out, at least briefly, that data may also be processed for purposes other than those upon which the original situation in which consent was granted was based, and that in special situations (e.g. when there is a public interest) data must also be disclosed whether consent has been provided or not, for example. Furthermore, you should know how we deal specifically with the subject of storage periods and, in addition to the possibility of withdrawing your consent, become acquainted with those rights to which you are additionally entitled and which may also have influence on the (further) processing of data, even if you made these data available by way of consent “back then”.
When reference is made to “data” in the following, this refers to personal data in the meaning of the General Data Protection Regulation (“GDPR”) – Regulation (EU) 2016/679, which entered into effect on 25 May 2018.
We, Software Broker GmbH, can only provide services, in particular those of a contractual nature, whether these be in the online business or on site, if a minimum amount of necessary data is provided by the party to whom the service is rendered. Nevertheless, collection of data or your cooperation in such, in particular the provision of data about you, is always a voluntary process. If certain data are not made available, this may lead to a restriction of our services, however. Just as an example, simply put (although “physical delivery” is not a typical aspect of contracts to be fulfilled by us): it is not possible to deliver goods if no (delivery) address is stated. Once granted, consent to the processing of data can be withdrawn at any time (please refer to section VIII below for more detailed information).
II. Scope of the data that is the subject of collection here
In the course of the current contact situation between yourself and us, and in order to fulfil the resulting requirements / obligations, we collect the following data about you / you provide us with the following data:
Last name, first name
Date of birth (when dealing with a natural person)
(If applicable) bank information (if non-cash payment for payable services is offered and selected by you)
Optional: telephone number and / or fax no. (in case of urgency)
III. Usage of your data (data processing purposes), primary and secondary purposes, other purposes
The use of data by us is for primary business purposes to the extent that such is necessary for fulfilment of the request you would like to submit/have submitted to our company or by us to you and for secondary purposes.
1. Primary purposes
The primary business purposes are to secure:
- orderly receipt and awarding of contracts (irrespective of the type of legal transaction), including their execution, whereby we are essentially involved (without limitation) in the following type of business: trade of used / second hand software resp. the corresponding licences, mainly by acting as an intermediate in the usage chain by acquiring software from the first or a subsequent user and reselling it to another (future) user without making use of the software in between for our own operational affairs, plus the contractual dealings, frameworks etc. going along with such activities (non-disclosure agreements, LoIs and alike, sale and purchase contracts etc.);
- the possibility of preparing cost estimates, quotations and similar;
- the ability to formulate and execute contracts together with their payment and despatch-related processing;
- adherence to statutory warranty obligations and any applicable contractual guarantees (if any) or also to assert these ourselves against third parties (e.g. suppliers);
- (possibly also judicial) traceability and enforcement / enforceability of claims against customers as well as the defence of claims asserted against us; and
- guarantee a high level of customer service, which can be received by and can support customers in various ways if necessary and at the same time meet their high expectations regarding our general provision of services.
For such primary purposes, it may also be necessary to pass on your data to third parties to a limited extent, namely:
- the fulfilment of business obligations, whereby such forwarding is restricted to (if any) companies associated with us (parent company, subsidiaries and affiliates, i.e. companies which we either control or which control us or are under the joint control of a third party and us) or other companies if we are contractually associated with them in order to fulfil operational purposes towards you (e.g. subcontractors of whatever kind, cooperation partners, software manufacturers) or parties to whom you may contractually (or otherwise) be bound in connection with our performance under whatever contract (e.g. a cooperation partner or associated company of yours whom we directly serve upon your respective instruction);
- coordination with our (external) advisors in tax, business and legal matters, which as a rule involves persons who are already subject to statutory confidentiality requirements due to their professional status;
- the execution of payment transactions, regardless of whether we are the paying party or the party that is to effect payment;
- enabling assessment of the (in particular) financial risk of a contemplated or already agreed-upon, but not yet fully completed, legal transaction with regard to various characteristics of the (future) contracting partner, such as its creditworthiness, liquidity, payment history, etc.
2. Secondary purposes
If you have also agreed to the processing of your data for the purpose of optimising our range of services (“secondary purposes”), we will use this data in addition and in particular for:
- determination of the satisfaction of our customers with our products / services (incl. website);
- improvement of our products and services (incl. website);
- enabling the development of tailor-made offers for customers;
- support / (and if necessary) goodwill for our services above and beyond legal obligations;
It may also be necessary to a limited extent to pass on your data to third parties for such secondary purposes, particularly if we have commissioned external service providers to analyse satisfaction or in connection with product innovations or we have outsourced support / goodwill services to such providers.
IV. Data processing for related purposes; Cookies
If we wish to process your data for purposes other than those for which it was collected, and if we do not have your (separate) consent, we will only do so if the current purpose is still compatible with the original purpose. In determining compatibility, we comprehensively weigh out interests while taking into account inter alia: the context of the data collection at the time, the degree of connection between the purposes of collection at the time and current processing, the type (sensitivity) of the data and the consequences of further processing such for you as well as the existence of guarantees accompanying processing (e.g. encryption).
Every time you access the contents of our website, data is temporarily stored which may allow identification. The following data are saved every time a page is called up at www.software-broker.com: date and time of the call-up, name of the Internet service accessed, the resource called up and the action/enquiry used by the client, amount of data transmitted, message as to whether the call-up was successful, IP address of the accessing computer. The stored data is collected for the purpose of statistical evaluation of the use of the website and summarised anonymously. Furthermore, it is used to defend against or analyse attacks on the website. If necessary, cookies may also be used in connection with your use of our website, in which case we shall keep a corresponding notice ready for you directly on the website and request your consent, which you are (of course) completely free to grant. You can also set your browser (see its “help” menu for more details) to block all cookies (and hence automatically those from our website as well) or alternatively to notify you before such a cookie is set. In this case, however, you may no longer be able to use our website to its full extent and/or only with considerable delay, and user-specific default settings for the purpose of more convenient use (e.g. correct language setting) may no longer be available. Once cookies have been set, you can delete them yourself at any time with the help of your browser.
Web analysis service of Google Inc. (https://www.google.de/ intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). Pseudonymised user profiles are created and cookies used in this context. The information generated by the cookie about your use of this website such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of the server request are transmitted to a Google server in the USA and stored there. This data is assessed to determine how the website is used. The assessment is issued in the form of reports on activities that then form the basis for market research. This data is then passed on to third parties to the extent that this is permissible or necessary. Your IP address will remain anonymous, however, and will not be merged with other Google data. You may furthermore refuse to allow cookies to be used by selecting the appropriate settings on your browser. Please note, however, that if you do this you may not be able to use the full functionality of this website. Finally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will then be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie once again. For more information on privacy in connection with Google Analytics, please visit Google Analytics Help (https://support.google.com/analytics/answer/ 6004245?hl=en).
Contact Form 7
A plug-in for generating contact forms.
A plug-in which creates a Cookie notice on the lower part of the screen. After clicking „ok“, the Cookie acceptance entry is saved. Only thereafter, it is possible that further Cookies may be stored on your internet device, whereby – however – we only make use of Google Analytics in that regard.
A plug-in which enables us to create a full image of our website, including the pertaining data base. That is important for us for being able to generate a full copy of our website, e.g. before an update is applied or where the site had to move to a new (web-)hosting company.
WPBakery Page Builder
This is an editor-plug-in for WordPress.
This is a plug-in for the optimization of search-engines.
This is a plug-in for multilungualism. It is able to identy the language used by your computer and can therefore display our website in a language matching the language of user’s / your device (to the extent available).
This website uses borlabs cookie, which implements a necessary technical cookie (borlabs-ccokie) to save your cookie consents.
borlabs cookie does not process any personal data.
The cookie borlabs-cookie saves the consents you made by entering the website. If you want to cancel your consent simply delete the cookie in your browser. If you reload the website you will be asked once more for your cookie consent.
Or click the button:Cookie settings
Google (Invisible) reCAPTCHA
We use “Google (Invisible) reCAPTCHA“ (hereinafter: “reCAPTCHA“) for this web presence. Said service is offered by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter: “Google”). We use reCAPTCHA for checking if input / data reaching our website is entered by a true human being or, to the contrary, stems from an automated / machine source for abusive purposes (e.g. spam, malware etc.). By the use of reCAPTCHA, we pursue our interest in preventing an abusive use of or spam and similar detrimental occurrences from affecting our web presence. The legal basis for the legitimacy of such interest is established in art. 6 sec. Abs. 1 sent. 1 lit. f) of the GDPR.
As regards principal functional aspects: reCAPTCHA analyses the conduct of website visitors in terms of certain characteristics / (as the case may be personal) data; this extends to (e.g.) the IP address, duration of website usage and computer mouse movements. Such analysis commences automatically as soon as our website is opened, running entirely as a background application without signalling same through a discernible indication. Analysis-relevant characteristics etc. are in general forwarded to Google or one of its affiliates, e.g. (also) Google LLC (USA). Google LLC is certified under the “Privacy Shield” data protection act which warrants – for the time being – a EU adequate level of data protection for the territory of the former (as well). Further information re said certificates can be found via:
The IP address forwarded by reCAPTCHA will not be combined with other data collected by Google / one of its affiliates provided that you are not logged in with your Google account. For the sake of avoiding such combination of data, you should log out at said account before entering our website resp. letting reCATCHA do its work (there).
You can object to the collection / transfer of personal data or processing of same by deactivating the execution of Java Script within your browser, or by installing an instance that blocks Java Script (e.g. https://noscript.net/ or https://www.ghostery.com). In such event, you may encounter functional issues on our web presence.
Further information concerning reCAPTCHA and the data protection statement of the Google group can be found under: https://policies.google.com/privacy?hl=de&gl=de
V. Data processing without your consent; non-consent purposes
There are also data processing purposes which can or even must be pursued even if you have not issued any declaration of consent. These could be legal obligations that apply to us, under which we may also be required by way of exception to use your data for purposes which are imposed on us by third parties, namely sovereign powers in the specification of public law (statutory) obligations. If there is a public interest in such, this could involve, for example, the forwarding of your data to a government authority at its request.
VI. Types of processing
In addition to the aforementioned types of processing (collection, use, disclosure by transmission to third parties), in connection with the collection of data we will store the data obtained in this manner, i.e. in an organised, orderly manner in our database and keep it there in retrievable form. The data can then be retrieved and read from the (digital) place of storage, for example to manage the business process in the context of which we have collected the data. The data may also be adjusted / changed, for example in response to a correction request from you. You may also take the appropriate initiative to restrict or erase your data, whereas such restriction etc. may – unrequestedly – also be triggered by the mere fact that the applicable storage period for the data in question has expired. While data processing is automated as a rule, manual data processing may still occur, whereby in such case we owe you the same scope of protection. The latter type of processing is being phased out.
The company uses contract processors. Guarantee contracts obligate contractors to comply in particular with our Data Protection Guidelines as well as the GDPR itself.
VII. Especially for the processing type: Storage (as continued storage)
The GDPR does not specify any specific storage obligations / erasure dates, but merely states in a quite general manner that data must be erased if the purpose of collection has ceased to exist unless – to put it in simplified terms – there is a continuing obligation to store the data or such is necessary to assert, exercise or defend against legal claims. In order to make this more transparent for you, we have decided (with the exception of special cases in which we may be subject to an earlier erasure obligation) to work with specific deadlines which we set at the time of our last contact with you. By final contact we mean that contact with you after which we have “heard” nothing more from you, whereby it is not the acoustic nature of the contact that matters. Rather, each kind of contact between you and ourselves that is perceivable to us (for example via email, letter or short message as well) is sufficient in order to constitute a new last contact replacing the previous last contact. Our storage periods are therefore as follows:
- if there has been no contractual relationship between you and us, nor is such to be expected any longer; nor has a situation come about from which liability (even if only of a pre-contractual nature) could arise; business letters or the like have not been exchanged: 2 years since the last contact, the period is to begin at the end of the year in which the last contact took place;
- if no contractual relationship has come about between you, nor is such to be expected any longer, no business letters or the like have been exchanged, but a situation from which liability (even if only of a pre-contractual nature) could arise cannot be completely ruled out: 3 years since the last contact, commencement of the period at the end of the year in which the last contact took place;
- a contractual relationship has come about between you and us or, however, not come about, business letters or similar have been exchanged with you: 6 years since receipt or sending of the business letter or similar. If the final contact takes place within the 6-year period and, calculated from this event, the period stipulated in (1) or (2) would end later than the 6-year period, the later date is to apply as the end of the period. Data other than that of the business letter, if not related thereto, will only be stored from the date of the last contact for the period stipulated in (1) or (2);
- if a contractual relationship has come about between you and us or, however, has not come about; in any case, accounting documents exist for this or your data are part of a compendium of business documentation (e.g. a management report) or are contained in customs documents in accordance with Art. 15 I and/or Art. 163 of the EU Customs Code: 10 years from the booking date, the date of the aforementioned documentation or the date of transmission to the customs authorities. If the final contact is within this 10-year period and, calculated from this event, the period stipulated in (1) or (2) would end after this 10-year period, the later date shall apply as the end of the period. Data other than those in the accounting document / annual report, etc. or customs documents, if not related thereto, are only to be stored beginning with the date of the last contact during the period stipulated in (1) or (2).
VIII. Withdrawal of consent and other rights to which you are entitled in relation to your data
1. Right to withdraw your consent
You have the right to withdraw your consent at any time. Such withdrawal does not affect the lawfulness of consent-based data processing performed before the point in time of withdrawal, but means that beginning at such point in time we may no longer perform any activities relating to your data if the consent withdrawn in the meantime was the only legal basis for this. This is not the case, for example, if we are still obligated to store the data. The withdrawal can be notified without adhering to any formal requirements and is in any case also possible in the form in which you previously provided your consent. Withdrawal of consent is to be declared to:
SB Software-Broker GmbH
Bonner Str. 12, 51379 Leverkusen, Deutschland
Tel. No.: +49 2171 4017 680
2.Right to information
You have the right to obtain information from us as to whether we process personal data relating to you. If this is the case, the information also extends to inter alia:
- what kind of data are processed and for what purposes;
- to whom data may have been passed on (and which guarantees, if applicable, have been provided by the recipient with respect to handling of your data in compliance with law governing data protection, for example in the event that a third country is involved);
- duration – or criteria for the duration – of the (planned) storage of this data;
- if applicable, origin of the data (in the case of collection from third parties);
- if necessary, pertinent information on the (system) logic used and the scope and intended effects of data processing on you if these were the subject of an automated decision-making process (note: we do not perform such processes at our company ourselves).
You will receive a copy of this information from us, in the case of an electronic application on your part in electronic form (i.e. in a common electronic format). We may charge a reasonable fee for additional copies in accordance with the administrative expenses associated with this.
3. Right to correction
You have the right to request us to correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you furthermore have the right to request completion of incomplete personal data, including by means of a supplementary declaration. If your data has been disclosed to third parties, we will inform them of the correction unless this is impossible or would be associated with unreasonable effort and expense. If you so request, we will disclose the aforementioned third parties to you.
4. Right to erasure (including the so-called “right to be forgotten”)
(a) Claim to erasure
Subject to the exceptions set out in subsection (c) below, you may request us to delete your personal data without undue delay if:
(aa) this/these data (in particular their further storage) is/are no longer necessary for the purposes of the collection;
(bb) you have withdrawn your consent in the case of consent-based data processing;
(cc) you object to further processing;
(dd) the processing of data was unlawful;
(ee) the erasure is necessary in order to fulfil a legal obligation under European Union law or national law;
(ff) the data have been collected from a child (under 16 years of age) relating to services of the information society, which in this context is understood as a service generally provided subject to charge, and which is performed electronically by means of distance selling (i.e. without direct physical contact between the parties involved) and by individual call-up.
In the event your data is erased, we usually assume that you consent to our including your name in our list of persons who do not (no longer) wish to be contacted by us. This minimises the chance that you will be contacted in the future, for example if your data is collected in another context. If you do not desire this, please let us know.
(b) Additional rights in the event of publication of your data and third-party participation
If we have disclosed the data to which your erasure claim relates, we will (while taking into account the technology available and implementation costs) undertake reasonable measures to ensure that the controllers responsible for such data are informed that you have requested the erasure of the data (including links to and reproductions of the data). If your data has been disclosed to third parties (in another manner), we will inform them of the erasure unless this is impossible or would involve unreasonable effort and expense. Upon your request, we will disclose the aforementioned third parties to you.
(c) Exceptions from the claim to erasure
You are not entitled to an erasure claim – even only temporarily if applicable – especially if data processing is necessary:
(aa) to exercise freedom of expression and information;
(bb) to fulfil a legal obligation applicable to us under European Union law or national law (this may be e.g. a legal obligation to keep records [before their expiry]);
(cc) to assert, exercise or defend legal claims, or if
(dd) in the event of your withdrawal in the above meaning (section VIII 1), there is another legal basis for data processing;
(ee) in the event of your objection in the below meaning (section VIII 10), firstly, there are overriding legitimate grounds for data processing and, secondly, your objection is not only directed against direct advertising and any possibly related profiling (in the latter case – involving direct advertising, profiling relating to such – you are always entitled to a right of erasure).
(d) Rights similar to erasure
If you (at least temporarily) have no claim to erasure, you may nevertheless have a claim to a limitation on (further) data processing by us. For more information, please refer to section 5 immediately following.
5. Right to restriction of processing
If we have collected data unlawfully and you are therefore (actually) entitled to a erasure claim, you can demand from us that we restrict data processing instead of such erasure. The same applies to lawfully collected data in the case we have in the meantime achieved the purpose, but you need the data to assert, exercise or defend legal claims. If you have filed an objection to the data processing involving you (and we do not have to comply with this if only because it is directed against direct advertising/related profiling) or if you dispute the accuracy of data, you can request us to restrict the use of your data during the corresponding review phase (weighing of interests in the event of an objection, examination of the data for actual inaccuracy). This means that we may only process such limited data (aside from its storage and special cases of overriding public interest) with your consent or in order to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person.
Even without your initiative, we will limit the use of your information to the extent described above if the last contact with you (cf. section VII) goes back longer than a period corresponding to 3 (three) years plus the remainder of the year in which the last contact occurred. This shall not affect any rights of restriction or erasure that may have arisen at an earlier point in time.
If data restriction in the aforementioned meaning has occurred and is due to be revoked (e.g. because it could be determined that the data is not accurate), we will inform you before this step is taken. If your data has been disclosed to third parties, we will inform them of the data restriction unless this is impossible or would involve unreasonable effort and expenses. If you so request, we will name the aforementioned third parties to you.
6. Right to transfer of data
If we process your data automatically on the basis of consent given by you or within the scope of a contractual relationship, you can require us to receive the corresponding data in a structured form in a common, machine-readable format, for example in order to be able to forward it yourself (and without any influence whatsoever by us) to another data controller. As far as is technically feasible and such does not affect the rights of other persons, you may also request that we forward such data stocks directly to another data controller selected by you (e.g. a company with whom you wish to conclude a contract). An additional claim to erasure in your favour, if applicable, will not be affected by a data transfer request.
7. Right to notification in the event of data breach
If a situation occurs in which the violation of data (e.g. a so-called data breach) poses a great risk to your personal rights and freedoms, we will inform you immediately. Such notification includes inter alia the data of your contact person in this context as well as information on the impending consequences of injury and the measures already taken or planned to be taken to contain these consequences. Such notification may be waived if we have subsequently initiated such effective containment measures that no great risk in the aforementioned meaning can be assumed any longer and if the data have already been significantly secured against unauthorised access – particularly by means of technical measures (e.g. encryption) – or if the notification would involve unreasonable efforts and expenses (in which case we would arrange a public announcement or measure having a similarly broad impact).
8. Your right not to be subject exclusively to automated decision-making processes in connection with data processing
In principle (i.e. except in exceptional cases), you have the right not to be subject to a decision based exclusively on automated processing – including profiling – if this has legal effect towards you or has a significantly negative effect on you in a similar manner. Our company does not use such decision-making structures at the present time and we would inform you separately should this change and your data be affected.
9. Right of appeal
You may complain at any time about our conduct relating to the processing of data to the supervisory authority in charge. Of course, you can also file a complaint with us, and we will try to solve any problems that may arise together.
The (data protection) authority in charge is:
Data security officer of the Federal State of North Rhine-Westphalia, i.e. “Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen”,
Tel. No.: +49 211/38424-0,
Fax: +49 211/38424-10,
10. Right of objection
If we have processed your data to protect our legitimate interests (or to fulfil a task in the public interest), you can object to this at any time. Further processing by us is then (still) only permissible if we can demonstrate reasons for processing which are so important that they override your interests, rights and freedoms, or if such serves the purpose of asserting, exercising or defending against legal claims. If your objection is directed against the use of your data for purposes of direct advertising/related profiling, we will (no longer) use / process your data in this context. You may send us your objection in any form.
11. Time limits for our response to your exercise of rights
If you assert rights under this section VIII, we will inform you without undue delay, but at the latest – subject to the following clause – within a period of one month after receipt of your application about the effects this will have in your specific case (in particular what legal consequences this may have). If your application is based on a complex issue and at the same time we are confronted with a large number of applications, we are entitled to only react within a period of 3 months, whereby we will notify you of and justify such a delay within the aforementioned one-month period. We must also respond to you within one month and state the grounds for such if we do not wish to take action at your request.
All rights under this section VIII – with the exception however of the right stipulated in sub-section 9 – are to be asserted towards:
SB Software-Broker GmbH
Hüserheide 52, 47918 Tönisvorst, Deutschland
Tel No.: +49 211/547-671-20
Re such contact data, you may address any right either to our managing director, Mr. Stephan Schäpers, any (other) employee of our company or just in a “to whom it may concern” fashion.
This section VIII does not contain an exhaustive list of your rights under this “Information on the Declaration of Consent”. To promote readability, we have not explained every right to which you may or actually are entitled down to the last detail, and we have also looked at which cases may arise for our company or for you in your capacity as the data subject in practical terms through the data processing to be carried out by us. The summary of rights contemplated herein is therefore not exhaustive with regard to the rights to which you are entitled, but is supplemented (especially in marginal areas) by the GDPR and other pertinent legislation wherever applicable. No special form or formal requirements must be met to assert your rights, i.e. this can also be done by telephone or e-mail. Notification of your rights, the fulfilment of other information obligations by us and measures taken to implement your rights are free of charge to you, subject to the arrangements laid down in section VIII, sub-section 2 sentence 3. We are only entitled to charge a reasonable fee corresponding to our time and effort or to refuse to process the request in the case of manifestly unfounded or (in particular) excessive requests.
IX. Controller, Data Protection Officer
The controller responsible for processing your data in connection with your Declaration of Consent is:
Managing Director: Herr Stephan Schäpers
SB Software-Broker GmbH
Hüserheide 52, 47918 Tönisvorst, Deutschland
Telefon-Nr.: +49 2152 9945 740
Due to the (small) size of our company, there is no legal obligation to appoint a data protection officer, nor have we appointed one on a voluntary basis
However, our entire company staff will be pleased to help you with all your questions in connection with this “Information on the Declaration of Consent”, the Declaration of Consent as such, other questions regarding the processing of your data and, of course, your rights under section VIII and the assertion of these rights.
X. Legal basis
Forasmuch as your consent forms the basis for the processing of your data (be it through ourselves or through a contract processor), same is legally based on art. 6 sec. 1 a) of the GDPR. For the processing of data assotiated to consented processing, art. 13 sec. 3 GDPR may form the legal basis for same. Even for data processing beyond your consent, provisions exist within the GDPR which may legally cover such action as well. For example, such processing may be legally backed if conducted for the sake of fulfilling a task of public interest (art. 6 sec. 1 e) GDPR) or safeguarding justified interests of the processing party which may, from case to case, prevail over conflicting interests of the party who is affected by the processing of respective data (art. 6 sec. 1 f) GDPR).