Privacy
- What is this privacy policy about?
- Who are we?
- For whom is this privacy policy intended?
- What is “personal data” and what does “processing” mean?
- What personal data do we process and for what purposes?
- How do we process personal data when you visit our websites?
- On what legal basis do we process personal data?
- Who do we share your personal information with?
- When do we disclose your personal data abroad?
- Do we do profiling?
- Do we make automated individual decisions?
- How do we protect your personal data?
- How long do we store your personal data?
- What rights do you have in connection with the processing of your personal data?
- How can you contact us?
- Changes to this privacy policy
1. What is this privacy policy about?
Data protection is a matter of trust, and your trust is important to us. Trust begins with transparency. In this privacy policy, we therefore inform you how and why we collect, process and use your personal data. This privacy policy is based on the European General Data Protection Regulation – DSGVO for short – which has established itself internationally as a benchmark for strong, effective data protection.
2. Who are we?
MeikoVet AG, Anglikerstrasse 89, 5612 Villmergen, Switzerland (“we” or “us”) is responsible for all data processing under this privacy policy.
If you have any questions about this privacy statement or the processing of your personal data, please feel free to contact us as follows:
Simon Jungen
Anglikerstrasse 89
5612 Villmergen
3. For whom is this privacy policy intended?
Our data processing activities primarily concern our customers, but also other persons whose personal data we process. This data protection declaration applies in all our business areas and regardless of the channel through which you contact us, e.g. in a branch, by telephone, in an online store, on a website, in an app, via a social network, at an event, etc. This privacy policy applies to the processing of both already collected and future personal data. For certain offers and services (e.g. contests), additional data protection provisions may also apply, which are supplementary to this privacy policy.
This privacy policy does not apply if another company is responsible for a particular data processing. For example, another company may be responsible for certain data processing, alone or jointly with us, if you visit our social media sites (e.g. Facebook fan pages) or interact with social plug-ins integrated into our websites (e.g. the Facebook “Like” button), if you visit a third party website linked by us, or if we disclose personal data to third parties such as public authorities (for details on such disclosures, please refer to section 8. In these cases, please consult the privacy policy of the company concerned, which you can usually find on its website.
4. What are “personal data” and what does “processing” mean?
Data protection law regulates the processing of personal data. This also applies to this privacy policy. “Personal data” means any information that can be associated with a specific natural person, i.e., a human being. “Processing” means any handling of Your Personal Data. In Switzerland, information that relates to a specific legal entity (e.g., information about a contract with a company) is also considered personal data.
5. What personal data do we process and for what purposes?
Depending on the occasion and purpose, we process different personal data. You will find more details in this section and often also in general terms and conditions, conditions of participation and additional privacy statements.
In principle, we collect your personal data directly from you, e.g. when you send us data or communicate with us. As a rule, you are not obliged to disclose personal data to us, unless the disclosure is necessary to fulfill a contractual obligation. However, we are often unable to provide a quote or service without you providing us with the necessary information.
Apart from yourself, personal data may also be collected from other sources, e.g. from other Migros Group companies or from third parties such as credit agencies, media monitoring companies, providers of online services such as providers of Internet analysis services, financial service providers for payments, address traders, from public registers, from the media, from the Internet, etc.
Among other things, we process personal data – including, in some circumstances, sensitive personal data – in the following situations for the following purposes:
- Communication: We process personal data when you contact us or we contact you, for example, when you contact a customer service representative and when you write to us or call us. As a rule, information such as name and contact details, the time of the relevant communications and their content, which may also include personal data of third parties, is sufficient for us to do so. We use this data so that we can provide you with information or make notifications, process your request and communicate with you, and for quality assurance and training. We also forward messages within the Migros Group to responsible company departments, e.g. if your concern relates to another company.
- Purchase of goods and use of services: We also process personal data if you make use of services from us, e.g. if you purchase goods or obtain a service from us. In doing so, we process your personal data e.g. in the context of processing orders and contracts or for delivery and invoicing. In the case of factoring, we also collect and process personal data in connection with your creditworthiness. Ex. we collect creditworthiness information from third-party providers to decide whether to offer you an invoice purchase. This information helps us to inform you specifically about further offers and to align our offer more closely with demand.
- Visiting websites: When you visit our websites, we process personal data depending on the offer and functionality. This includes technical data such as information about the time of access to our website, the duration of the visit, the pages accessed and information about the device used (e.g. tablet, PC or smartphone). We use this data to provide the website, for IT security reasons and to improve the user-friendliness of the website. We also use “cookies” and similar technologies. Cookies are files that are stored on the terminal device when you visit our website. In many cases, they are necessary for the functionality of the website and are automatically deleted after the visit. Other cookies remain stored for a certain period of time and are used to personalize the offer or enable us to show you targeted advertising. We also use cookies and technologies from third-party providers in the USA or worldwide, e.g. for analysis services from providers such as Google or additional functions from providers such as Facebook, which may result in the provider in question receiving data about you. If you have a customer account with us, we may associate usage data with your profile that helps us derive information about your preferences and affinities for certain products or services. You have the option of rejecting or deactivating cookies and thus preventing the processing of data generated by a cookie by configuring your terminal device accordingly or installing a corresponding browser add-on. However, this may mean that you cannot use all the functions of the website. Further details on the personal data processed in connection with our websites can be found in section 6.
- Online offers and apps: If you use online offers from us, we also process personal data for the provision, improvement and further development of these offers. This also applies if you do not purchase any goods or services. Depending on the type of offer, this includes information about a customer account and the use of the same, as well as information about the installation and use of mobile applications. We also process personal data to personalize the offer and to provide you with offers tailored to your interests and affinities.
- Information and direct marketing: We process personal data to the extent permitted by law for the purpose of sending written or electronic information and advertising messages, unless you have objected to this processing. For example, we process your contact information so that we can send you the appropriate communications. For email newsletters, push messages, and other electronic communications, we may also process information about your use of the communications (e.g., whether you downloaded images embedded in an email, i.e., opened the email) so that we can get to know you better, target our offerings more accurately to you, and generally improve our offerings. You can usually block this processing of usage data in your e-mail program if you do not agree to it.
- Contests, sweepstakes and similar events: We occasionally hold contests, sweepstakes and similar events. In doing so, we process your contact data and information about your participation for the purpose of running the contests and sweepstakes, communicating with you in this context, if applicable, and for promotional purposes. Further details can be found in the respective conditions of participation.
- Entering our premises: When you enter our premises, we may video record in appropriately designated areas for security and evidentiary purposes. It is further possible that you can use a Wi-Fi offer. In this case, we collect device-specific data during registration and may ask you to register by providing your name and e-mail address or cell phone number. We may also process and analyze data about your use of our Wi-Fi service.
- Customer events: When we hold customer events (such as promotional events, sponsorship events, cultural and sporting events), we also process personal data. This includes the name and postal or e-mail address of the participants or interested parties and, depending on the case, further data, e.g. your date of birth. We process this information for the implementation of the customer events, but also to get in direct contact with you and to get to know you better. Further details can be found in the respective conditions of participation.
- Market research and media monitoring: We process personal data for market and opinion research. For this purpose, we may use information about your purchasing behavior (for more information, see “Purchase of goods and use of services” above), but also information from customer surveys, polls and studies and other information, for example, from the media, social media, the Internet and other public sources. We may also use media monitoring services or conduct media monitoring ourselves and process personal data in the process.
- Contact with our company as a business partner: We work with various companies and business partners, e.g. with suppliers, with commercial buyers of goods and services, with cooperation partners and with service providers (e.g. IT service providers). In the process, we also process personal data about the contact persons in these companies, e.g. name, function, title and communication with us, in each case for contract initiation and processing, for planning, for accounting purposes and other purposes related to the contract. Depending on the area of activity, we may also be required to examine the company in question and its employees in more detail, e.g. by conducting a safety audit. In this case, we collect and process further information, if necessary, also from third-party providers. We may also process personal data to improve our customer focus, customer satisfaction and customer retention (customer/supplier relationship management).
- Administration: We process personal data for our own and the group’s internal administration. For example, we may process personal data as part of the management of IT or real estate. We also process personal data for accounting and archiving purposes and generally for auditing and improving internal processes.
- Corporate Transactions: We may also process Personal Data to prepare and process corporate acquisitions and sales and asset purchases or sales. The subject and scope of the data collected or transmitted depend on the stage and subject of the transaction.
- Job applications: We also process personal data if you apply for a job with us. For this purpose, we usually require the usual information and documents mentioned in a job advertisement, which may also contain personal data of third parties.
6. How do we process personal data when you visit our websites?
What personal data do we process?
Technical data (log files): When you visit our websites, we process personal data depending on the offer and functionality. This initially includes data collected automatically for technical reasons and stored in log files, so-called log files. These are, for example. the IP address as well as device-specific information such as the MAC address and the operating system of the end device (tablet, PC, smartphone, etc.), information about your Internet service provider, information about content accessed and the date and time of the visit to the website or information about logins.
Cookies and similar technologies: Depending on the functionality, we also use cookies. Cookies are small files that our website automatically creates in your browser and that are stored on your terminal device. Cookies contain a unique number (an ID) that we can assign to a specific Internet user, but usually without knowing the user’s name, and, depending on the intended use, other information, e.g., about pages accessed and the duration of a page visit.
- On the one hand, we use session cookies, in which, among other things, information about the origin and storage period of the cookie is stored. These cookies are deleted after each visit to our website. We use such cookies, for example. to store a shopping cart over several page views of the user.
- On the other hand, we use persistent cookies that remain stored for a certain duration even after the end of the respective browser session. Such cookies are used to recognize a visitor on a subsequent visit, e.g. to save language settings over several browser sessions or to display content on the website tailored to your interests. We thereby collect e.g. Information about your visits, pages viewed, items viewed and your shopping cart. After the programmed duration expires (usually between one month and two years), such cookies are automatically disabled.
We also use similar technologies such as pixel tags (small image files that are loaded from a server and thereby transmit certain information to the operator of the server) or fingerprints (information about the configuration of a device or about a browser). Some cookies or similar technologies originate from other Migros Group companies or also from third-party companies. This is the case, for example, when we use third-party functions on our website. It also concerns evaluation services that also work with cookies and similar technologies; you will find more detailed information on this below. This enables our partners to address you with individualized advertising on our websites or on websites of third parties as well as on social networks and to measure their impact.
Data about user behavior: We use Google Analytics on our website, an analysis service provided by Google LLC in the USA. Google uses cookies for this purpose, which enable an analysis of the use of the website. In this way, Google collects information about your behavior on our website and the terminal device used for this purpose (tablet, PC, smartphone, etc.). This is usage data such as the type and version of the browser, the address (URL) of the website from which you accessed our website, the name of your provider, the IP address of the terminal device, the date and time of access to our website, as well as pages visited and length of stay. This information is stored on a Google server in the USA. However, your IP address will be shortened beforehand in the EU or EEA. Only exceptionally, the full IP address is transferred to the USA. Google is bound by the US Privacy Shield program in the USA. Based on this information, we receive evaluations from Google. Google Analytics also makes it possible to assign data, sessions and interactions across multiple end devices to a pseudonymous user ID and thus analyze the activities of a user who is not known by name across devices. For more information, please see Google’s Terms of Use or Privacy Policy (https://policies.google.com).
We use similar services from other providers with locations worldwide. These providers may record the use of the relevant website by the user, e.g. through the use of cookies and similar technologies. These records may be linked to similar information from other websites. The behavior of a particular user can thus be recorded across multiple websites and across multiple end devices. The respective provider may also use this data for its own purposes, for example. for personalized advertising on its own website and on other websites to which it supplies advertising. If a user is registered with the provider, the provider can assign the usage data to this person. For this purpose, he will usually obtain the consent of the person concerned and enable him to revoke this consent in accordance with his instructions. The processing of such personal data is carried out here by the provider under its responsibility and in accordance with its own data protection provisions.
Social plug-ins: Our websites use social plug-ins, e.g. from Facebook, YouTube, Twitter or Instagram. As a result, buttons of the respective providers are displayed, e.g. the “Like” button of Facebook, or content of the respective provider is integrated on the website. When you call up a website that uses such a social plug-in, your browser establishes a connection with the provider in question. The content of the social plug-in is transmitted by the relevant provider to your browser and integrated by it into the relevant website. Through this process, the provider in question receives the following data in particular:
- the information that your browser has called up the web page in question;
- the IP address of the device you are using, even if you do not have an account with the provider.
If you are logged in to the relevant provider at the same time, the provider can assign the visit to your personal profile. When you interact with a social plug-in – e.g. by clicking a “Like” button or posting a comment – the corresponding information is transmitted from your browser to the relevant provider and stored there. It may also be published on your profile with the relevant provider and displayed to your contacts. Even if you visit our social media sites (e.g. Facebook fan pages) or interact with social plug-ins integrated into our websites (e.g. the Facebook “Like” button), personal data may be transmitted directly to the provider concerned or collected and stored by it. The provider of the relevant social network is primarily responsible for the processing of such data. Insofar as we are jointly responsible with the provider concerned, we shall enter into a corresponding agreement with him, the essential content of which you can find out from the provider. For more information on data processing by social network providers, please refer to the privacy statements of the corresponding social networks (e.g. Facebook, YouTube, Twitter, Instagram).
We use Hotjar to better understand the needs of our users and to optimize the offer on this website. Using Hotjar’s technology, we get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and don’t like, etc.) and this helps us tailor our offering to our users’ feedback. Hotjar works with cookies and other technologies to collect information about the behavior of our users and about their terminal devices (in particular, IP address of the device (collected and stored only in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website). Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users or merged with other data about individual users. For more information, please see Hotjar’s privacy policy here.
You can object to the storage of a user profile and information about your visit to our website by Hotjar, as well as to the setting of Hotjar tracking cookies on other websites, by clicking on this opt-out link.
For what purposes do we process this personal data?
Provision of the website: The recording of certain log files and the use of certain cookies is necessarily associated with the provision of the website and its functions for technical reasons. Other cookies and similar technologies help us to provide and ensure the various functions and offers of our website and to make our website more attractive;
Website administration: The storage and processing of log files and cookies helps us with maintenance and troubleshooting, ensuring the security of our website and combating fraud;
Personalization of the website: We adapt certain areas and content of our website to your needs and interests, e.g. by saving your language choice or personalized display of content;
Analysis of user behavior: We use web analytics services to better understand how our websites are used and to improve their content, functionality and findability.
Advertising: We may target you with interest-based advertising on our websites or on websites of third parties or display our advertisements to you during your further internet use after visiting our websites;
Cookies and similar technologies from third parties enable the companies concerned to provide services for us or to target you with advertising that may be of particular interest to you.
If you have a customer account with us, we may also analyze this personal data and link it to other personal data, for example, to non-personal statistical information and to other personal data that we have collected about you, in order to derive information about your preferences and affinities for certain products or services. Even if you are not logged in at the time of visiting our website, this data may be assigned to your profile.
How can you prevent these edits?
You can configure your terminal device so that a message appears before a new cookie is created. This also allows you to reject cookies. In addition, you can delete cookies from your terminal device. You also have the option to prevent the collection of data generated by the cookie (including your IP address) and the processing of this data by downloading and installing an appropriate browser add-on. However, refusing or deactivating cookies may mean that you cannot use all the functions of the website.
You can prevent the use of Google Analytics by installing an add-on for your browser, a so-called [browser add-on – please link online: https://tools.google.com/dlpage/gaoptout?hl=de]. You also have the option to revoke any consent you may have given to the respective providers or to object to their processing, e.g. in the case of Google via [https://adssettings.google.com – please link online: https://adssettings.google.com].
If you do not want a social network provider to collect data about you via our website, you must log out of the provider in question before visiting our website. Even when logged out, the providers collect anonymized data via the social plug-ins. This data can be assigned to your profile if you log in to the relevant provider at a later time. In these cases, the provider in question processes personal data in each case under its own responsibility and in accordance with its own data protection provisions. If you want to prevent the provider from assigning data to your profile, you must delete the corresponding cookies. You can also completely prevent the loading of the social plug-ins with add-ons for your browser, e.g. with [NoScript – please link online: https://noscript.net].
7. On what legal basis do we process personal data?
Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. We may process personal data in particular if the processing either:
- is necessary for the performance of a contract with the data subject or for pre-contractual measures at his or her request (e.g., the review of his or her contract request);
- is necessary for the exercise of legitimate interests;
- is based on effective consent that has not been revoked; or
- is required to comply with legal regulations.
As a rule, we only process personal data requiring special protection on the basis of explicit consent, unless the data concerned has obviously been disclosed to the public by the person concerned or the processing is necessary to uphold the law or comply with legal provisions.
Data will only be transferred abroad under the conditions specified in sections 8 and 9.
8. To whom do we disclose your personal data?
Your personal information will be shared with other companies only to the extent described below. Under no circumstances do we sell your personal data to third parties. We do not trade in personal data.
We may share your personal data with other Migros Group companies. In addition to the Federation of Migros Cooperatives and the regional Migros cooperatives, the Migros Group also includes their respective subsidiaries. For more information on the companies belonging to the Migros Group, please visit [Geschäftsbericht des Migros-Genossenschafts-Bunds – https://report.migros.ch/2017 /]. The transfer of personal data to other Group companies is often for internal Group administration purposes. In certain cases, individual companies of Migros Group may also process your personal data in their own interest for the processing purposes stated in this data protection declaration. Your personal data may then also be linked and processed for the respective purposes with personal data originating from other companies of Migros Group.
We may then share your personal information with companies when we use their services. These may also be companies outside the Migros Group. Through the selection of such commissioned data processors and appropriate contractual agreements, we ensure that data protection is also guaranteed by commissioned data processors throughout the processing of your personal data. Our order data processors are obliged to process the personal data exclusively on our behalf and in accordance with our instructions, and to take appropriate technical and organizational measures for data security. In particular, this involves services in the area of credit checks, and IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement, etc.
In individual cases, it is also possible that we pass on personal data to recipients outside Migros Group for their own purposes, e.g. if we consider this to be legally required or necessary to protect our interests. In these cases, the recipient is a separate data controller under data protection law. This applies in particular to the following cases:
- We may disclose your personal data to third parties (e.g. courts and authorities in Switzerland and abroad) if required to do so by law or by authorities. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or we deem it necessary for other legal reasons. In doing so, we may also disclose personal data to other parties to the proceedings;
- if we transfer claims against you to other companies such as collection agencies;
- when we review or execute transactions such as business combinations or the acquisition or sale of individual parts of a company or its assets, or become the subject of a transaction ourselves.
9. When do we disclose your personal data abroad?
The recipients of your personal data number 8 may also be located abroad – even outside the EU or the EEA. The countries in question may not have laws that protect your personal data to the same extent as in Switzerland or the EU or EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner. One means of doing so is to enter into data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. These include contracts approved, issued or recognized by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. Likewise, transfers to recipients subject to the US Privacy Shield Program – https://www.privacyshield.gov/list are permitted. An example of the data transfer agreements we typically use can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de. Please contact us if you would like more information about the data transfer agreements we have in place or other appropriate safeguards we apply to overseas transfers. In exceptional cases, transfers to countries without adequate protection may also be permitted in other cases, e.g. based on explicit consent or for the assertion, exercise or defense of legal claims.
10. Do we carry out profiling?
By “profiling” we mean a process in which personal data is processed automatically in order to analyze or predict personal aspects. We often perform profiling. For example, we analyze shopping behavior, use of our websites and apps, and other transactional and behavioral data and make assumptions about your personal interests, preferences, affinities, and habits based on that information. Profiling helps us to better tailor our offering to your individual needs and, as far as possible, only present you with advertising and offers that are actually relevant to you. In order to improve the quality of our analyses, we may also link personal data that originates from different sources, e.g. data collected offline and online as well as data collected via various of our services or that we receive from other Migros Group companies. To the extent that such profiling is related to direct marketing, you have the right to object to it as described in Section 15.
11. Do we make automated individual decisions?
As a rule, we do not carry out automated individual case decisions. We will inform you separately should we use automated case-by-case decisions in individual cases. An “automated individual decision” is a decision that is fully automated, i.e., without relevant human influence, and that has negative legal effects or other similarly negative effects on you.
12. How do we protect your personal data?
We take appropriate security measures of a technical nature (e.g., encryption, pseudonymization, logging, access restriction, data backup, etc.) and an organizational nature (e.g., instructions to our employees, confidentiality agreements, audits, etc.) to maintain the security of your personal data, to protect it against unauthorized or unlawful processing, and to protect against the risk of loss, accidental alteration, unauthorized disclosure or access. However, security risks cannot be completely ruled out in general; certain residual risks are usually unavoidable.
13. How long do we store your personal data?
We store your personal data in personal form for as long as it is necessary for the specific purpose for which we collected it, in the case of contracts usually at least for the duration of the contractual relationship. We also store personal data if we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security. We also store your personal data for as long as they are subject to a statutory retention obligation. For example, a ten-year retention period applies to certain data. For other data, short retention periods apply in each case, e.g. for recordings from video surveillance or for recordings of certain processes on the Internet (log data). In certain cases, we also ask for your consent if we want to store personal data for a longer period of time (e.g. in the case of job applications that we want to keep pending). After the expiry of the aforementioned periods, we delete or anonymize your personal data.
14. What rights do you have in connection with the processing of your personal data?
What rights do you have in connection with the processing of your personal data?
You have the right to object to data processing if we process your personal data on the basis of a legitimate interest. You can also object to data processing in connection with direct advertising (e.g. advertising e-mails) at any time. This also applies to profiling insofar as it is associated with such direct advertising.
To the extent that the applicable requirements in each case are met and no statutory exceptions apply, you also have the following rights:
Right to information: You have the right to be informed in a transparent, clearly understandable and comprehensive manner about how we process your personal data and what rights you have in connection with the processing of your personal data. With this privacy policy we comply with this obligation. If you would like more details, please feel free to contact us.
Right to information: You have the right to request information about your personal data stored by us free of charge at any time. This gives you the opportunity to check which personal data we process about you. In individual cases, the right to information may be restricted or excluded, especially if there are doubts about the identity or if this is necessary to protect other persons.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified or completed and to be informed of the rectification.
Right to erasure: You have the right to request the erasure of your personal data if the personal data is no longer necessary for the purposes pursued, you have effectively revoked your consent or effectively objected to the processing, or the personal data is processed unlawfully. In individual cases, the right to deletion may be excluded, in particular if the processing is necessary for the exercise of freedom of expression or for the exercise of legal claims.
Right to restrict processing: Under certain circumstances, you have the right to request that the processing of your personal data be restricted. This can mean, for example, that personal data is (temporarily) not further processed or that published personal data is (temporarily) removed from a website.
Right to data transfer: You have the right to receive from us the personal data that you have provided to us in a structured, common and machine-readable format, provided that the specific data processing is based on your consent or is necessary for the performance of the contract and the processing is carried out with the help of automated procedures.
Right of withdrawal: Insofar as we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. The revocation applies only for the future; however, processing activities based on your consent in the past do not become unlawful as a result of your revocation.
You are also free to lodge a complaint with a competent supervisory authority against the way in which your personal data is processed if you believe that the data processing violates applicable law. The competent supervisory authority in Switzerland is the [Swiss Federal Data Protection and Information Commissioner (FDPIC) – please link online: https://www.edoeb.admin.ch/edoeb/de/home.html].
15. How can you contact us?
If you wish to exercise any of the above rights or otherwise have any questions or concerns about this Privacy Policy or the processing of your personal data, please feel free to contact us as indicated in Section 2. We are best able to address your concerns through this channel.
16. Changes to this privacy policy
This Privacy Policy may be amended over time, in particular if we change our data processing practices or if new legislation becomes applicable. We will actively inform persons whose contact details are registered with us of any significant changes if this can be done without disproportionate effort. In general, the data protection declaration in the version current at the start of the processing in question shall apply to data processing in each case.