Privacy notice
en / de / fr / ru

Privacy policy and statement

Thank you very much for visiting our website or for otherwise getting in contact with us. We place very high value on the protection of personal data. In principle, it is possible to use this website without handing over any personal data. However, if you would like to make use of an offer from our company online, then it may be necessary to process personal data. If it does prove necessary to process personal data and if there is no legal basis for this processing, then we will generally obtain consent from the data subject.

Processing of a data subject’s personal data, for instance their name, address, e-mail address or telephone number, shall always be carried out in compliance with the current EU General Data Protection Regulation (GDPR), effective as of 25/02/2018. With this data privacy statement, our company endeavours to provide information about the nature, scope and purpose of the personal data we process and to inform data subjects of their rights.

Our company has implemented numerous technical and organisational measures for the data collected in order to ensure as complete protection as possible for the personal data that is processed. Nevertheless, internet-based data transfers may have flaws in security and as such, absolute protection cannot be guaranteed.

I. Definitions

Our company’s data privacy statement is based on the GDPR. Our data privacy statement should be easily readable and comprehensible. In order to ensure this, we shall first define the terms used.

1. Personal data

Personal data refers to “any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (article 4, section 1 of the GDPR).

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for data processing.

3. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing refers to the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling

Profiling is any form of automated processing of personal data in which this personal data is used in order to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation refers to processing personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information. This additional information is kept separately and is subject to the technical and organisational measures, thus guaranteeing that the personal data is not attributed to an identified or identifiable natural person.

7. Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

8. Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, regardless of whether this is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third parties

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a declaration or other clearly verified deed with which the data subject signifies agreement to the processing of personal data relating to him or her.

 

II. Controller

According to the General Data Protection Regulation, the national data protection laws of member states and additional data protection regulations, the controller is:
NOVAG SAS
Zone d’Activité de la Croix-Ganne
79370 FRESSINES, FRANCE
Tel: +33 549 246 543
E-mail: info @ novagsas.com
Website: www.novagsas.com

 

III. Provision of website

1. Every time you visit our webpage, our system automatically gathers data and information from the system of the accessing computer. The following data is collected here:
– the user’s operating system
– the user’s internet service provider
– the user’s IP-address
– date and time of access
– websites that direct the user’s system to our website
– websites accessed by the user’s system from our website
– files retrieved
– quantity of data sent
The legal basis for the temporary storage of data is Art. 6 (1) (f) of the GDPR.

2. The temporary storage of the IP address by the system is required so that the website can be connected to the user’s computer. For this purpose, the IP address of the user must be saved for the duration of the web session. For this purpose, our legitimate interest is in accordance with Art. 6 (1) (f) of the GDPR.

3. Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the event of collecting data to ensure the website is functioning correctly, this is the case once the relevant session has ended.

4. The collection of data for providing the website is absolutely necessary for the website to operate and therefore the user has no right to object.

 

IV. Logfiles

1. The data is also stored in our system’s log files. This data is stored separately from the user’s personal data. The legal basis for the creation of log files is Art. 6 (1) (f) of the GDPR.

2. Storage takes place in log files to ensure that the website is functioning correctly. Furthermore, the data allows us to optimise the website and to guarantee the security of our information technology systems. The data is not evaluated for marketing purposes in this context. For this purpose, our legitimate interest in data processing corresponds with Art. 6 (1) (f) of the GDPR.

3. The data in the log files is deleted after seven days at the latest. However, data may be stored for periods extended beyond this. In such cases, the users’ IP addresses are deleted or altered, meaning that the IP address can no longer be traced back to the respective client.

4. The storage of data in log files is absolutely necessary to ensure that the website is fully operational. As such, users have no right to object.

 

V. Cookies

1. Our website uses cookies. Cookies are text files that are stored in your browser or on the user’s computer system by the internet browser. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a unique character sequence that enables a unique identification of the browser when the user reconnects to the website. The following data is saved and transmitted in the cookies:
– language settings
– login details
– items in shopping carts

We also use cookies on our website to allow us to analyse users’ browsing behaviour. Analysing cookies allows us to gather the following data:
– search terms entered
– frequency of page views
– use of website functions

2. The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) of the GDPR.

3. We use cookies in order to simplify website use for our users. Analysis cookies are used to improve the quality of our website so that we can continuously optimise our offer in line with the knowledge we gain about precise use of the website. In this context, our legitimate interest in processing personal data also corresponds with Art. 6 (f) of the GDPR.

4. Cookies are stored on the user’s computer and sent from there to our website. Therefore, as the user you have full control over the use of cookies. You can limit or deactivate the transmission of cookies by changing the settings in your internet browser. Previously stored cookies can be deleted at any time. This can also be done automatically. If you choose to deactivate cookies for our website, you may no longer be able to use the full range of functions on the site.

 

VI. Google analytics

1. This website uses Google Analytics, a web analysis service from Google Inc (”Google”). Google also uses cookies via our website. Google Analytics also uses cookies that are stored on your computer and allow your use of the website to be analysed. The information generated by the cookie about your use of this website (including your IP address) is transmitted to and stored on a Google server in the United States. Google Analytics has been extended on this website by the code “grt._anonymizeIP()” in order to guarantee an anonymised collection of IP addresses. As a result of the activation of IP anonymisation on this website, your IP address will be abbreviated by Google in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties, if this is required by law, or as far as third parties process this data on behalf of Google. In no case will Google link your IP address to any other data provided by Google. The IP address transmitted from your browser by Google Analytics will not be merged with other data belonging to Google.

2. The legal basis for using the website analysis services of Google Analytics is Art. 6 (1) (f) of the GDPR. The use of cookies by Google is permissible according to Art. 6 (1) (f) of the GDPR.

3. The purpose of using Google’s web analysis services and cookies is to increase the efficiency of our website through perfected analysis of user behaviour in order to accommodate the interests and needs of our users to the fullest extent. For this purpose, our legitimate interest in data processing is in line with Art. 6 (f) of the GDPR.

4. You can prevent the storage of cookies by Google by adjusting your browser software settings accordingly. However, we would point out that in this case you may not be able to use all the functions of this website fully. In addition, you can prevent the use of Google Analytics, thus preventing Google from collecting the data generated by the cookie and regarding your use of the website (including your IP address), and also prevent Google from processing this data by downloading and installing the browser plug-in available from the link below: (tools.google.com).

 

VII. Social media plugins

1. Facebook button

a) This website uses “plugins” from the social media network Facebook, headquartered in 1601 South California Avenue, Palo Alto, CA 94304, USA. All Facebook plugins used on this page can be identified by the Facebook logos or the “Like” button. You can find a breakdown of the plugins made available by Facebook and potentially used on this website on an official information page belonging to the social media network: developers.facebook.com
Facebook gathers information about the website visited and about the services on the website via these plugins. For example, the information gathered may include the system software, the hardware version, device settings, names and types of files and software, the strength of the battery and signal, as well as device IDs, device locations including specific geographical locations e.g. via GPS, Bluetooth or Wi-Fi signals, connection information such as the name of the mobile network or the internet provider, browser type, language and time zone, mobile phone number, and IP address. Facebook can link together pieces of information that were gathered from different devices. We employ the “Shariff” system in the context of social media plugin usage. This plugin involves just a graphic that contains a simple HTML link to the social media network Facebook. By clicking on this graphic, you will be sent to the service of that particular network. The button only establishes direct contact between the social network and our visitors if the visitor actively clicks on the Share button. Only then will your data be transferred to the relevant social media network. However, if the button is not clicked, no exchange will take place between you and the social media network. We would like to specifically point out that, as operators of this website, we have no knowledge of how Facebook uses this data. Facebook has made public information regarding this itself. You can access this information in Facebook’s official data privacy statement at en-gb.facebook.com.
b) The legal basis for using Facebook plugins within the scope of the Shariff solution with prior consent is Art. 6 (1) (a) of the GDPR.
c) The purpose of using Facebook plugins is to increase the efficiency of our website and to make it more user friendly.
d) If you want to prevent Facebook from being able to assign the visit to our site to your Facebook user account, you can do this by logging out of your Facebook user account after reading this notice.

2. Twitter button

a) Some functions of the Twitter service are integrated into our website. The provider of these functions is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We employ the “Shariff” system in the context of social media plugin usage. This plugin involves just a graphic that contains a simple HTML link to the social media network Twitter. By clicking on this graphic, you will be sent to the service of that particular network. The button only establishes direct contact between the social network and our visitors if the visitor actively clicks on the Share button. Only then will your data be transferred to the relevant social media network. However, if the button is not clicked, no exchange will take place between you and the social media network. If you use Twitter and, for example, the “Retweet” function, then the websites you have visited will be connected with your Twitter account and will be disclosed to other users. This also involves data transfer to Twitter. We would like to point out that, as mere providers of our website, we do not receive any knowledge of the content of this data or its use by Twitter. However, you can find more information about this in Twitter’s data privacy statement at twitter.com/privacy. You can change your data privacy settings with Twitter using the following link: twitter.com.
b) The legal basis for using Twitter plugins within the scope of the Shariff solution with prior consent is Art. 6 (1) (a) of the GDPR.
c) The purpose of using Twitter plugins is to increase the efficiency of our website and to make it more user friendly.
d) If you want to prevent Twitter from being able to attach the visit to our site to your Twitter profile, you can do this by logging out of your Twitter profile after reading this notice.

3. LinkedIn button

a) This website uses a plugin by the social media network LinkedIn, headquartered in Wilton Place, Dublin 2, Ireland.
We employ the “Shariff” system in the context of social media plugin usage. This plugin involves just a graphic that contains a simple HTML link to the social media network LinkedIn. By clicking on this graphic, you will be sent to the service of that particular network. The button only establishes direct contact between the social network and our visitors if the visitor actively clicks on the Share button. Only then will your data be transferred to the relevant social media network. However, if the button is not clicked, no exchange will take place between you and the social media network. We would like to specifically point out that, as operators of this website, we have no knowledge of how LinkedIn uses this data. LinkedIn has made public information regarding this itself. You can access this information in their official data privacy statement at linkedin.com.
b) The legal basis for using LinkedIn plugins within the scope of the Shariff solution with prior consent is Art. 6 (1) (a) of the GDPR.
c) The purpose of using LinkedIn plugins is to increase the efficiency of our website and to make it more user-friendly.
d) If you want to prevent LinkedIn from being able to assign the visit to our site to your LinkedIn profile, you can do this by logging out of your LinkedIn profile after reading this notice.

4. Instagram button

a) This website uses a plugin by the social media network Instagram Inc, headquartered in 181 South Park Street, Suite 2, San Francisco, CA 94107, United States. We employ the “Shariff” system in the context of social media plugin usage. This plugin involves just a graphic that contains a simple HTML link to the social media network Instagram. By clicking on this graphic, you will be sent to the service of that particular network. The button only establishes direct contact between the social network and our visitors if the visitor actively clicks on the Share button. Only then will your data be transferred to the relevant social media network. However, if the button is not clicked, no exchange will take place between you and the social media network.
We would like to specifically point out that, as operators of this website, we have no knowledge of how Instagram uses this data. Instagram has made public information regarding this itself. You can access this information in Instagram’s official data privacy statement at help.instagram.com

 

VIII. Youtube

1. Plugins

a) This website uses plugins by the company YouTube, headquartered in LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a Google Ireland Limited company, Gordon House, Barrow Street, Dublin 4, Ireland. This plugin is just a graphic that contains a simple HTML link to the corresponding video on YouTube. By clicking on this graphic, you will be sent to YouTube. The button only establishes direct contact between YouTube and our visitors if the visitor actively uses YouTube. Only then will your data be transferred to YouTube. However, if the button is not clicked, no exchange will take place between the user and YouTube.
We would like to specifically point out that, as operators of this website, we have no knowledge of how YouTube uses this data. YouTube has made public information regarding this itself. You can access this information in Google’s official data privacy statement at policies.google.com.
b) The legal basis for using YouTube plugins is Art. 6 (1) (a) of the GDPR.
c) The purpose of using YouTube plugins is to increase the efficiency of our website and to make it more user friendly.
d) If you want to prevent YouTube from being able to assign the visit to our site to your YouTube profile, you can do this by logging out of your YouTube profile after reading this notice.

2. Embedded YouTube videos

a) This website also allows YouTube videos to be called up directly on the website. In order to do so, the option “- Privacy-Enhanced Mode -” provided by YouTube should be activated. If a user calls up a page with an embedded YouTube video, then a connection with YouTube will be established. According to information provided by YouTube, if “- Privacy-Enhanced Mode -” is activated, then data will be transferred to YouTube servers only if you view a video, in particular data regarding which of our internet pages you visited. If you are logged in to YouTube at the same time, then this information will be assigned to your account with YouTube. You can prevent this by logging out of your account before visiting our website.
b) The legal basis for this data processing is Art. 6 (1) (f) of the GDPR.
c) The purpose of this data processing is to make it possible to call up high-quality videos directly on our website and to ensure our website becomes more user friendly through quick accessibility. For this purpose, our legitimate interest corresponds with Art. 6 (1) (f) of the GDPR.

IX. Contact form and E-mail contact

a) Our website includes a contact form that can be used to get in touch via electronic means. If a user makes use of this function, the data entered into the input screen will be transmitted to us and stored. This data includes: first name, surname, e-mail address, telephone number. Your consent will be obtained for data processing as part of the sending process and referred to in this data privacy statement. Alternatively, you can contact us using the e-mail address provided. In this case, all user personal data transmitted together with the email will be stored. No data will be forwarded to third parties in connection with such contact. The data will be used exclusively for dealing with the conversation concerned.
b) Where the user has given consent to such processing, the legal basis for the processing of data is Art. 6 (1) (a) of the GDPR.
The legal basis for processing of data transmitted when sending an e-mail is Art. 6 (1) (f) of the GDPR. If e-mail contact is made with a view to the conclusion of a contract, Art. 6 (1) (b) of the GDPR functions as an additional basis for processing.
c) The processing of personal data from the input screen serves exclusively to allow us to handle the enquiry concerned. In the event of contact being made by e-mail, this also represents the required legitimate interest in processing the data. Other personal data processed during the sending process serves to prevent abuse of the contact form and to ensure the security of our information technology system.
d) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input screen of the contact form and data transmitted by e-mail, this shall be the point at which the conversation concerned with the user comes to an end. The conversation shall be deemed to have come to an end when it can be gathered from the circumstances that the matter at hand has definitely been resolved. Additional personal data gathered during the sending process will be deleted within a period of seven days at the latest. The user is entitled to withdraw their consent to the processing of their personal data at any time. In the event that the user contacts us by e-mail, they may object to the storage of their personal data at any time. The conversation cannot be continued under such circumstances. In this eventuality, all personal data stored in relation to the enquiry will be deleted.

XVI. Guidance on rights of data subjects

If your personal data is processed, you are defined as a data subject according to the GDPR, and you have the following rights in relation to the controller:

1. Right of access

You are entitled to request confirmation from the controller as to whether we are processing personal data relating to you.
If such processing is taking place, you are entitled to demand the following information from the controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients and/or categories of recipient to which personal data relating to you has been or is being disclosed;
(4) the envisaged retention period for the personal data relating to you or, if it is not possible to state this definitively, the criteria used to determine this period;
(5) information regarding your right to correction or erasure of the personal data relating to you, your right to restrict processing by the controller or your right to object to this processing;
(6) your right to lodge a complaint with a supervisory authority;
(7) any available information about the source of data if the personal data is not collected from the data subject;
(8) the existence of an automatic decision-making process, including profiling, pursuant to Art. 22 (1) and (4) of the GDPR and – at least in those cases – express information about the logic involved, as well as the significance and targeted consequences of such processing for the data subject.

You have the right to demand information regarding whether personal data relating to you is being transmitted to a third country or international organisation. In this regard, you are entitled to demand to be informed of the appropriate safeguards related to the transfer pursuant to Art. 46 of the GDPR.

2. Right to rectification

You have right to rectification and/or completion of your personal data in relation to the controller, provided that the processed personal data concerning you is inaccurate or incomplete. The controller must undertake any rectification without undue delay.

3. Right to restriction of processing

You are entitled to demand the restriction of the processing of personal data relating to you in the following circumstances:
(1) if you dispute the accuracy of the personal data relating to you for a period, allowing the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Art. 21 (1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your own.
If the processing of the personal data relating to you has been restricted, this data, with the exception of its storage, shall be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted according to the provisions listed above, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Duty of erasure
You shall have the right to demand from the controller the erasure of personal data relating to you without undue delay and the controller shall have the obligation to erase this data immediately, where one of the following grounds applies:
(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6 (1) (a), or Art. 9 (2) (a) of the GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
(4) The personal data relating to you has been unlawfully processed.
(5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data has been collected in relation to the offer of information society services in line with Article 8 (1) of the GDPR.
b) Provision of information to third parties
If the controller has made public the personal data concerning you and is obliged to erase it pursuant to Art. 17 (1) of the GDPR, then this person must take all appropriate measures, taking into account the technology and implementation costs available, including measures of a technical nature, in order to inform the controller of data processing who processed the personal data that you as a data subject have requested that they erase all links to this personal data and any copies or replicas of this personal data.
c) Exceptions
The right to erasure shall not apply where processing is required for the following purposes;
(1) for exercising the right of freedom of expression and information;
(2) for fulfilling a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i), as well as Art. 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) of the GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

Where you have asserted the right to the rectification, erasure or restriction of processing to the controller, the controller shall be obliged to communicate this correction or erasure of data or restriction of processing to all recipients to whom personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled to demand that the controller informs you of these recipients.

6. Right to data portability

You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR, or on a contract pursuant to Art. 6 (1) (b) of the GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where this is technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of personal data that is required for performance of a task carried out in the public interest or in the exercise of public authority vested in the controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you based on Art. 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or that serve the establishment, exercise or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purposes of such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes. In the context of the use of information society services, regardless of Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.

8. Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of the consent up to the point at which it is withdrawn.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision that is based solely on automated processing, including profiling, which produces legal effects in relation to you or which similarly significantly affects you. This right does not apply if the decision
(1) is necessary for concluding, or performing, a contract between you and the data controller,
(2) is authorised by the statutory provisions of the Union or Member State to which the controller is subject and which also lay down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on particular categories of personal data pursuant to Art. 9 (1) of the GDPR, unless Art. 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the location at which the suspected breach occurred, if you consider that your rights under GDPR are infringed by the processing of personal data relating to you, regardless of another regulatory or statutory appeal.
The supervisory authority to which the complaint is submitted must inform the complainant of the progress and the outcome of the complaint, including the right to an effective judicial remedy pursuant to Art. 78 of the GDPR.