Data Privacy Policy

You can contact us via our website www.audioversum.at and subscribe to our newsletter. For more detailed information go to the subsections "Newsletter" and "Contact forms" of this data protection notice.
You can also sign up for the newsletter at the terminals for our visitor satisfaction survey directly in the museum.

Legal basis:
Consent – Art. 6 (1) a) GDPR and Legitimate interest – Art. 6 (1) f) GDPR marketing.

You can use the multimedia-station in the museum to take pictures and send them to you by e-mail. Information on data privacy at dslrbooth: https://dslrbooth.com/privacy-policy/ 

Legal basis:
Consent – Art. 6 (1) a) GDPR and Legitimate interest – Art. 6 (1) f) GDPR marketing.

The entire exhibition area of the Audioversum Science Center is under video surveillance.

Legal basis:
Legitimate Interest – Art. 6 (1) f GDPR - Protection against vandalism and theft, visitor management.

Audiocheck hearing test

If you hand in the postcard for the Audiocheck test results in the museum, the results will be forwarded to a MED-EL branch in your area to contact you in writing or by phone. The following data is processed: Name, address, email address, telephone number, age and hearing result.

Legal Basis:
Consent – Art. 6 (1) a) and Art. 9 (2) a) GDPR

On our website we offer the possibility to access podcasts or to stream videos live online. We use the following providers for this:

Podcasts: transistor.fm, PO Box 221123, Chicago IL 60622. Information on data privacy: https://transistor.fm/privacy/ 

Online-Video-Streaming: Twitch Interactive Inc., 350 Bush Street, San Francisco, CA94104. Information on data privacy: https://www.twitch.tv/p/de-de/legal/privacy-notice/

Legal Basis:
Legitimate Interest – Art. 6 (1) f) GDPR – provide podcasts and videos.

Curator: Content from our social media channels is displayed on our website. We use a script from Curator.io, Curator Group Pty Ltd, 53619769112, 69 Ruthven Street, Bondi Junction, New South Wales, 2022 Australia. Information on data privacy: https://curator.io/privacy-policy

Legal Basis:
Consent – Art. 6 (1) a) GDPR

We use a chatbot on some of our websites to answer your questions about MED-EL products and services. The chatbot is a text-based software system, the use is voluntary. Your text entries are saved locally on your PC in a cookie for the duration of your session. Dialogues are analyzed in an anonymous form by MED-EL to further improve the chatbot. If you enter your contact details, they will be forwarded to your MED-EL Office to answer your request.

The chatbot uses the Azure Bot Service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Information on data privacy can be found here: https://privacy.microsoft.com/en-us/privacystatement

Purpose:
Quick help with your requests

Legal basis:
Consent Art. 6 (1) a GDPR

If you allow access to position data via your browser, the clinics and distribution partners are displayed nearby. Your position will be located by identifying the position of your IP address. The data will not be saved.

Purpose:
Display of clinics and distribution partners close to your location

Legal basis:
Consent – Art. 6 (1) lit. a) GDPR

When you register for conferences, events, etc. your data will be passed on to third parties (PCO, hotel, transportation company, travel agency and visa authorities) in accordance with your details for the purpose of contractual fulfillment, in particular for hotel and travel booking, transfers, registration and visa procurement.
During conferences and events photos are taken for internal documentation and publication in print or online media.

Purpose:
Organization of conferences, events, etc., public relations and documentation

Legal basis:
Performance of a contract – Art. 6 (1) b) GDPR and Legitimate interests – Art. 6 (1) f) GDPR - photos for internal documentation and publication in print or online media

You are able to contact MED-EL (e.g. requests about products, support, etc.) by filling out our contact forms. The contact is normally made by email, if a phone number is given by phone.

When submitting the contact form your data of the contact fields (name, occupation (e.g. surgeon, home care, audiologist), interests (professional interests), telephone, address (street, house number, city, zip code, region, country), e-mail, interest to be included in mailing list) are processed.

Your request and contact details will be forwarded to the closest MED-EL office or certified partner in your country.

Purpose:
Answering/assisting you with your request

Legal Basis:
Performance of a contract or to perform pre-contractual steps – Art. 6 (1) b) GDPR

In some of our contact forms we use “hCAPTCHA”, a service of Intuition Machines, Inc. 1065 SW 8th St #704, Miami FL 33130, USA, Information on data privacy. With this we check if the data entry is done by a human or by an automated program (bot). Analysis starts automatically as soon as you visit our website. hCAPTCHA uses different information for this analysis (e.g. IP address, time of the visit, mouseclicks).

Legal Basis:
Legitimate interest – Art. 6 (1) f) GDPR - Protection against bots and spam.

Essentials of Hearing offers you a playful experience and engaging insights into the physics of hearing. You are invited to explore the basics of sound and the hearing process.

www.essentials-of-hearing.com

The hearbetter forum allows healthcare professionals to network and engage with each other online, and also to increase knowledge on hearing implants and MED-EL products and services.

Registration takes place through your myMED-EL account.

Purpose:
Register to the hearbetter forum

Legal basis:
consent – Art. 6 (1) a GDPR

You can enter the IDEASforEARS contest and submit your invention idea to us. For registration you have to provide the following data to us: invention idea, name, age, email, address, city, country, phone-number. Please note that entering the contest is only allowed with the consent of parents or guardians (please refer to Terms and Conditions).

Purpose:
Registration for the IDEASforEARS contest

Legal basis:
Consent – Art. 6 (1) a and 9 (2) a GDPR; performance of a contract – Art. 6 (1) b GDPR

You can use our online learning management system containing information, courses, webinars and programs on MED-EL products and services. The Academy is a myMED-EL service. Registration takes place through your myMED-EL account.

We use your email address to send you automated information, such as reminders for due dates of courses or assignments, or reminders for webinars and seminar events bookings. You will also receive your certificates via email. In courses or programs with a designated trainer, the trainer can send email messages to the participants as part of the training process.

The webinars, courses and programs you have attended and your user behavior are recorded within the learning platform in order to optimize our offer. For all learning activities, your learning progress, your answers and test results are recorded in order to document your learning success and to be able to create training certificates.

In some courses we offer you the opportunity to make your own notes in PDF learning materials. For this we work together with the company Amaplex Software (Avenue de Hony 24, 4130 Esneux, Belgium). If you take advantage of this offer, your name and email address will be sent to Amaplex Software. Information on data protection at Amaplex Software can be found here: https://amanote.com/legal/b2b-privacy-policy/

Purpose:
Operation and optimization of the learning platform

Legal basis:
Performance of a contract – Art. 6 (1) lit. b) GDPR

The MED-EL Remote Check enables you to carry out hearing tests independently.

An expert at your clinic will send you a personal invitation for a test by email or SMS. Your test data will be transferred to the expert at your clinic for evaluation. After completing the test, you will receive feedback from the clinician.

Access to Remote Check is via your myMED-EL account. The following data is stored at MED-EL on behalf of your clinic: name, address, e-mail, telephone number, log-in data, gender, date of birth, appointments, test date and results, ratings, any comments and photos. The data is stored in encrypted form on AWS servers in data centers within the EU. AWS, Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg. Information on data privacy: https://aws.amazon.com/compliance/data-privacy/.

MED-EL uses app usage data from the app in anonymised form for research and statistics and for product improvement.

Purpose:
Performance and evaluation of hearing tests by transferring data to your clinic.

Legal basis:
Consent - Art. 6 (1) a, Art. 9 (2) a, Art. 6 (1) b – performance of a contract, legitimate interest – Art. 6 (1) f and Art. 89 GDPR – Art. 6 (1) f) and Art. 89 GDPR – statistics, research and improvement of our products and services.

Via your myMED-EL Account you can register for the interactive hearing trainings for music from Meludia (Meludia SAS, 149 rue Saint-Honoré, 75001 Paris, France). To do this, your name and email address are forwarded to Meludia. Information on data privacy at Meludia can be found here: https://www.meludia.com/en/privacy-policy/.

Purpose:
Meludia Access.

Legal basis:
Performance of a contract – Art. 6 (1) b) GDPR.

MED-EL offers a range of applications for rehabilitation training and support purposes that work on smart phones, tablets and web devices. These applications have their own built in privacy policies.

The purpose of these applications is to help get the best out of your MED-EL product; to hear and understand better, to progress learning and to give our users quality of life features. For some apps it is possible to send the test-results in pdf form by E-Mail.

Registration takes place via your myMED-EL account.

Purpose:
Use of the mobile apps for rehabilitation, training and support purposes.

Legal Basis:
Consent – Art. 6 (1) a, 9 (2) a and Performance of a contract – Art. 6 (1) b GDPR

The myMED-EL platform provides registered users access to personalized MED-EL offers. We process, based on the registered role, the following categories of data, in order to authenticate your registration, and provide the right information and services for your medical device or professional needs:

Email address, name, address, country, date of birth, parent or guardian details, product type, serial number, relationship to user, profession, institution and address of institution.

The date of birth is necessary to ensure that recipient accounts for children are only set up with the consent of parents or legal guardians.

We use your contact details to

• send you messages about your myMED-EL account.
• address further questions or ask for additional data to verify you as MED-EL user.
• inform you that your myMED-EL account is granted.

MED-EL uses this data in anonymized form for statistics, research and product improvement.

The authentication for the access to myMED-EL and the personalized services is carried out by means of the Auth0 software component, a service of Auth0 Inc.,10800 NE 8th, St. Suite 700, Bellevue, WA 98004, USA. This requires forwarding your email address and password to Auth0 for a secure login process. More information can be found here https://auth0.com/terms/ and here https://auth0.com/privacy/. You can unsubscribe anytime by contacting us, e.g. via e-mail directly in your myMED-EL profile.

Purpose:
Your contact details are required to confirm your identity and to meet the required services and contact requests.

Legal basis:
Consent – Art. 6 (1) a) GDPR, Performance of a contract - Art. 6 (1) b) GDPR and Art. 89 GDPR – Research and improvement of product services.

We offer various free subscription services via our website and social media that provide information about MED-EL products, services and our work. From time to time we send out optional surveys that ask for your anonymous feedback.

In order to provide relevant and accurate marketing we process your name, profession and professional interests, phone number, address, email address and user behavior (opening emails, clicking on links).

You can unsubscribe anytime, a link is included in each newsletter.

MED-EL cares about the privacy of our users and partners with the following providers in order to deliver marketing and communications to you securely, and in a legal manner:

MailChimp: https://mailchimp.com/legal/privacy/

Microsoft Dynamics 365 Marketing: https://docs.microsoft.com/de-de/dynamics365/get-started/gdpr/

Salesforce: https://www.salesforce.com/company/privacy/

Momentive (former Survey Monkey): https://www.surveymonkey.com/mp/legal/privacy/?utm_source=momentive

Microsoft Forms: https://privacy.microsoft.com/privacystatement

Purpose:
Information about MED-EL specific topics, products and services

Legal basis:
Consent – Art. 6 (1) lit. a) GDPR and Legitimate interests – Art. 6 (1) lit. f) GDPR advertising and optimizing of online offers.

We offer hearing tests and surveys on our website, as well as in some countries the option of uploading audiograms or test results. Depending on the test, your data (name, contact details, age, gender, test result, speech perception, audiogram) will be transmitted to a MED-EL expert in your area.

For minors this request can only be submitted by their legal representatives.

Purpose:
Answering/assisting you with your request on available hearing solutions; analysis of your audiogram/test result and providing you with information about your hearing.

The test results are processed in an anonymized form also for statistical and research purposes.

Legal basis:
Consent – Art. 6 (1) a), 9 (2) lit. a) GDPR and Legitimate Interest – Art. 6 (1) f) and Art. 89 GDPR – Statistics, Research and improvement of our products and services.

You can submit an unsolicited application as well as an application for a specific listed position through our website.

For more information acc. to Article 13 of the General Data Protection Regulation (GDPR) in connection with the collection and processing of your personal data in the context of the online application please have a look at our MED-EL Data Privacy Information for applicants.

Purpose:
Job application

Legal basis:
Consent – Art. 6 (1) lit. a) GDPR

MED-EL offers online events, meetings, webinars and consultations, as well as support for audiologists, speech pathologists and surgeons via videoconference. For registration purposes and to communicate with you, we will process the following data: first name, last name, email address, profession, institution, city/country, name of MED-EL representative.

Online events may be recorded and are made available via the MED-EL Academy.

Depending on the type of online event, we use the following providers:

“WebEx” is a service of Cisco Systems Inc., 170 West Tasman Dr., San Jose, CA 95134, USA. Privacy information: http://www.cisco.com/c/en/us/about/legal/privacy.html.

Adobe Connect is a service of Adobe Systems Software, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. Privacy information: https://www.adobe.com/privacy.html.

Zoom is a service of Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, California 95113, USA. Privacy information: https://zoom.us/privacy.

Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way Redmond, Washington 98052. Privacy information: https://privacy.microsoft.com/en-us/privacystatement.

Purpose:
Registration and access to online events and consultations, webinars and video conferences.

Legal Basis:
Performance of a contract – Art. 6 (1) b GDPR and Legitimate interests – Art. 6 (1) f GDPR – Provide online events and training material.

Paypal
In some countries we accept online payments via Paypal (Europe) S.a.r.L, 22-24 Boulevard Royal, L-2449 Luxembourg. In order to complete a transaction, your personal data will be securely shared between MED-EL and Paypal. This includes your name, address, email address, IP address, transaction ID.

Further information can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Purpose:
Payment by PayPal

Legal Basis:
Performance of a contract – Art. 6 (1) b GDPR

ReDi (Rehabilitation Digital) is an easy-to-use rehabilitation app designed to assist users of hearing technology to practice their auditory and speech skills when and wherever they want.

Registration:

You can register with your myMED-EL account for the mobile application ReDi in order to use the ReDi app. For registration, we record first name and e-mail address as mandatory fields, optionally address and date of birth. For Authentication MED-EL uses the Auth0 software component, a service of Auth0 Inc.,10800 NE 8th, St. Suite 700, Bellevue, WA 98004, USA. This requires the transfer of your email address and password for a secure Login process. See https://auth0.com/terms/ and https://auth0.com/privacy/ for more information.

Purpose:
Registration to the ReDi mobile application.

Legal Basis:
Performance of a contract - Art. 6 (1) b GDPR.

Processing of voice data:

We use Google’s Cloud Storage and Cloud Speech-to-Text services to store and analyze your voice data. For this purpose, data is transmitted to Google systems. Further information on data protection: https://policies.google.com/privacy.

Purpose:
processing of voice data.

Legal Basis:
consent – Art. 6 (1) a, 9 (2) a and Performance of a contract – Art. 6 (1) b GDPR.

Troubleshooting and Improvement of ReDi App user-friendliness:

By registering and using the ReDi app, we can retrieve failure analysis and usage data in anonymous form. We use the services Visual Studio App Center Analytics and Diagnostics from the Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA. Further information on data protection: https://docs.microsoft.com/en-us/appcenter/gdpr/.

Purpose:
Analysis of data on product performance, service and reliability to improve the user-friendliness of the ReDi app and future mobile applications.

Legal Basis:
Legitimate interest - Art. 6 (1) f GDPR.

Delivery of push notifications:

We are using push notifications to inform you of updates in the app, e.g., newly assigned content. These notifications can be received by the smartphone also when the app is not active. OneSignal, 2850 S Delaware St Suite 201, San Mateo, CA, USA is used to deliver these notifications. Further information on data protection can be found here: https://onesignal.com/privacy.

Purpose:
Delivery of push notifications.

Legal Basis:
consent - Art. 6 (1) a GDPR.

You can find MED-EL online via social media. We use these platforms to communicate with you and publish information about our products and work. Your feedback is used to improve our products and services. We receive anonymous statistics from these providers about: comments, sharing, likes, subscriptions and similar interactions, you can find their privacy information below.

We are jointly responsible with the providers. For inquiries about your personal data, you can contact both, the operator and us.

Purpose:
Online communication, publish information about products and services. Evaluate Feedback for product and service improvement.

Legal Basis:
Legitimate interests – Art. 6 (1) f) GDPR – public relations and communication, improvement of products and services.

X
X is a service of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103. Data protection information: https://twitter.com/en/privacy.

YouTube
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data protection information: https://policies.google.com/privacy.

LinkedIn
LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Data protection information: https://www.linkedin.com/legal/privacy-policy.

Facebook and Instagram
are services of Meta Platforms Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
More information on the processing activities can be found in the privacy policy of Meta https://www.facebook.com/privacy/explanation or Instagram https://help.instagram.com/519522125107875.
Further information on the use of personal data can also be found here: https://www.facebook.com/legal/controller_addendum

As a professional you can get access to our online media database containing case studies on implantation of MED-EL products via your myMED-EL account.

The videos are hosted by the platform Vimeo (Vimeo LLC, 555 West 18th Street, New York 10011, USA). Information on data privacy at Vimeo can be found here: https://vimeo.com/privacy.

Purpose:
Registration to the Surgical Video Library

Legal basis:
Performance of a contract – Art. 6 (1) b) GDPR

Hearpeers is MED-EL’s international community for hearing implant recipients and candidates. It is a place where hearing implant users and anyone interested in life with hearing implants can connect with one another, learn from each other and finally hear life again. Your (nick)name, picture and posted content is visible to other members.

Registration takes place via your myMED-EL Account.

The Hearpeers Mentors
Hearpeers Mentors have been through the hearing implant process themselves. They will understand your concerns and can offer free one-on-one support.

Contact a Mentor for confidential, private and direct conversations, for one-to-one support from someone who understands and for individual answers to all your personal non-medical questions about life with a hearing implant.

Your mentor will share your contact information with MED-EL (name, e-mail, initial question) so they can support you in finding the best solution for you. The content of conversations remains confidential between you and your mentor.

The Hearpeers Forum
Registration also includes access to the Hearpeers Forum, a social networking service supported by MED-EL that aims to bring together hearing implant recipients and candidates, caregivers, and families all around the world to support one another through shared experiences. Members can post and answer questions and share visual content. All posted content, your (nick)name and picture (if uploaded) is publicly visible to members, as well as visitors who are not signed in.

Purpose:
Register to the Hearpeers Community

Legal basis:
Consent – Art. 6 (1) a) and Art. 9 (2) a) GDPR

If you use our Webshop you can order products from MED-EL. To fulfill the orders we will collect the following information: name, contact details, email, billing address, shipping address, company name (optional), phone number, IP address and browser information.

Purpose:
Operate the store, provide services and fulfill orders.

Legal basis:
Performance of a contract – Art. 6 (1) lit. b) GDPR

We use the services “Facebook Pixel”, “Conversion API” and “Facebook Custom Audiences” of Meta Platforms Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For more information on Meta's data protection please visit: https://m.facebook.com/privacy/explanation.

These services enable Meta to show our ads on Facebook only to those Facebook users who visited our website and showed interest in certain topics or products.

Purpose:
For marketing and optimization purposes, mainly to place relevant and interesting ads on Facebook and thus improve our offer.

Legal basis:
Consent – Art. 6 (1) a GDPR

We use ”Google Ads“, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

For more information on Google data protection please visit: https://policies.google.com/technologies/ads?hl=en.

We use Google Ads for marketing and optimization purposes, mainly to show you relevant and interesting ads and to improve reports on campaign performance. We do not collect or process any personal data. We only receive anonymized statistical evaluations from Google. Google Ads automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google.

Purpose:
Optimization of our marketing offer.

Legal basis:
Consent – Art. 6 (1) a GDPR

This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user's activities across devices.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

For more information on data protection please visit: https://policies.google.com/

Legal basis:
Consent – Art. 6 (1) a GDPR

We use the Google Tag Manager, a tool of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

The Google Tag Manager itself does not store cookies or process personal data. However, it enables additional tags to be triggered that can collect and process personal data to allow a needs-based design and to optimize our website.

For more information on  the Tag Manager please visit: https://support.google.com/tagmanager/answer/9323295?hl=en

We use the analysis and conversion tracking technology of the LinkedIn platform LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2 Ireland). For more information on LinkedIn data protection please visit: https://www.linkedin.com/legal/privacy-policy.

This technology enables us to show you more relevant advertising based on your interests. We also receive aggregated and anonymous reports on ad activity and information about how you interact with our website from LinkedIn. The following data is collected for this purpose: URL, referrer URL, IP address, device and browser properties, time stamp and page views.

Purpose:
Optimization of our marketing offer.

Legal basis:
Consent – Art. 6 (1) a GDPR

This website uses Matomo, an advertising analytics service provided by Matomo.org, a service of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769.

The service does not set any cookies requiring consent and can only access to the cut-off and anonymized IP addresses of the website visitors.

For more information relating to the terms of use of Matomo and its Privacy Policy see https://matomo.org/matomo-cloud-privacy-policy.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users. Click here for opt-out.

Legal basis:
Legitimate interests - Art. 6 (1) f) GDPR - to analyze website usage and to improve our website

Visual Website Optimizer
This website uses the Visual Website Optimizer (VWO). With this tool we create user tests to optimize and further develop our website. VWO analyzes static data about the use of our website. In addition, the tool is used as an A/B test tool. Data such as the number of visitors, click behaviour and average active residence time of the website user are assigned to the corresponding test variants.

Legal basis:
Legitimate interests – Art. 6 (1) f) GDPR – optimization and further development of our website

imgIX
To optimize images in real time, we use imgIX, a service of the company Zebrafish Labs Inc., 423 Tehama St, San Francisco, CA 94103, USA, on our website. For more information on data protection please visit: https://imgix.com/privacy

Legal basis:
Legitimate interests – Art. 6 (1) f) GDPR – optimized display of images in real time

Pantheon
In order to be able to provide our online offer safely and efficiently, we take the services of the web hosting provider Pantheon (Pantheon Systems, Inc., 717 California Street, San Francisco, CA 94108). For more information on data protection please visit: https://www.pantheon-inc.com/privacy-statement

Legal basis:
Legitimate interests – Art. 6 (1) f) GDPR – error-free and secure provision of our website

We also use so-called social media plugins (hereinafter “buttons”) to link our website to social networks:

• Clearspring Technologies (AddThis)
• Meta Platforms (Facebook and Instagram comments, Like Button and Social Widgets)
• LinkedIn (LinkedIn Button and Social Widgets)
• X (X Button and Social Widgets)
• Google (Google+ Button and Social Widgets, YouTube Button and Social Widgets)

When you visit our website, these buttons are disabled, i.e. they do not send any data to the respective social networks without your intervention. You can activate the buttons with your click. The buttons remain active until you de-activate them or delete your cookies.

After activation, a direct connection is established with the server of the social network. If you are logged in to the social network, this can assign your visit to this website to your user account.

We have no influence on the amount of data transferred to the social network.

For the purpose and scope of data collection and use of data by the social network as well as your related rights and settings options to protect your privacy, please refer to the privacy policy of the respective social networks.

Legal basis:
Consent – Art. 6 (1) a GDPR