We are pleased to welcome you to our website and with your interest in msg life Iberia. Not only is offering our customers end-to-end support very important to us, but so is ensuring that your personal information is protected.
The following explains the actions we take when you visit our website – naturally in compliance with applicable data security regulations, which information we collect and how we process it.
Should our data privacy statement change, it will be updated on this page in order to keep you informed as to which data msg life Iberia stores and uses.
The most important data privacy information can be found below. We have organized the information by topic.
I) Name and address of the responsible party
Responsible for the collection, processing and use of your personal data pursuant to the EU General Data Protection Regulation is:
msg life Iberia
Avenida dos Aliados 54, 5º andar – 4000-064 Porto – Portugal
Telephone: + 351 223 203 110
Should you wish to object to the collection, processing or use of your data by msg life ag as set forth in these data privacy policies as a whole or in regard to specific measures, please e-mail, fax or mail your objection to the aforementioned address.
II) Name and address of the data protection officer
Data protection officer of the responsible party is:
msg life Iberia, Unipessoal Lda.
Avenida dos Aliados, n.º54, 5º, Andar
III) General information on data processing
1) Why we use data
We wish to constantly improve our offers and make them more attractive. The only way for us to optimize the contents of the msg Internet sites to better meet your demands is to identify which sections of our Internet sites are most commonly visited and on which the most time is spent. Should you entrust us with your personal information, msg life Iberia shall use such for the technical administration of the websites, customer management, product surveys and marketing; however, we shall only do so to the extent that is necessary. The more we understand what you want, the faster you will be able to find the information you are looking for on our Internet sites.
2) Information on the collection of personal information
The following provides information on the collection of personal information when using our website. Personal information includes all information that relates to you personally, e.g., name, address, e-mail address, user behavior, etc.
Any personal information you are prompted to enter on our website, such as your name, address or telephone number, shall be subject to these specific policies and you shall be notified of such by a text that reads as follows:
“I hereby consent to my personal information (including my telephone number and/or e-mail address) being collected, processed and used for the purpose of contract processing and/or potential customer opportunities, surveys and information. Any forwarding to third-parties, with the exception of the companies of the msg life group, is excluded. I have the right to revoke this consent from msg life Iberia, Avenida dos Aliados 54, 5º andar – 4000-064 Porto – Portugal, at any time.”
Our use of the data shall be limited to the aforementioned purposes. Information shall not be forwarded to third parties outside msg life Iberia. The only exception hereto are the companies of the msg group.
In addition to the information you share with us, we also analyze how you use our services and offers in order to lead you to the information that might interest you more quickly and in order to constantly optimize our service.
3) Legal basis for processing personal information
Numeral 6, Para. 1, Item a of the General Data Protection Regulation (GDPR) forms the legal basis for any consent we obtain from relevant persons for the operations involved in processing personal information.
Numeral 6, Para. 1, Item b of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal information in order to fulfill a contract when the relevant person is one of the contract parties. This includes processing operations necessary to complete measures that precede the contract.
Numeral 6, Para. 1, Item c of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal information to the extent such is necessary in order to comply with legal obligations to which our company is subject.
Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR) forms the legal basis for any processing necessary to ensure a legitimate interest of our company or a third party, as long as such do not outweigh the interests, fundamental rights and fundamental freedoms of the person in question.
4) Data deletion and retention period
The personal information of the relevant person shall be deleted or locked as soon as the purpose for which such was stored is no longer applicable. Storage beyond such is possible if provided by European or national lawmakers in laws or other regulations to which the responsible party is subject under Union law. Data shall also be locked or deleted once the retention period prescribed in the given norms expires, unless storage of the data is still required in order to conclude or fulfill a contract.
IV) Provision of the website
1) Collection of personal information when visiting our website
The only personal information we collect when you visit our websites is the information your browser communicates to our servers. When you browse our website, we collect the information required on the technical side to display our website and to ensure stability and security. The following information is collected in such cases:
• User’s IP address
• Date and time of your inquiry
• Content of the request (specific site)
• Respective data volume transmitted
• Website from which the inquiry is received
• Information on the browser type
• User’s operating system
• Language and version of the browser software
• Websites from which the user’s system accesses our Internet site
• Websites the user’s system accesses from our website
This information is also stored in our system’s log files. This information is not stored together with other personal information.
2) Legal basis for the data processing
Legal basis for the temporary storage of data and log files is Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
3) Purpose of the processing
The IP address must be temporarily stored by the system in order to enable the delivery of the website to the user’s computer. To that end, the user’s IP address must be stored for the duration of the session. IP addresses are required for problem diagnosis, website administration and demographic information.
The information recorded is solely used for data security reasons, specifically to prevent attack attempts on our web server, and for statistical analysis.
4) Retention period
Data is deleted as soon as it is no longer required for the purpose it was collected. Any information collected in order to provide the website is deleted as soon as the respective session is terminated.
Information stored in log files is deleted no later than after seven (7) days. Storage beyond that period is also possible. In that case, the user’s IP addresses are deleted or rendered anonymous so that it can no longer be collated to the client that used it to access the site.
5) Objection and removal options
Information must be collected in order to provide the website and information must be stored in log files in order to operate the Internet site. As a result, the user does not have the option to object in this case.
1) Description and scope of the data collection
2) Legal basis for the data processing
Legal basis for the processing of personal information when using cookies is Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
3) Purpose of the data processing
Cookies that are necessary for technical reasons are used to make the website easier for users to use. A few functions on our Internet site cannot be offered without using cookies. In those cases, our system must be able to recognize the browser again even after a user has switched to a different site.
The user data collected by cookies required for technical reasons is not used to create user profiles.
These purposes form our legitimate interest in processing personal information as set forth in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
4) Retention period
5) Objection and removal options
Cookies that have already been stored can be deleted at any time. This can be done automatically as well. However, disabling the cookies used by our website may mean you will not have full access to all of the functions of our website.
VI) E-mail/contact form
1) Description and scope of the data collection
Our Internet site offers contact forms which can be used to contact us electronically. When a user takes advantage of this option, the information they enter on the input screen is transferred to us and stored. That data is:
• First name (required field)
• Last name (required field)
• Your e-mail address (required field)
• Your message (required field)
• Postal Code
The following information is also stored when you submit your message:
• The user’s IP address
• Date and time of registration
In order to process the information, we obtain your consent when you submit the information and reference this data privacy statement.
Alternatively, we can also be contacted using the e-mail address provided. In that case, the personal information the user includes in the e-mail is stored.
The information obtained in this context is not transferred to third parties outside the msg life group. The information is only used to process the conversation.
2) Legal basis for the data processing
Legal basis for processing information once the user’s consent has been obtained is Numeral 6, Para. 1, Item a of the General Data Protection Regulation (GDPR).
3) Purpose of the data processing
The personal information provided on the input screen is used for the sole purpose of handling the contact request. In case of contact by e-mail, the information is processed as a necessary legitimate interest.
Any other personal information processed during the transmission is processed to prevent misuse of the contact form and to ensure the safety of our IT systems.
4) Retention period
Data is deleted as soon as it is no longer required for the purpose it was collected. In regard to personal information from the input screen of the contact form and personal information sent by e-mail, such information is deleted when the respective conversation with the user is terminated. A conversation is considered terminated when the circumstances indicate that the subject under discussion has been fully clarified.
Any further personal information collected during the transmission is deleted no later than within a period of seven days.
5) Objection and removal options
The user can revoke their consent to having their personal information processed at any time. Should a user contact us by e-mail, they can revoke their consent to having their personal information stored at any time. It will not be possible to continue a conversation in such cases.
Please contact msg lifes marketing team by e-mail if you would like to revoke your consent/the storage of your information firstname.lastname@example.org.
Any personal information stored as part of the contact request will be deleted.
VII) Online applications
If you apply via our website, all data provided by you will be stored in our management system. msg life Iberia does not share said data with third parties outside the group of companies.
VIII) Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called “Cookies”. Cookies are text files that are stored on your computer, enabling the analysis of your website usage.
It cannot be excluded that the collected information may be transferred to a Google server in a third country and saved there, especially a server of Google’s parent company, Google LLC, based in 1600 Amphitheatre Parkway, Mountain View, California, USA. Google LCC is certificated to the “EU-US-Privacy-Shield” (search „Google” at https://www.privacyshield.gov/list). The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure the adherence to the European data privacy standards in the USA.
The IP anonymization function is activated on this website, Google will shorten your IP address prior to storing it; this shall be done for all member states of the European Union or in other states where the agreement pertaining to the European Economic Area applies. Only in cases of exception will the full IP address be sent to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use said information to analyze your use of this website, to create reports on website activities and to provide other services affiliated with the website usage and internet usage for the operator of the website. It this case, pseudonymous user accounts can be created based on the processed data. The IP address delivered from your browser and shortened by Google Analytics will not be combined with other data of Google.
You can prevent the storage of cookies by activating the corresponding setting in your browser software. However, disabling the cookies used by our website may means you will not have full access to all of the functions of our website.
You may also prevent Google from collecting the data generated by the cookie and data related to your use of the website (including your IP address), as well as the processing of said data by Google, by downloading and installing the Browser Add-On: https://tools.google.com/dlpage/gaoptout?hl=en
For browsers on mobile devices, please click the following link. This sets an opt-out cookie that prevents your data from being collected by Google Analytics during any future visits to the website. Please note that this opt-out cookie only works with this browser and this domain. If you delete your cookies in this browser, you have to click the link again.
The analysis of the use of the website is considered a legitimate interest as defined in Numeral 6, Para 1, Item f of the General Data Protection Regulation (GDPR).
More information on Google’s use of data for advertising purposes and possibilities concerning the settings and contradiction can be found on Google’s websites:
– https://policies.google.com/technologies/ads?hl=en („Use of data for advertising purposes“),
– https://adssettings.google.com/u/0/authenticated?hl=en („Determine which advertisements Google shows you“)
IX) Online appearance in social media
We operate publicly available profiles in social networks to get in touch with active users, interested parties and customers and to inform them about our services.
Data of social network users like Facebook or Google + may be processed in third countries – for example the USA. Therefore, the enforcement of the user’s rights can be more difficult. We indicate US-providers certificated to Privacy Shield that they are obliged to keep to the EU data privacy standards.
If you are logged onto your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data can possibly also been collected if you are not logged onto or do not have an account with the respective social media portal. This data collection is due to cookies saved on your device or to the record of your IP-address.
With the collected data, the operators of the social media portals can create user profiles in which their preferences and interests are saved. Normally, the data is saved for market research and advertisement. In this way, personalized advertisement can be shown to you within and outside the respective social media presence.
If you have an account with the respective social network, the interest-related advertisement may be shown on all devices and platforms where you are or were logged onto.
Our appearance in social media should ensure a various presence on the internet. It is considered a legitimate interest as defined in Numeral 6, Para 1, Item f of the General Data Protection Regulation (GDPR). The analytic processes initiated by social networks may be based on a different legal basis that is to be indicated by the social network operators (e.g. agreement based on Numeral 6, Para 1, Item a, Numeral 7 GDPR).
If you visit one of our social media appearances (e.g. Facebook), we both you and us and the operator are responsible for the data processes that has been produced. You can insist on your rights (disclosure, correction, deletion, restriction of processing, objection and complaint) to us and the operator of the respective social media portal (e.g. Facebook).
Despite having a common responsibility with the operators, please note that we do not have the fully extensive influence for the data processing of the social media portals. Our options are determined by the company policy of the respective provider.
Data directly collected by us through social media presence will be deleted of our systems as soon as the purpose of the storage is invalid, you ask for deletion, you retract your consent for storage or the purpose of data storage is invalid. Saved cookies will still be saved on your device until you delete it. Urgent legal provisions – in particular retention periods – remain unaffected.
We do not have any influence on the storage time of your data collected by the social network operators for their own purpose. For more details, please contact the provider of the respective social network (e.g. data privacy statement, see below).
X) Social plugins (Facebook, Twitter, LinkedIn, YouTube)
So-called “social plugins” are used on our website. These currently include plugins for Facebook, Twitter, LinkedIn and YouTube services. Information, including personal information, may be sent to service providers when using these plugins, including providers in the USA, and may be used by them.
1) Shariff protection tools
The website itself does not collect any personal information using social plugins or any information about their use. msg uses the so-called “Shariff” solution to prevent data from being sent to service providers without the user’s knowledge, including to providers in the USA. This solution ensures that personal information is not automatically sent to providers of the individual social plugins when you visit our website. Data cannot be sent to the service provider or stored by them until a user actually clicks on one of the social plugins.
More information on the Shariff solution can be found on the provider’s website, Heise Medien Gmbh & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
2) Data privacy statement for use of Facebook plugins
Plugins for the social media network Facebook (provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA) are integrated into our sites. The Facebook plugins on our site can be identified by their Facebook logo or the “Like” button. An overview of the various Facebook plugins can be found at: http://developers.facebook.com/docs/plugins/.
When you visit our sites, the plugin is used to establish a direct connection between your browser and the Facebook server. That informs Facebook that you visited our site from your IP address. Clicking the Facebook “Like” button on our sites while still logged onto your Facebook account allows you to link content from our sites to your Facebook profile. This permits Facebook to assign your visit to our sites to your user account. We would like to point out that as a provider of the sites, we do not receive any information on the content of the transmitted data or how it is used by Facebook. More information can be found in Facebook’s data privacy statement at:
You will need to log out of your Facebook account if you do not want Facebook to assign your visit to our sites to you Facebook account.
3) Data privacy statement for use of Twitter
The functions of the Twitter service are integrated into our sites. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Using Twitter and the “re-tweet” function links the websites you visit to your Twitter account and shares them with other users. Information is also sent to Twitter when you do so. We would like to point out that as a provider of the sites, we do not receive any information on the content of the transmitted data or how it is used by Twitter. More information can be found in Twitter’s data privacy statement at: http://twitter.com/privacy.
You can modify the data protection settings of your Twitter account at: http://twitter.com/account/settings.
4) Data privacy statement for use of LinkedIn
Our website uses the functions of the LinkedIn network. Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
A connection to the LinkedIn servers is established anytime our sites that contain LinkedIn functions are accessed. LinkedIn is informed that you visited our Internet sites from your IP address. Clicking the “Recommend” button by LinkedIn while you are stilled logged onto your LinkedIn account allows LinkedIn to assign your visit to our Internet site to you and your user account. We would like to point out that as a provider of the sites, we do not receive any information on the content of the transmitted data or how it is used by LinkedIn.
More information can be found in LinkedIn’s data privacy statement at: https://www.linkedin.com/legal/privacy-policy
5) Data privacy statement for use of Google Maps
We use Google Maps on this website to visualize geographical information and to construct directions. Google Maps is a map service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland („Google“).
While using Google Maps, Google will collect data concerning your use of google maps functions including your IP address. It cannot be excluded that the collected information may be transferred to a Google server in a third country and saved there, especially a server of Google’s parent company, Google LCC, based in 1600 Amphitheatre Parkway, Mountain View, California, USA. Google LCC is certificated to the “EU-US-Privacy-Shield” (search „Google” at https://www.privacyshield.gov/list). The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure the adherence to the European data privacy standards in the USA.
If you are logged onto your Google account, Google can add the processed data to your account and treat them as personal data. This depends on your account settings (https://policies.google.com/technologies/partner-sites?hl=en ).
The possibility of visualization is considered a legitimate interest as defined in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
YouTube videos are embedded into our website. Operator of the relevant plugins is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. It works with the double click procedure. At first, our website just shows a thumbnail without establishing a connection to YouTube. When clicking on the thumbnail, a connection to YouTube will be established and your IP address will be transferred to the YouTube servers. YouTube will be informed that our website has been visited with your IP address. We do not receive information about this data and its use.
YouTube LCC is a subsidiary of Google LCC based in 1600 Amphitheatre Parkway, Mountain View, California, USA and certificated to the “EU-US-Privacy-Shield” (search “Google” at https://www.privacyshield.gov/list). The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure the adherence to the European data privacy standards in the USA.
If you are logged onto your YouTube or Google account, Google can add the processed data to your account and treat them as personal data. This depends on your account settings (https://policies.google.com/technologies/partner-sites?hl=en.
We embed YouTube videos into our website that allows you to watch them directly. By integrating external videos, we relieve our servers and can use corresponding resources elsewhere in order to increase the stability of our servers. This is considered a legitimate interest as defined in Numeral 6, Para 1, Item f of the General Data Protection Regulation (GDPR).
Further information on the data processing by Google can be found at: https://policies.google.com/privacy?hl=en
XI) Use of Marketo and SalesForce
Our website uses Marketo, a web analysis and marketing service provided by Marketo EMEA Ltd. in Dublin, Ireland (‘Marketo’). The information generated by the cookie on how the user uses the website is normally sent to and stored by Marketo. Marketo will use this information on our behalf for the purposes of evaluating how users use the website, compiling reports on website activity and providing us with other services relating to website activity and Internet usage. Additionally, Marketo is used to store the data you input in the forms on our website in a cookie.
Marketo is used on the basis of Article 6, paragraph, point (f), of the GDPR and serves to optimise our marketing measures.
See here for more information on data protection at Marketo.
You can prevent the installation of feature and advertising cookies by changing the settings in your browser; in this case, you might not be able to make full use of all of the features of the website. Additionally, you can object to the collection of the data generated by the cookie concerning your use of the website by Marketo as well as the processing of the data by Marketo by clicking on the following link:
Please note that if you delete this cookie or all cookies, the information that you have exercised your right to object will be erased as well.
If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing department of msg life ag at email@example.com.
Marketo EMEA Ltd.
Cairn House, South County Business Park
msg life ag stores and uses the data you enter on the website in systems belonging to the company salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (‘Salesforce’), for the purposes of customer relationship management (‘CRM’). The address of the US parent company is as follows: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.
Salesforce may only access the data within the scope of our instructions (order processing). Salesforce also takes strict technical measures in order to protect your personal data. Salesforce does not give your personal data to third parties unless this is required for the rendering of the agreed services or Salesforce must do so in order to comply with the law or a valid and binding instruction from any governmental or regulatory authority. The data provided in such cases is limited to the minimum required.
Salesforce is certified under the EU–US Privacy Shield agreement, providing an additional guarantee of compliance with European data protection laws when data is processed in the United States (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active). Additionally, a contract for order processing was concluded with Salesforce which includes the standard EU contract clauses if data is processed in the United States for maintenance purposes.
The legal basis for processing your data is Article 6, paragraph 1, point (f), of the General Data Protection Regulation (GDPR). msg life ag uses the CRM system from the provider Salesforce in order to more quickly and efficiently process the requests of users.
The duration of data storage is determined by the legal requirements for data retention.
See the following link for more information on data protection at Salesforce: https://www.salesforce.com/de/company/privacy/.
XII) Where is my information processed?
Your information is processed in Germany. Data is also processed in European and non-European foreign countries within the legally permissible limits. There are no plans for transmission to third countries.
XIII) How safe is my information?
msg life Iberia has taken extensive technical and operational safety precautions in accordance with applicable European law to protect your information from unauthorized access and misuse.
XIV) Will my information be shared with third parties?
No information with be shared with third parties, with the exception of the companies of the msg life group.
XV) Transfer of personal data
The transfer of personal data to recipients outside of the msg life Group is subject to admissibility criteria concerning the processing of personal data.
The recipient of the data is contractually obliged to process the data, to only use the data for the stated purposes and to process the data in line with the instructions of the msg life Group.
If personal data are transferred by a company based in the European Economic Area to a company based outside of the European Economic Area (a third country), the importing company is obliged to cooperate with any and all queries made by the supervisory authority responsible for the exporting company and heed the conclusions of the supervisory authority with regard to the transmitted data. The same applies analogously to data transfers by companies from other countries. If they are participating in an international certification system for binding data protection regulations for companies, they must ensure that they cooperate with the certification bodies and authorities in accordance with the rules of the system.
In cases of cross-border data processing, each set of national requirements concerning the disclosure of personal data abroad must be met. In particular, personal data are only transferred from the European Union and European Economic Area to a third country if the specific requirements of the GDPR concerning data transfers to third countries are met and the processing of the personal data is lawful. The following are examples of suitable instruments:
Acknowledgement of binding corporate rules of the contractor to establish an adequate level of data protection by the supervisory authorities responsible for data protection.
XVI) Rights held by the affected person
Anytime your personal information is processed you are considered an affected person pursuant to the GDPR and you have the following rights in connection with the responsible party:
1) Right to disclosure
You have the right to request information on the scope, origin and recipient of stored information, as well as the purpose of the storage, at no charge to you.
2) Right to correction
You have the right to demand a correction and/or completion from the responsible party should the processed personal information related to you be incorrect or incomplete. The responsible party must make the corrections without delay.
3) Right to deletion
You have the right to request that the responsible party immediately delete any personal information related to you and the responsible party is required to delete said data without delay should any of the following reasons apply:
(1) The personal information related to you is no longer required for the purpose it was collected or processed in any other manner.
(2) You revoke the consent on which the processing was based pursuant to Numeral 6, Para. 1, Item a or Numeral 9, Para. 2, Item a of the General Data Protection Regulation (GDPR) and there is no other legal basis for the processing.
(3) You submit an objection to the processing pursuant to Numeral 21, Para. 1 of the General Data Protection Regulation (GDPR) and no legitimate reasons for the processing that have precedence over your objection exist, or you submit an objection to the processing pursuant to Numeral 21, Para. 2 of the General Data Protection Regulation (GDPR).
(4) The personal information related to you was processed unlawfully.
(5) The deletion of the personal information related to you is necessary in order to meet a legal obligation under Union law or the law of the member states to which the responsible party is subject.
(6) The personal information related to you was collected in relation to services offered by the information company pursuant to Numeral 8, Para. 1 of the General Data Protection Regulation (GDPR).
4) Right to data portability
You have the right to obtain the personal information related to you and which you shared with the responsible party in a structured, commonly used and machine-readable format.
5) Right of objection
You have the right, for reasons arising from your particular situation, to object to the processing of personal information related to you, which was being processed pursuant to Numeral 6, Para. 1, Item e or f of the General Data Protection Regulation (GDPR), at any time; this includes any profiling based on these policies.
The responsible party will cease processing any personal information related to you unless they can provide proof urgent, protection-worthy reasons for the processing that outweigh your interests, rights and freedoms or unless the processing serves the enforcement, exercising or defense of legitimate claims.
You have the right to revoke your privacy consent statement at any time. Revoking your consent shall not affect the legitimacy of the processing that was performed with your consent up to the time your consent was revoked.
6) Right to submit complaint to supervisory body
Notwithstanding other administrative or legal remedy, you will generally have the right to submit a complaint to a supervisory body, specifically in the member state of your place of residence, your place of employment or the location of the alleged breach, if you are of the opinion that the processing of the personal information related to you violates the GDPR.
The supervisory body to which the complaint is submitted shall inform the complainant of the status and results of the complaint, including the option of legal remedy pursuant to Numeral 78 of the GDPR.