(71) A data subject should have the right not to be subjected to a decision - which may include certain measures - that assesses his or her personal factors, is based solely on automated processing, and produces legal effects on the data subject or similarly significantly affects him or her, such as automatic rejection of an electronic credit application or electronic recruitment methods without human intervention. Such processing includes "profiling" - which consists of any automated processing of personal data that makes it possible to evaluate personal factors of an individual and, in particular, to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences or interests, reliability or behavior, location or movement of the data subject - insofar as it produces legal effects in relation to the data subject or similarly significantly affects the data subject. However, decision-making on the basis of such processing, including profiling, should be permitted where it is expressly authorized by Union law or the law of the Member State to which the controller is subject, including for the purposes of monitoring and preventing - in accordance with regulations, standards and recommendations of Union institutions or national supervisory entities - fraud and tax evasion, and ensuring the security and reliability of the services provided by the controller, or where it is necessary for the conclusion or performance of a contract between the data subject and the controller, or where the data subject has given express consent. Such processing should always be subject to appropriate safeguards, including informing the data subject, the right to obtain human intervention, the right to express one's own opinion, the right to obtain an explanation of the decision resulting from such evaluation, and the right to challenge such decision. Such processing should not apply to children. In order to ensure fairness and transparency of processing to the data subject, taking into account the specific circumstances and context of the processing of personal data, the controller should apply appropriate mathematical or statistical profiling procedures, implement technical and organizational measures to ensure, in particular, the rectification of the resulting anomalies in personal data and the maximum reduction of the risk of errors, secure personal data in a way that takes into account the potential risks to the interests and rights of the data subject, and prevent, among other things.inter alia, the effect of discriminating against individuals on the basis of racial or ethnic origin, political opinions, religion or beliefs, trade union membership, genetic or health status, sexual orientation, or resulting in measures having such effect. Automated decision-making and profiling based on specific categories of personal data should only be allowed under specific conditions.