6. Information on data protection for occupational benefits insurance

Responsible entities within the framework of occupational benefits insurance:

• AXA Foundation for Supplementary Benefits, Winterthur
• AXA Foundation for Occupational Benefits, Winterthur 
• Columna Collective Foundation Client Invest, Winterthur
• Columna Collective Foundation Group Invest, Winterthur
• AXA Foundation 1e, Winterthur
• AXA LPP Foundation Suisse Romande, Winterthur
• AXA Life Ltd 
• Pension Fund for AXA Switzerland
• AXA Insurance Ltd

Each with the address General-Guisan-Strasse 40, CH-8400 Winterthur

Responsible entities within the framework of occupational benefits insurance:

• AXA Foundation for Occupational Benefits, Principality of Liechtenstein 
• “Rofenberg” Employee Welfare Foundation
• AXA Life Ltd

Each with the address Zollstrasse 20, FL-9494 Schaan 

We define personal information and contact details as the basic data that we require in addition to the contract data (see section 6.2.2) for the purpose of processing our contractual and other business relationships. We process this data, for example, if you are an insured or a relative or beneficiary of an insured.

This data includes, for example, first and last name, gender, date of birth, age, marital status, language, nationality, telephone number, email address, job title, place of citizenship, ID, passport, or foreigner’s ID number, social security number, and digital/electronic signature.

This is information that arises in connection with a potential or actual insurance contract or its termination, contract processing, and the enrollment of insureds in occupational benefits insurance. 

This data includes, for example, the type and date of the contract conclusion, as well as information related to its processing and administration (e.g., information related to invoicing, consulting, and customer service). Contract data also includes information relating to complaints and contract adjustments, as well as information on customer satisfaction, which we may collect through surveys, for example.

This is data relating to financial circumstances, payments, and the enforcement of claims. It includes information relating to premium payments by employers and the enforcement of claims. For insureds, this includes information on wages, reminders, credit balances, purchases in occupational benefits insurance, payments of withdrawal benefits and pensions, as well as mortgage information. 

We also process financial and payment data about beneficiaries, for example in connection with pensions for surviving spouses and registered partners, children, and other beneficiaries. We receive this data from the insured, for example in connection with purchases or the payment of withdrawal benefits, but also from banks and publicly available sources.

This includes information relating to the receipt of notifications and the processing of pension cases (i.e., retirement, disability, or death) and in connection with other benefits such as transfers.  This also includes information about third parties, for example persons involved in the onset of incapacity for work or death. We may also obtain such data from third parties such as authorities and agencies (e.g., social security or social welfare offices), employers, other insurance companies, medical service providers and experts, courts, or external attorneys.

This is data relating to our online and telephone communications with you. If you contact us via a contact form, by email, telephone, chat, letter, or other means of communication, we collect the data exchanged between you and us, including your personal information and contact details. If we record telephone calls, we will inform you separately. Communication data includes the manner, location, and time of communication and, as a rule, its content. Examples include information in emails and letters from you.

Technical data includes, for example, IP addresses, metadata, logs recording the use of our systems, IP packets, and other technical identification data.

This includes information about personal behavior, for example how the AXA website www.axa.ch and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests, and the location, time you enter or leave a building, protocol data, and log data, for instance.

This includes particularly sensitive personal data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. Such data can be gathered within the scope of processing of insured events, for example. It includes diagnoses, medical reports, sick notes, as well as reports on other physical or mental impairments.

Other particularly sensitive personal data includes, for example, data on views or activities relating to religion, values, opinions, politics, or labor unions, data on an individual’s personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.

HR data refers to data that we collect from you during the application process or, where applicable, from public sources such as employment-related social media. Such data is collected, for example, in connection with your candidacy for a position on the Foundation Board of Trustees via the form on our election platform. This includes data related to your current employment (e.g., information about your pension plan and your position), (particularly sensitive) data such as a criminal record extract or debt collection information, data relating to your resume, and data relating to your education and training. 

We initially process data for the purpose of providing occupational benefits insurance. In this context, we may also carry out profiling (see section 6.6). The specific purposes of data processing and underlying objectives are mentioned below. Insofar as a legal relationship subject to the GDPR exists, we rely on the legal bases mentioned below and in section 6.5. 

The implementation of occupational benefits insurance includes the preparation and conclusion of the affiliation agreement with the employer or self-employed person. To this end, we process personal data – in particular personal information and contact details, customer and contract data, financial and payment data, and communication and technical data – from employers or their contact persons and, where applicable, from brokers. This also includes advising our customers and providing customer service, as well as enforcing legal claims arising from contracts (collection, legal proceedings, etc.), accounting, terminating contracts, and public communication. 

Another part of implementing occupational benefits insurance is accepting and processing new insureds. To this end, we process, in particular, their personal information and contact details. We then maintain an occupational benefits account for each insured, for which we process information on contributions, purchases, retirement assets, and payouts. We also use data from insureds (e.g., customer/contract, financial, and payment data) to advise them and suggest new products and services. As a rule, however, this is only done with the appropriate consent.  

We may engage third parties, for example IT and logistics companies, advertising service providers, banks, other insurance companies, or credit agencies, to conclude contracts and process contractual relationships, and these third parties may in turn provide us with data.

When working with companies and business partners, for example partners in projects or parties in legal disputes, we also process data for the purpose of initiating and executing contracts, for planning, accounting purposes, and other purposes related to the contract.

Processing for this purpose is primarily based on the initiation or fulfillment of a contract and the fulfillment of legal obligations in the area of occupational benefits insurance (see section 6.5). Processing may also be necessary for the assertion, exercise, or defense of legal claims. If we obtain your consent for processing for this purpose, this consent (also) constitutes the legal basis. 

We process your information for the purpose of assessing, reviewing, and processing claims, benefits, and legal cases. It is not possible for us to review your claim, benefits, or legal case unless we have your data.

For example, we use your personal information and contact details – including the details of any co-insureds – in order to contact you. We require your customer/contract information in order to manage claims, legal cases, and benefits; we require any information on claims or legal cases (including health data, if applicable) – such as notices of loss or legal cases, investigation reports, and invoices – to assess your claim, benefits, or legal case; we also need your financial and payment data to pay out benefits, for example.

In connection with a claim or insured event, we may obtain any relevant information from, and inspect the relevant files of, other insurance companies, authorities, and other third parties. If necessary, you must authorize the aforementioned entities to disclose the relevant data or release the doctor from their duty of confidentiality. In the event of incapacity for work, the necessary data may be processed and transmitted in the event of recourse to liable third parties (or their liability insurance).

In some circumstances, your consent may be necessary when querying particularly sensitive data that requires particular protection, such as health information. In this case, we process the data solely based on the consent granted by you for the purpose of processing the claim, legal case, or benefit.

Processing for this purpose is generally based on the fulfillment of a contract and the fulfillment of legal obligations in the area of occupational benefits insurance (see section 6.5). In addition, the assertion, exercise, or defense of legal claims may serve as a legal basis. If the processing of your personal information is based on consent, we process the data in the context of such consent (e.g., when disclosing particularly sensitive personal data to third parties). 

We process your data for the purpose of automated or non-automated detection, prevention, and combating of insurance fraud.

For example, we use your contract, claims, and benefits data and analyze it in order to identify any suspicious patterns. To that end, and in order to protect you as well as us from unlawful or improper activities, we may also carry out profiling (see section 6.6.1 Profiling).

In connection with the identification of misuse – and the filtering out of suspicious cases – we exchange data with external cooperation partners and other insurance companies and investigators. If consent has been provided by the person concerned, we respond to inquiries from other insurance companies regarding their customers if there is a suspicion of insurance fraud. For example, we provide information about existing policies and previous claims. Information is only provided to authorities if there is a legal obligation to do so.

Processing for this purpose is based on our legitimate interests, which include, in particular, the prevention of fraud and the protection of AXA’s assets. Insofar as we obtain your consent in this context, this consent (also) constitutes the legal basis. In addition, the assertion, exercise, or defense of legal claims may serve as a legal basis.

We process your data in order to meet regulatory and legal obligations, and to guarantee that laws, guidelines, standards, and internal directives are complied with.

In particular, we process your data for the purpose of combating money laundering, terrorist financing, as well as bribery and corruption. In addition, we process your data for legally required disclosure duties with the aim of preventing, detecting, and investigating criminal offenses and other violations. This also includes disclosure, information, and reporting obligations under supervisory and tax law. For these purposes, we process, in particular, personal information and contact, customer, contract, financial, payment, communication, and technical data, and, in some circumstances, also behavioral data from employers and their contact persons, from self-employed persons, and possibly from insureds.

In the case of individual checks where specialist technical expertise or in-depth knowledge is required, we  may enlist cooperation partners or other third parties to assess and/or process the case. In addition, as a member of the AXA Group we are required to report specific serious compliance and security incidents to the Group and share them with the relevant departments.

Processing for this purpose is primarily based on the fulfillment of legal obligations in the areas mentioned above. The legal obligations may relate to Swiss and Liechtenstein law, on the one hand, but also to foreign regulations to which we are subject, on the other. In addition, we include industry standards, self-regulation rules, corporate governance provisions, and official instructions and requests. We also have a legitimate interest in complying with and enforcing such requirements, which may also serve as a legal basis for our processing.

We also process your data for marketing purposes in order to contact employers or their contact persons and to send you personalized information and advertising, in addition to non-personalized direct advertising, for example regarding the further development of existing products or the development of new products and services by us and third parties (e.g., companies of the AXA Group). Marketing is carried out, in particular, in the form of newsletters, printed matter, or by telephone, either regularly or as part of individual campaigns (e.g., for events or contests). For this purpose, we process personal information and contact details, customer/contract data, and behavioral and preference data. We may link existing data and use this data as a basis for personalization.

We only carry out marketing activities towards insureds after obtaining separate consent. You can withdraw your consent to processing for marketing purposes at any time. You can find our contact information in section 6.11. Further information on your rights can be found in section 6.10. In addition, legitimate interests, in particular those relating to the implementation of advertising and marketing measures, serve as the legal basis for processing for this purpose.

We may also process your data for market research, to improve our services and operations, and for product development. For example, we analyze (also for non-personal purposes) how products and other offerings, such as our pension portal, are used. This gives us an indication of the market acceptance of existing products and benefits as well as the market potential for new products and services. To this end, we process, in particular, your personal information and contact details, but also communication and technical data as well as behavioral and preference data. We obtain the information from customer polls, surveys, and studies as well as from the media, social media, Internet, and other public sources. However, we use pseudonymized or anonymized data for these purposes wherever possible. 

We may commission market research institutes to conduct telephone or electronic customer surveys. We may also use media monitoring services or conduct media monitoring ourselves, processing personal data in order to carry out media relations work or to understand and respond to current developments and trends.

Processing for this purpose is primarily based on our legitimate interests, in particular those relating to understanding customer behavior and preferences, improving our products and services, and conducting market studies. If we obtain your consent for processing for this purpose, this consent (also) constitutes the legal basis.

We process your data for general and insurance-specific statistical analysis and for risk management. For example, we use your personal information and customer data as well as financial, claims, and benefits data to develop our conditions and premium rates and, in general terms, for the further development of our insurance business, in particular in relation to artificial intelligence (AI). If possible, we use anonymized data for our analysis and also anonymize or pseudonymize the data over the course of the statistical process. In specific instances of statistical or scientific analysis or research work, we obtain data from third parties and merge it with our own data.

Processing for this purpose is based on our legitimate interests, in particular those relating to appropriate corporate governance and development as well as improving our products and services. 

If you apply to become a member of one of our entities, we will process HR data for the purpose of conducting the application process, for example data in applications, from employment-related social media, or the commercial register. This personal data is processed if it relates to your suitability for the position in question or with your separate consent. We may also use your data for non-personal statistical purposes. 

We delete data from unsuccessful applications after the audit of the election year has been completed. If your application leads to your appointment as a member of an entity, the data will be stored and used as part of the normal organizational and administration process. 

The processing for this purpose is primarily based on the initiation of a contract, specifically an employment or mandate contract. Insofar as we obtain your consent, this consent (also) constitutes the legal basis.

Furthermore, we process your information for other purposes including in the context of our internal procedures and for administration, for training and quality assurance purposes, to carry out events, for the protection of our customers, employees, and other persons, and to protect AXA’s data, secrets, and assets, as well as any data, secrets, and assets that have been entrusted to AXA. As part of our business development, we may also sell or acquire businesses, parts of businesses, or companies to or from others, or enter into partnerships, which may also lead to the exchange and processing of data. 

Insofar as there is no legal obligation to process this data, we do so in pursuit of our legitimate interests (see section 6.5).

When you visit our premises, we will make video recordings in correspondingly designated areas for security and evidence purposes. The recordings are accessible to selected AXA employees within the framework of their responsibilities. We only analyze the recordings if necessary (cases subject to criminal law) and delete them between 7 and 30 days later. Data processing is permitted on the basis of our overriding legitimate interest in ensuring the security of our buildings and systems.

If we ask for your consent for certain processing activities, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time with future effect by sending us a written notification: our contact details can be found in section 6.11. Once we have received your revocation of consent, we will no longer process your data for the relevant purposes, unless another legal basis permits further processing. The revocation of your consent does not affect the lawfulness of the processing carried out up to the point of revocation.

Some personal data is collected directly from you, for example if you wish to join us as a self-employed person, provide us with health information, register a beneficiary or life partner, buy into the pension fund or draw your withdrawal benefits, transfer your vested benefits to another pension or vested benefits institution in the event of a change of job, or if you communicate with us in any other way.

If you provide us with personal data relating to other persons (third parties) (e.g., in an individual beneficiary order or death notification), we assume that you are authorized to do so and that this data is correct. Please ensure that these persons are aware of our Privacy Policy or relevant product information. 

In certain cases, we collect your data from third parties or public authorities. For example, we often collect data from the insured’s employer, for instance when they register you as a new employee with us, when they notify us of your departure, upon a change in salary, or any other change, or when they report a claim. 

We also process data received from public offices or authorities, finance companies, banks, other insurers, distribution partners, employers, and experts, including attorneys or doctors, or the HIS reporting and information system to ensure we have the necessary data to conclude or process contracts. When you send an insurance application or report a claim or benefit case, you release the corresponding bodies from any confidentiality obligations. In addition, we process data obtained from data suppliers and address brokers or other website operators and online networks so that we can provide you with the best possible service and optimal advice as well as ensure data accuracy.

Where permitted, we obtain specific data from publicly accessible sources (e.g., debt collection register, land register, commercial register, media and Internet) or receive such data from other companies within the AXA Group, as well as authorities, cooperation partners, and other third parties.

We base our processing of your personal data in the area of mandatory and extra-mandatory occupational benefits insurance (comprehensive solution) on the following (statutory) principles and, where applicable, on the associated ordinances:

• Federal Act on Occupational Old Age, Survivors’ and Invalidity Pension Provision (OPA)
• Federal Act on the Vesting of Occupational Old Age, Survivors’ and Invalidity Benefits (VBA)
• Swiss Data Protection Act (FADP)
• Consent, if you have given it to us. 

We process your personal data within the framework and on the basis of consent, insofar as the processing has no other legal basis that is applicable and such a legal basis is required. Consent that has been given may be revoked at any time (see section 6.10.8).

In the area of mandatory and extra-mandatory occupational benefits insurance (comprehensive solution), we process your personal data within the scope of our statutory processing powers (e.g., in accordance with Art. 85a et seq. OPA).

Persons involved in the implementation as well as the control or supervision of the implementation of mandatory occupational benefits insurance is subject to the duty of confidentiality pursuant to Art. 86 OPA.

In the area of extra-mandatory occupational benefits insurance and in other areas, we process your personal data based on:

• consent
• the conclusion and performance of a contract with your employer (affiliation agreement regarding occupational benefits insurance)
• a contract with you or an inquiry from you ahead of such (e.g., with contracts relating to the financing of residential property)
• an overriding interest (e.g., to ensure information security or data protection or to carry out tasks in the public interest); in this event you can, however, lodge an objection under certain circumstances
• a legal requirement (e.g., with documents or information subject to a mandatory retention period).

In the area of mandatory and voluntary occupational benefits insurance, we rely on the following legal bases and the associated ordinances:

• Law governing occupational benefits insurance in the Principality of Liechtenstein (BPVG), where applicable
• Law on the supervision of institutions for occupational benefits (PFG), where applicable
• Data Protection Act (DSG) of Liechtenstein
• General Data Protection Regulation (GDPR)

Persons involved in the implementation as well as the control or supervision of the implementation of occupational benefits insurance is subject to Liechtenstein’s duty of confidentiality pursuant to Art. 21 BPVG or the duty of confidentiality in accordance with Art. 64 PFG.

Where the GDPR applies, we proceed in application of the following legal bases:

a) Initiation or performance of a contract 

b) Existence of a legal obligation

c) Your consent 

d) Our legitimate interests

These include, for example:

• Efficient, effective protection of customers, employees, and other persons as well as protection of AXA’s data, secrets, and assets as well as data, secrets, and assets that have been entrusted to AXA.    
• Maintenance and secure organization of business operations, including secure, efficient, and effective operation, and successful development of the website and other IT systems
• Efficient and effective customer support, contact maintenance, and other communications with customers including outside of contract performance
• Corporate governance and development, in particular with regard to the AXA Group
• Documentation of customer behavior, activities, preferences, and needs, implementation of market studies
• Efficient and effective improvement of existing products and services as well as development of new products and services
• Management of advertising and marketing measures
• Sale or purchase of business areas, companies, or parts of companies and other transactions under company law
• Prevention of fraud, misdemeanors, and felonies as well as investigations in connection with such offenses and other inappropriate behavior, dealing with lawsuits and actions against us
• Participation in legal proceedings and cooperation with authorities as well as otherwise asserting, exercising, and defending legal entitlements

For the purposes mentioned in section 6.3., we may process and evaluate your data (see section 6.2.) automatically, i.e., using computers. These processing operations also include so-called profiling. 

“Profiling” involves the automated processing of data in order to analyze or predict – and therefore assess – certain personal characteristics or a person’s behavior. This is done by combining, linking, and analyzing the personal data available to us. The result – that is, the profile created – gives us information about personal characteristics such as personal preferences, interests, place of residence, and changes of location. This enables us to support and advise you on a more personalized basis and more successfully tailor our offerings to individual customer requirements (see also section 6.3.6). 

In addition, we use profiling to identify security risks and any risks of misuse, to conduct statistical analyses, and for operational planning purposes. We may also use these procedures to combat money laundering and misuse, as well as perform credit checks. Finally, these personalized risk assessment and evaluation procedures can be used as an essential calculation basis for the contract.

We ensure that the results are proportionate and reliable at all times, and take action against any misuse of profiling. In the mandatory and extra-mandatory (comprehensive solution) areas, these data processing activities are also subject not only to legislation on occupational benefits but also to the respective Data Protection Act.

To ensure the efficiency and uniformity of our decision-making processes, we may also take specific decisions on a fully automated basis (computerized basis in accordance with specific rules and without any human involvement or checking by employees). These decisions can also be taken on the basis of profiling.

In the event of such automated case-by-case decision-making, you will be specifically notified of its usage should the decision have negative legal consequences for you or cause comparatively significant impairment. In such cases, you can ask for such decisions to be reviewed by an AXA employee (see section 6.10.9).

We protect your data and do not sell it to third parties.

In some circumstances, your data may be disclosed to data processors and third parties (e.g., if required for contract conclusion or processing, or for other purposes specified in this Privacy Policy). In addition, your data may be disclosed to other controllers or  cooperation partners.

We are part of the AXA group of companies and therefore carry out some business processes in centralized service units and data processing systems belonging to the AXA Group. This data processing, which also involves the processing of data outside of the European Economic Area (EEA) and Switzerland, is permitted on the basis of our Binding Corporate Rules (BCR). Furthermore, our Binding Corporate Rules also cover the transfer of data to data processors belonging to the AXA Group. Details of individual companies in the AXA Group can be found here: List of AXA companies worldwide.

With your consent, AXA Life Ltd, operating on behalf of your occupational benefits institution, discloses your occupational benefits-related data to AXA Insurance Ltd on an ongoing basis so as to provide an overview of pension coverage as well as for individual product and service offerings. Such disclosure takes place only with your express consent. This consent is issued separately and can be revoked at any time in the myAXA portal. With this consent, AXA Insurance Ltd may use any data that it has already available to it to this end, link it with the data issued via the occupational benefits channel, and use the resultant profile also for marketing purposes. This affects the following data categories: Personal information and contact data, customer/contract data, financial and payment data, health-related data, and communication and technical data. Verified service providers in Switzerland and abroad may be used to process this data.

We work with contractors such as suppliers, IT service providers, and other service providers. These services include, for example, IT services, the sending of information, marketing, sales, and communication services. They are contractually obligated to process the data only for the purposes we specify. If the contractors wish to engage third parties, we must approve this.

We work with third parties that process your data based on their own responsibility, or based on shared responsibility with ourselves. Such third parties include any natural person or legal entity, authority, institution, or other public office that is not part of the AXA Group or its data processors. In particular, we include here the following categories: 

• Employer
• Beneficiary 
• Authorized representatives, legal representatives
• Benefit recipients 
• Pension fund experts
• Independent insurance brokers, sales and other contractual partners, as well as pension and vested benefits institutions
• Experts such as doctors and attorneys  
• Previous insurers, co-insurers, and reinsurers 
• Social and health insurance companies as well as other private insurance companies 
• Other participants in an incident (e.g., in the event of an insured event) 
• Authorities, courts, and public offices 
• Auditors 
• Other parties in potential or actual legal proceedings 

In connection with our business activities, data may be disclosed to Switzerland, EU/EFTA/EEA countries and, under certain circumstances, to recipients worldwide, but primarily to countries in which other companies of the AXA Group operate (see section 6.7.2).

Prior to transmitting data abroad – including to a country outside of the EU/EFTA/EEA – we ensure that the country has an appropriate degree of data protection. If the country does not have appropriate data protection (which often applies to countries outside of the EU/EFTA/EEA), we ensure an appropriate degree of protection by means of contractual provisions (e.g., based on standard contractual clauses of the European Commission – a copy of these clauses can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914 or in our Binding Corporate Rules [BCR]) along with effective technical security measures. Please note that such contractual safeguards provide adequate protection; however, not all risks can be entirely ruled out (e.g., risk of government intervention abroad). 

If your data is processed by us you may – in accordance with applicable data protection legislation – assert the following rights, usually free of charge and generally at any time. Please note that these rights are subject to legal requirements and that exemptions and restrictions apply. Specifically, we may need to process and store your data in order to perform a contract with you, safeguard your legitimate interests (e.g., asserting, exercising, and defending legal entitlements), or to comply with legal obligations. It may therefore be the case that we reject a data subject’s request in whole or in part.

These rights can generally be exercised by sending an email or letter (postal address) to the office specified in section 6.11. For the purpose of avoiding misuse, the exercising of your rights generally requires that you prove your identity conclusively (e.g., by means of a copy of your ID or passport), unless we are able to identify you clearly in another way. Data subject requests addressed to the units specified may be processed by other units such as AXA Complaint Management.

If you believe the processing of your personal data violates the data protection legislation or that your rights under the legal provisions are breached in any other way, you have the option of submitting a complaint to the responsible data protection authority (see section 6.11). 

You have the right to request information from us as to whether we process your data and what data. 

You have the right to request the release of specific personal data in a structured, common, and machine-readable format or for it to be transferred to another controller.

You have the right to insist that we rectify any incorrect data or that we supplement any incomplete data if it is incorrect or incomplete. If we have stored incorrect personal data about you, we will be pleased to rectify this based on the information you provide, unless you can correct or supplement it yourself via a portal.

You have the right to request the erasure or anonymization of data that is not essential to the performance of the contract, or that is not being processed on the basis of legal obligations (e.g., mandatory retention) or on account of our overriding legitimate interests. 

In certain cases you will have the right to the restriction of processing (e.g., if the accuracy of the data is disputed or unlawful processing is asserted).

You have the right to object to the future processing of your data with immediate effect, in particular if processing is in order to maintain our legitimate interests, for example in the case of direct marketing and for the profiling undertaken for the purpose of direct advertising.

Provided the processing of your data is based on consent that you have granted, you have the right to revoke your  consent to future processing at any time and with immediate effect. However, this is only possible if the data processing is not required in connection with contractual obligations. You can assert this right at any time as follows:

• General contact | AXA (online form)
• AXA 24-hour helpline 0800 809 809

We will let you know if we have taken an automated case-by-case decision in the context of the applicable data protection law. You will then have the right to present your point of view and demand that the decision is reviewed by a human. When informing you of the decision taken, we will let you know whom to contact.