We are very delighted that you have visited our website. Data protection is particularly important to

us. It is generally possible to use our website without providing any personal data. However, if a data

subject wishes to make use of special services via our website, it may be necessary to process personal

data. If the processing of personal data is necessary and there is no legal basis for such processing, we

generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a

data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR)

and in accordance with the applicable country-specific data protection regulations. By means of this

personal data we collect, use and process. Furthermore, this privacy policy informs data subjects about

their rights.

As the controller, fino data services GmbH has implemented numerous technical and organizational

measures (TOM) to ensure the most complete protection of personal data processed through this

website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that

absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit

personal data to us by alternative means, for example by telephone.

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection

laws applicable in the Member States of the European Union and other provisions of a data protection

nature is

fino data services GmbH

University Square 12

34127 Kassel

Telephone: +49 4550 996 9000

Fax: +49 4550 996 9001

E-Mail: support@getmyinvoices.com

Authorized representatives: Florian Christ, Björn Kahle

2. Contact details of the data protection officer

Any data subject can contact our data protection officer directly at any time with any questions or

suggestions regarding data protection. The data protection officer of the controller is

BullProtect, a trademark of NetBull GmbH

https://bullprotect.de/

Patrick Vaillant

You can contact our data protection officer by post at our above address with the addition "Data

Protection Officer" or by e-mail at: privacy@getmyinvoices.com

3. Collection of general data and information

Our website collects a range of general data and information each time the website is accessed by a

data subject or an automated system. This general data and information is stored in the server log

files.

For example, the following can be recorded

(1) browser types and versions used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system reaches our website (so-called referrer)

(4) the sub-websites which are accessed via an accessing system on our website

(5) the date and time of access to the website

(6) an internet protocol address (IP address),

(7) the internet service provider of the accessing system and

(8) other similar data and information used for security purposes in the event of attacks on our

information technology systems.

When using this general data and information, no conclusions are drawn about the data subject.

Rather, this information is required in order to

(1) correctly deliver and display the content of our website

(2) optimize the content of our website and the advertising for it,

(3) ensure the long-term functionality of our information technology systems and the technology of

our website, and

(4) to provide law enforcement authorities with the information necessary for criminal prosecution in

the event of a cyber attack.

This anonymously collected data and information is therefore evaluated by the controller both

statistically and with the aim of increasing data protection and data security at our company in order

to ultimately ensure an optimum level of protection for the personal data processed by us. The

anonymous data of the server log files are stored separately from all personal data provided by a data

subject.

4. Web hosting

This website is hosted by an external service provider (hoster). This website is hosted by Amazon Web

Services, Inc, 410 Terry Avenue North, Seattle WA 98109, USA; https://aws.amazon.com/de/;

information on data protection can be found at the URL

https://aws.amazon.com/de/privacy/?nc1=f_pr. In order to achieve security, stability and sufficient

loading speed, we use the Cloudflare content delivery network (CDN) from Cloudflare, Inc, 101

Townsend St, San Francisco, CA 94107, USA; website: https://www.cloudflare.com; privacy policy:

https://www.cloudflare.com/privacypolicy/.

Personal data collected on this website is stored on the hoster's servers. This may include IP addresses,

contact requests, meta and communication data, website access and other data generated via a

website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers

(Art. 6 para. 1 lit. b GDPR) and in the legitimate interest of a secure, fast and efficient provision of our

online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

We have concluded an order processing contract with the provider in accordance with the

requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers' data and not

to pass it on to third parties.

5. Legal basis of the processing

Art. 6 para. 1 lit. a) GDPR serves as the legal basis for processing operations for which we obtain

consent for a specific processing purpose. If the processing of personal data is necessary for the

performance of a contract to which the data subject is party, as is the case, for example, when

processing operations are necessary for the supply of goods or to provide any other service or

consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing

operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries

about our products or services. If we are subject to a legal obligation that requires the processing of

personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit.

c) GDPR. In rare cases, the processing of personal data may become necessary in order to protect the

vital interests of the data subject or another natural person. This would be the case, for example, if a

visitor were injured on our premises and their name, age, health insurance details or other vital

information would have to be passed on to a doctor, hospital or other third party. The processing

would then be based on Art. 6 para. 1 lit. d) GDPR. Ultimately, processing operations could be based

on Art. 6 para. 1 lit. f) GDPR. Processing operations that are not covered by any of the aforementioned

legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest

of us or a third party, provided that the interests, fundamental rights and freedoms of the data subject

do not prevail. We are permitted to carry out such processing operations in particular because they

have been specifically mentioned by the European legislator. In this respect, it took the view that a

legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47

Sentence 2 GDPR). Where the processing of personal data is based on Article 6(1)(f) GDPR, our

legitimate interest is to carry out our business in favor of the well-being of all our employees and our

shareholders.

6. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention

period. After this period has expired, the corresponding data is routinely deleted, provided that it is no

longer required for the fulfillment or initiation of a contract or that there are no other legal or statutory

requirements to prevent deletion.

7. Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period

necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or

other legislators in laws or regulations to which the controller is subject to.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or

another competent legislator expires, the personal data will be routinely blocked or deleted in

accordance with the statutory provisions.

8. Legal or contractual provisions for the provision of personal data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax

regulations) or may also result from contractual or pre-contractual regulations (e.g. information on the

contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject

to provide us with personal data that must subsequently be processed by us. For example, the data

subject is obliged to provide us with personal data if we conclude a contract with them. Failure to

provide the personal data would mean that the contract with the data subject could not be concluded.

Before personal data is provided by the data subject, the data subject must contact one of our

employees. Our employee will inform the data subject on a case-by-case basis whether the provision

of the personal data is required by law or contract or is necessary for the conclusion of the contract,

whether there is an obligation to provide the personal data and what the consequences would be if

the personal data were not provided.

9. Registration on our website / use of input masks and forms / contacting us

The data subject has the possibility to register via the website, apps or other services of the controller

by providing personal data or by entering personal data in input masks. This may be necessary, for

example, to subscribe to a newsletter, contact us via a contact form, register for participation in events

or other similar registration options. Which personal data is transmitted to the controller is determined

by the respective input mask used for registration. The personal data entered by the data subject is

collected and stored exclusively for internal use by the controller and for its own purposes. The

controller may arrange for the data to be passed on to one or more processors, such as a parcel service

provider, who will also use the personal data exclusively for internal use attributable to the controller.

When you contact us (e.g. via the contact form), personal data is collected. This data is stored and used

exclusively for the purpose of responding to your request and the associated technical administration.

The legal basis for the processing of the data is our legitimate interest in responding to your request in

accordance with Art. 6 para. 1 lit. f) GDPR. If the purpose of your contact is to conclude a contract, the

additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after

final processing of your request; this is the case if it can be inferred that the matter in question has

been conclusively clarified and provided that there are no statutory or legal retention obligations to

prevent deletion.

By registering on the controller's website, the IP address assigned by the data subject's Internet service

provider (ISP), the date and time of registration are also stored. This data is stored against the

background that this is the only way to prevent the misuse of our services and, if necessary, to make

it possible to investigate criminal offenses committed. In this respect, the storage of this data is

necessary to safeguard the controller. This data will not be passed on to third parties unless there is a

statutory or legal obligation to pass it on or it serves the purpose of criminal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to

offer the data subject content or services which, due to the nature of the matter, can only be offered

to registered users or those who explicitly request this. These persons are free to modify the personal

data provided to at any time or to have them completely deleted from the controller's database.

The controller shall provide any data subject at any time upon request with information about what

personal data is stored about the data subject. Furthermore, the controller shall rectify or erase

personal data at the request or indication of the data subject, insofar as this does not conflict with any

statutory or legal retention obligations. All of the controller's employees are available to the data

subject as contact persons in this context. Please also refer to the descriptions of the Zoho tool listed

below.

10. Data protection when registering for the newsletter

After registering for our e-mail newsletter, we will regularly send you information about us, our offers

or the information requested during registration. The provision of further data is voluntary and these

are used, for example, to address you personally. We use the so-called double opt-in procedure to

send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly

confirmed to us that you consent to the sending of newsletters. We will then send you a confirmation

e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding

link.

By clicking on the confirmation link, you give us your consent to the use of your personal data in

accordance with Art. 6 para. 1 lit. a) GDPR. When you register for the newsletter, we store your IP

address entered by the Internet Service Provider (ISP) as well as the date and time of registration in

order to be able to trace any possible misuse of your e-mail address at a later date. The data collected

by us when you register for the newsletter will be used exclusively for the purpose of advertising via

the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the

newsletter. Once you have unsubscribed, your e-mail address will be deleted from our newsletter

mailing list immediately, unless you have expressly consented to further use of your data or we reserve

the right to use data beyond this, which is permitted by law and about which we inform you in this

declaration.

11. Advertising communication via e-mail, post, fax or telephone

We process personal data for the purposes of advertising communication, which may take place via

various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to withdraw their consent at any time or to object to advertising

communication at any time. After revocation or objection, we may store the data required to prove

consent for up to three years on the basis of our legitimate interests before deleting it. The processing

of this data is limited to the purpose of a possible defense against claims. An individual request for

erasure is possible at any time, provided that the former existence of consent is confirmed at the same

time.

We process the following types of data: inventory data (e.g. names, addresses), contact data (e.g. e-

mail, telephone numbers) for the purpose of direct marketing (e.g. by e-mail or post) and rely on your

consent (Art. 6 para. 1 lit. a) GDPR) and the legitimate interest (Art. 6 para. 1 lit. f) GDPR) as the legal

basis.

12. Online marketing

We process personal data for online marketing purposes, which may include in particular the

marketing of advertising space or the presentation of advertising and other content (collectively

referred to as "content") based on the potential interests of users and the measurement of their

effectiveness. For these purposes, so-called user profiles are created and stored in a file (so-called

"cookie") or similar procedures are used, by means of which the user data relevant for the presentation

of the aforementioned content is stored. This information may include, for example, content viewed,

websites visited, online networks used, but also communication partners and technical information

such as the browser used, the computer system used and information on usage times. If users have

consented to the collection of their location data, this can also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e.

pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such

as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This

means that neither we nor the providers of the online marketing procedures know the actual identity

of the users, but only the information stored in their profiles. This applies as long as the user has not

filled out a contact form on our website and thus consented to the storage and processing of personal

data.

The information in the profiles is generally stored in cookies or by means of similar procedures. These

cookies can generally also be read later on other websites that use the same online marketing process

and analyzed for the purpose of displaying content as well as supplemented with further data and

stored on the server of the online marketing process provider.

In exceptional cases, clear data can also be assigned to the profiles without sending a contact form on

our website. This is the case, for example, if the users are members of a social network whose online

marketing process we use and the network links the users' profiles with the aforementioned data.

Please note that users can make additional agreements with the providers, e.g. by giving their consent

during registration.

In principle, we only receive access to summarized information about the success of our

advertisements. However, as part of so-called conversion measurements, we can check which of our

online marketing procedures have led to a so-called conversion, i.e., for example, to the conclusion of

a contract with us. The conversion measurement is used solely to analyze the success of our marketing

measures.

Unless otherwise stated, we ask you to assume that the cookies used are stored for a period of two

years.

The legal basis for the processing of your data is Art. 6 para. 1 lit. a) GDPR, provided that we ask for

your consent to the use of the respective third-party providers. Otherwise, our legitimate interest in

efficient, user-friendly and economical services constitutes the legal basis for data processing in

accordance with Art. 6 para. 1 lit. f) GDPR.

Processed data types: Usage data (e.g. websites visited, interest in content, access times),

meta/communication data (e.g. device information, IP addresses), location data (data indicating the

location of an end user's end device).

Data subjects: Users (e.g. website visitors, users of online services), interested parties, customers,

employees (e.g. employees, applicants, former employees), communication partners.

Purposes of Processing: Targeting (e.g. profiling based on interests and behavior, use of cookies),

Remarketing, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user

profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web

Analytics (e.g. profiling based on interests and behavior), Web Analytics (Measurement of the

effectiveness of marketing activities), Web Analytics (e.g. profiling based on interests and

behavior).(e.g. access statistics, recognition of returning visitors), cross-device tracking (cross-device

processing of user data for marketing purposes), target group formation (determination of target

groups relevant for marketing purposes or other output of content), click tracking.

Security measures: IP masking (pseudonymization of the IP address).

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

13. Appearances and offers in social networks and on online platforms

We are active on social networks in order to make our services and related information accessible to

a large number of people.

We would like to point out that the social media we use operate worldwide and therefore it cannot be

ruled out that your personal data may also be processed outside the EU. To ensure that your data

protection rights are also protected in the event of a transfer to third countries, a transfer will only

take place in accordance with Art. 44 et seq. GDPR.

We would also like to draw your attention to the fact that the respective platform operators may

process your personal data independently and merge it into user profiles. In some cases, this may occur

even if you do not have a user account with the respective social network. If you are registered as a

user with one of the networks, the use of the content provided by us will be evaluated and assigned

to your profile. This happens regardless of which devices you use to access the media. The purpose of

tracking and profiling is to offer you an optimal user experience and to place advertising tailored to

you - inside and outside the network. You can find out which techniques the respective operator uses

to process your personal data and which opt-out options you have in this regard in the corresponding

data protection declarations of the social network and in the further information (see below).

If you would like to make use of your rights as a data subject, we recommend that you contact the

respective operator of the social network directly. As a rule, fino data services GmbH does not have

access to the personal data processed by the respective operators.

fino data services GmbH receives personal data from the operators of social networks to the extent

that you allow this through the settings you have made in the network. The operator of the social

network may provide us with information such as your name, your user ID, your profile picture, your

network, your gender, your user name, your age or age group, your language, your country, your

friends list, your followers list and any other information that you have given your consent to provide

or that the social network provides to us (e.g. reports on interaction with our presence on the

respective platforms).

fino data services GmbH processes the personal data you provide in order to share your opinions with

your friends, followers or contacts in the associated social network and to optimize our presence and

its reach in social media. The processing is therefore based on our legitimate interests in reporting on

our offers and services and carrying out public relations / PR in general.

Types of data that are processed by you when you visit social networks (depending on the setting and

network) Master data (e.g. user name, name), contact data (e.g. e-mail address), usage data (e.g. usage

times, activities), content data (e.g. data provided by you, such as comments), metadata (device ID,

network and connection, cookie data

Data subjects affected by the data processing: The respective user of the social network or the device

owner with whose devices the service is used.

Purposes: Reporting, public relations / PR in general, tracking (e.g. provision of measurements, analysis

of surfing and user behavior), reach measurement (e.g. access figures, views).

Legal basis (depending on your relationship with the respective operator of the social network): Our

legitimate interests or the legitimate interests of third parties (e.g. of the platform providers) (see

above) (Art. 6 para. 1 lit. f) GDPR). If you have a user account with a social network and have consented

to the transfer of your data to third parties as part of your data protection settings, consent to tracking

(Art. 6 para. 1 lit. a) GDPR) may also be considered as a legal basis.

14. Recipients or categories of recipients

Depending on the purpose for which the personal data is collected, we transfer this data to the

following recipients or categories of recipients, for example, or they are directly involved in the

processing of the personal data:

• Provider

• IT service providers

• other recipients depending on the tools and functionalities used (please also refer to the last

section of this statement, where the possible recipients in this regard are described in detail).

Insofar as there are links to websites of other providers, this privacy policy does not apply to their

content. What data the operators of these sites may collect is beyond our knowledge and sphere of

influence.

15. Transfer to third countries

If we transfer personal data to service providers outside the European Economic Area (EEA), the

transfer will only take place if the third country has been confirmed by the EU Commission to have an

adequate level of data protection or if other appropriate data protection guarantees (e.g. binding

internal company data protection regulations or EU standard contractual clauses) are in place. In

addition to the other information mentioned in this declaration, please also pay particular attention

to the last section of this declaration, in which the tool-related possible recipients in this regard are

described in detail, including the location details.

16. Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the

application process. Processing may also be carried out electronically. This is particularly the case if an

applicant submits relevant application documents to the controller by electronic means, for example

by email or via a web form on the website. If the controller concludes an employment contract with

an applicant, the transmitted data will be stored for the purpose of processing the employment

relationship in compliance with the statutory provisions. If the controller does not conclude an

employment contract with the applicant, the application documents will be automatically deleted no

later than six months after notification of the rejection decision, unless deletion conflicts with any

other legitimate interests of the controller pursuant to Art. 6 para. 1 lit. f) GDPR. Other legitimate

interest in this sense is, for example, a burden of proof in proceedings under the General Equal

Treatment Act (AGG).

17. Definitions of terms

This data protection declaration is based on the terms used by the European legislator for the adoption

of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and

understand for the public as well as for our customers and business partners. To ensure this, we would

like to explain the terminology used in advance.

We use the following terms, among others, in this privacy policy

(a) personal data

"Personal data" means any information relating to an identified or identifiable natural person

(hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or

indirectly, in particular by reference to an identifier such as a name, an identification number, location

data, an online identifier or to one or more factors specific to the physical, physiological, genetic,

mental, economic, cultural or social identity of that natural person.

b) Data subject

"Data subject" means any identified or identifiable natural person whose personal data are processed

by the controller.

c) Processing

"Processing" means any operation or set of operations which is performed on personal data or on sets

of personal data, whether or not by automated means, such as collection, recording, organization,

structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,

dissemination or otherwise making available, alignment or combination, restriction, erasure or

destruction.

d) Restriction of processing

"Restriction of processing" is the marking of stored personal data with the aim of restricting its future

processing.

e) Profiling

"Profiling" means any form of automated processing of personal data consisting of the use of personal

data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict

aspects concerning that natural person's performance at work, economic situation, health, personal

preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

"Pseudonymization" means the processing of personal data in such a manner that the personal data

can no longer be attributed to a specific data subject without the use of additional information,

provided that such additional information is kept separately and is subject to technical and

organizational measures to ensure that the personal data are not attributed to an identified or

identifiable natural person.

g) File system

"filing system" means any structured set of personal data which are accessible according to specific

criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

h) Controller or controller responsible for the processing

"Controller" (or "controller") means the natural or legal person, public authority, agency or other body

which, alone or jointly with others, determines the purposes and means of the processing of personal

data; where the purposes and means of such processing are determined by Union or Member State

law, the controller or the specific criteria for its nomination may be provided for by Union or Member

State law.

i) Processor

"Processor" means a natural or legal person, public authority, agency or other body which processes

personal data on behalf of the controller.

j) Recipient

"Recipient" means a natural or legal person, public authority, agency or another body, to which the

personal data are disclosed, whether a third party or not. However, public authorities which may

receive personal data in the framework of a particular inquiry in accordance with Union or Member

State law shall not be regarded as recipients.

k) Third party

"Third party" means a natural or legal person, public authority, agency or body other than the data

subject, controller, processor and persons who, under the direct authority of the controller or

processor, are authorized to process personal data.

l) Consent

"Consent" of the data subject is any freely given, specific, informed and unambiguous indication of the

data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies

agreement to the processing of personal data relating to him or her.

m) Company

"Company" means a natural or legal person that carries out an economic activity, regardless of its legal

form, including partnerships or associations that regularly carry out an economic activity.

n) Group of companies

"Group of companies" means a group consisting of a controlling company and the companies

dependent on it.

18. Rights of the data subject

a) Right to confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller

the confirmation as to whether or not personal data concerning him or her are being processed. If a

data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact

any employee of the controller.

b) Right to information

Any person affected by the processing of personal data has the right, granted by the European

legislator of directives and regulations, to obtain from the controller free information about the

personal data stored about him/her and a copy of this information at any time. Furthermore, the

European legislator has granted the data subject access to the following information

• the purposes of the processing

• the categories of personal data being processed

• the recipients or categories of recipients to whom the personal data have been or will be

disclosed, in particular recipients in third countries or international organizations

• where possible, the envisaged period for which the personal data will be stored, or, if not

possible, the criteria used to determine that period

• the existence of the right to request from the controller rectification or erasure of personal

data or restriction of processing of personal data concerning the data subject or to object to

such processing

• the existence of the right to lodge a complaint with a supervisory authority

• if the personal data are not collected from the data subject: All available information about

the origin of the data

• the existence of automated decision-making, including profiling, referred to in Article 22(1)

and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as

well as the significance and the envisaged consequences of such processing for the data

subject

• Furthermore, the data subject has a right to information as to whether personal data has been

transferred to a third country or to an international organization. If this is the case, the data

subject also has the right to obtain information about the appropriate safeguards in

connection with the transfer.

• If a data subject wishes to avail himself of this right of access, he or she may, at any time,

contact any employee of the controller.

c) Right to rectification

Any person affected by the processing of personal data has the right granted by the European legislator

of directives and regulations to demand the immediate correction of incorrect personal data

concerning them. Taking into account the purposes of the processing, the data subject shall also have

the right to have incomplete personal data completed, including by means of providing a

supplementary statement. If a data subject wishes to exercise this right to rectification, he or she may,

at any time, contact any employee of the controller.

d) Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European

legislator, to obtain from the controller the erasure of personal data concerning him or her without

undue delay where one of the following grounds applies and insofar as the processing is not necessary:

• The personal data have been collected or otherwise processed for such purposes for which

they are no longer necessary.

• The data subject withdraws consent on which the processing is based according to point (a) of

Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground

for the processing.

• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no

overriding legitimate grounds for the processing, or the data subject objects to the processing

pursuant to Art. 21 (2) GDPR.

• The personal data was processed unlawfully.

• The personal data must be erased for compliance with a legal obligation in Union or Member

State law to which the controller is subject.

• The personal data was collected in relation to information society services offered in

accordance with Art. 8 para. 1 GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of

personal data stored by us, he or she may, at any time, contact any employee of the controller. Our

employee will ensure that the request for deletion is complied with immediately.

Where we have made the personal data public and are obliged pursuant to Art. 17 (1) GDPR to erase

the personal data, we, taking account of available technology and the cost of implementation, shall

take reasonable steps, including technical measures, to inform other controllers processing the

personal data that the data subject has requested erasure by such controllers of any links to, or copy

or replication of, those personal data, as far as processing is not required. Our employee will take the

necessary steps in individual cases.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right granted by the European legislator

of directives and regulations to require the controller to restrict the processing if one of the following

conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period enabling the

controller to verify the accuracy of the personal data.

• The processing is unlawful and the data subject opposes the erasure of the personal data and

requests the restriction of their use instead.

• The controller no longer needs the personal data for the purposes of the processing, but they

are required by the data subject for the establishment, exercise or defense of legal claims.

• The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the

verification whether the legitimate grounds of the controller override those of the data

subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of

the processing of personal data stored by us, he or she may at any time contact any employee of the

controller. The employee will arrange for the processing to be restricted.

f) Right to data portability

Any person affected by the processing of personal data has the right, granted by the European

legislator, to receive the personal data concerning him or her, which he or she has provided to a

controller, in a structured, commonly used and machine-readable format. He or she also has the right

to transmit those data to another controller without hindrance from the controller to which the

personal data have been provided, where the processing is based on consent pursuant to point (a) of

Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1)

GDPR and the processing is carried out by automated means, provided that the processing is not

necessary for the performance of a task carried out in the public interest or in the exercise of official

authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Art. 20 (1) GDPR, the data

subject shall have the right to have the personal data transmitted directly from one controller to

another, where technically feasible and when doing so does not adversely affect the rights and

freedoms of others. In order to assert the right to data portability, the data subject may at any time

contact any employee of us using the contact details provided above.

g) Right to object

Any person affected by the processing of personal data has the right granted by the European legislator

to object, on grounds relating to his or her particular situation, at any time to processing of personal

data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to

profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate

compelling legitimate grounds for the processing which override the interests, rights and freedoms of

the data subject or for the establishment, exercise or defense of legal claims.

If we process personal data for direct marketing purposes, the data subject shall have the right to

object at any time to processing of personal data concerning him or her for such marketing. This also

applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to

us to the processing for direct marketing purposes, we will no longer process the personal data for

these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to

object to processing of personal data concerning him or her by us for scientific or historical research

purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary

for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject can contact one of our employees directly. The data

subject is also free, in the context of the use of information society services, and notwithstanding

Directive 2002/58/EC, to exercise his or her right to object by automated means using technical

specifications.

h) Automated decisions in individual cases including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision

based solely on automated processing, including profiling, which produces legal effects concerning him

or her, or similarly significantly affects him or her, as long as the decision

(1) is not necessary for the conclusion or performance of a contract between the data subject and the

controller, or

(2) is authorized by Union or Member State law to which the controller is subject and which also lays

down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests;

(3) with the express consent of the data subject.

If the decision

(1) is necessary for entering into, or performance of, a contract between the data subject and the

controller, or

(2) is made with the express consent of the data subject,

we shall take reasonable steps to safeguard the rights and freedoms and legitimate interests of the

data subject, including at least the right to obtain the intervention of a person on the part of the

controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he

or she may, at any time, contact any employee of the controller.

i) Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right granted by the European legislator

of directives and regulations to revoke consent to the processing of personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time,

contact any employee of the controller.

j) Right to lodge a complaint with the data protection supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the option of

lodging a complaint with the above-mentioned data protection officer or a data protection supervisory

authority in accordance with Art. 77 GDPR.

The data protection supervisory authority responsible for us is

The Hessian Commissioner for Data Protection and Freedom of Information

P.O. Box 3163

65021 Wiesbaden

You are also welcome to contact our data protection officer using the contact details given under point

19. Cookies

Our website uses cookies. Cookies are text files that are placed and stored on an information

technology system (e.g. computer, notebook, smartphone, tablet) via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID

is a unique identifier for the cookie. It consists of a string of characters through which websites and

servers can be assigned to the specific internet browser in which the cookie was stored. This enables

the websites and servers visited to distinguish the individual browser of the data subject from other

Internet browsers that contain other cookies. A specific Internet browser can be recognized and

identified via the unique cookie ID.

Through the use of cookies, we can provide users of this website with more user-friendly services that

would not be possible without the setting of cookies.

By means of a cookie, the information and offers on our website can be optimized for the benefit of

the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose

of this recognition is to make it easier for users to use our website. For example, the user of a website

that uses cookies does not have to check the cookie banner every time they visit the website and make

a selection here or, for example, re-enter their access data on the website because this is taken over

by the website and the cookie stored on the user's computer system. Another example is the cookie

of a shopping basket in an online store. The online store can use a cookie to remember the items that

a customer has placed in the virtual shopping cart.

The data subject can prevent the setting of cookies by our website at any time by means of a

corresponding setting of the Internet browser used and thus permanently object to the setting of

cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet

browser or other software programs. This is possible in all common Internet browsers. If the data

subject deactivates the setting of cookies in the Internet browser used, not all functions of our website

may be fully usable.

20. Consent consent tool

We use a cookie consent tool, also known as a "cookie banner" or (more accurately) "consent banner",

to obtain the aforementioned cookies and your consent to this and also for any third-party connections

(see the following section).

21. Deployment and use of other applications, plugins and tools

As you know from our entire range of services: We want to offer you the best possible service. We

have therefore integrated various applications, plug-ins and tools (in future: "tools") on our website.

Depending on their function, these can, for example, optimize the loading times of our website,

simplify its use, support us in improving our offer or increase security.

Under the link "Consent settings" in the footer of our website, you can make adjustments to the

consent controlled by the consent tool used there.

The specific information on the tools used is explained below.

Data protection provisions about the application and use of AWS

We have integrated the third-party provider AWS on our website. The operating company of AWS is

Amazon Web Services, Inc. with its registered office at 410 Terry Avenue North, Seattle, WA 98109-

5210, USA. AWS is a cloud storage service that enables us to securely store and access files and data

in the cloud. By integrating AWS, we can optimize the loading times of our website, guarantee

scalability and ensure reliable data storage. As part of these functions, personal data such as IP

addresses, usage data and metadata may be transmitted and stored. We only process personal data

for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, the data is

blocked and deleted in accordance with the standards of the deletion concept here, unless legal

regulations prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage

period has expired if you have not already deleted it yourself before this period expires.

Purposes of the processing

AWS is suitable for us to use a reliable and scalable data storage solution for our website, APPs and

functionalities. By using AWS, we can ensure that our data is available at all times and that high

performance is guaranteed.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this.

We also have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para.

1 lit. f) GDPR (legitimate interest).

Further information on the processing of personal data can be found in the privacy policy of Amazon

Web Services: https://aws.amazon.com/de/privacy/

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. However, in individual cases this

may mean that various functions (such as , for example, the country selection or shopping baskets) on

the websites you visit may no longer work even if you want them to.

Data protection provisions about the application and use of Calendly

We have integrated the Calendly service on our website. The operating company of Calendly is

Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.

Calendly is a service that makes it easy to arrange meetings. Calendly is linked to the provider's

appointment calendar so that website visitors and interested parties can select free time slots. The

information provided by the user in the Calendly form, including the data entered there, is stored by

us and Calendly for the purpose of processing the request and in the event of follow-up questions. We

only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data will be blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purposes of the processing

Calendly is suitable for us to be able to offer a better and smoother online service. For example, the

use of Calendly leads to greater efficiency by simplifying the coordination of a meeting.

Legal basis

We require your consent to use the tool, which is the legal basis according to § 25 para. 1 TDDDG and

Art. 6 para. 1 lit. a) GDPR (consent). We obtain this consent through our consent tool described above

and document this.

We also have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para.

1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can

find details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the handling of personal data in Calendly's privacy policy:

https://calendly.com/privacy

Possibility to object

In principle, you always have the option of freely managing the setting, management and deletion of

cookies in your browser according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Cloudflare

We have integrated the Cloudflare content delivery network (CDN) on our website. The operating

company of Cloudflare is Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare is a service that makes it possible to reduce the loading times of websites. This means that

websites can be loaded quickly and optimally even during high load peaks. At the same time, Cloudflare

protects its users' websites with an additional firewall and DDOS protection. In order for Cloudflare to

be provided, personal data can be sent from your browser to the service. This enables the provider to

collect and store user data such as your IP address, your browser version, the browser type or the date

of your page visit. Cloudflare states that it processes the data in compliance with the law, including the

GDPR. Third-party providers with whom Cloudflare works may only process personal data under the

direction of Cloudflare and in accordance with the privacy policy and other confidentiality and security

measures. Cloudflare never passes on personal data without our express consent. We only process

personal data for as long as necessary. As soon as the purpose of the data processing has been fulfilled,

the data will be blocked and deleted in accordance with the standards of the deletion concept here,

unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically deleted after

the storage period has expired if you have not already deleted it yourself before this period expires.

Purposes of the processing

Cloudflare is suitable for us to be able to offer you a well-functioning experience on our website. With

the help of Cloudflare, our website can be loaded much faster and at the same time Cloudflare

increases our security against threats.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this.

We also have a legitimate interest in optimizing our online service and making it more secure, which

is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

You can find more information on the handling of personal data in Cloudflare's privacy policy:

https://www.cloudflare.com/dede/privacypolicy/

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of DoubleClick by Google

We have integrated the online marketing tool DoubleClick by Google from Google Inc. The operating

company of DoubleClick by Google is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-

1351, USA. For the European area, the company Google Ireland Limited, Gordon House, Barrow Street

Dublin 4, Ireland, is responsible for all Google services, whereby a joint responsibility is to be assumed.

DoubleClick by Google transmits data to the DoubleClick servers with every impression as well as

through clicks or other activities. Each of these data transfers triggers a cookie request to your browser.

If your browser accepts this request, DoubleClick sets a cookie on your system and stores various usage

data in it. DoubleClick uses a cookie ID, which is required to process the technical procedure. The

cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use

the cookie ID to record which advertisements have already been displayed in a browser in order to

avoid duplication. The cookie ID also enables DoubleClick to record conversions. Conversions are

recorded, for example, if a user has previously been shown a DoubleClick advertisement and

subsequently makes a purchase on the advertiser's website using the same Internet browser. A

DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain

additional campaign identifiers. A campaign identifier is used to identify the campaigns with which the

user has already been in contact. We only process personal data for as long as is necessary. As soon as

the purpose of the data processing has been fulfilled, the data is blocked and deleted in accordance

with the standards of the deletion concept here, unless legal regulations prevent deletion. If a cookie

is set for you, it will be automatically deleted after the storage period has expired if you have not

already deleted it yourself before this period expires.

Purposes of the processing

We use this tool to optimize and display advertising. Among other things, the cookie is used to place

and display user-relevant advertising and to create reports on advertising campaigns or to improve

them. The cookie is also used to avoid multiple displays of the same advertisement.

Each time one of the individual pages of this website, which is operated by us and on which a

DoubleClick component has been integrated, is accessed, the Internet browser on the information

technology system of the data subject is automatically prompted by the respective DoubleClick

component to transmit data to Google for the purpose of online advertising and billing of commissions.

As part of this technical process, Google obtains knowledge of data that Google also uses to create

commission statements. Among other things, Google can track that the data subject has clicked on

certain links on our website.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this.

We also have a legitimate interest in optimizing our offer technically and economically and in

preventing any damage to our company and refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of user data in Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Google's terms of use can be viewed at https://policies.google.com/terms?hl=de&gl=de

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Google Analytics

We have integrated the analysis tracking tool Google Analytics (GA) from Google Inc. The operating

company of Google Analytics is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351,

USA. For the European area, the company Google Ireland Limited, Gordon House, Barrow Street Dublin

4, Ireland, is responsible for all Google services, whereby joint responsibility is to be assumed.

Google Analytics is a data traffic analysis or web analysis service. This describes the collection,

compilation and evaluation of data about the behavior of visitors to websites. If you visit our website

for the first time or if you have already deleted existing cookies, the tool assigns you a unique ID the

first time it recognizes you, which (if one is set) is linked to the cookie set on your computer. If you visit

our website again and the cookie is still present, you will be "recognized" as a returning user and all

new behaviors and actions will be assigned to the existing ID and recorded. This makes it possible to

create and evaluate pseudonymized user profiles. The tool basically collects data about your actions

in relation to our homepage, but also about which website you came to our website from (so-called

referrers), which subpages of the website you accessed or how often and for how long you viewed a

subpage. After consent has been given, these actions are stored in cookies, for example, and/or sent

to Google Analytics servers in the and processed there. Based on this, we receive reports from Google

Analytics that we can use to optimize our offer. If you already have a Google account, there is a

possibility that Google will link this data. However, Google itself does not pass on any data collected

by Google Analytics unless this is required by law. We only process personal data for as long as is

necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and

deleted in accordance with the standards of the deletion concept here, unless legal regulations prevent

deletion. If a cookie is set for you, it will be automatically deleted after the storage period has expired

if you have not already deleted it yourself before this period expires.

Purposes of the processing

The purpose of the Google Analytics component is to analyze visitor flows and user behavior on our

website. Google uses the data and information obtained, among other things, to evaluate the use of

our website, to compile online reports for us that show the activities on our website, and to provide

other services related to the use of our website.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this.

We also have a legitimate interest in optimizing our offer technically and economically and in

preventing any damage to our company and refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest). We

may also use the tool to detect website errors, identify attacks and improve efficiency.

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of user data in Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Google's terms of use can be viewed at https://policies.google.com/terms?hl=de&gl=de.

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of HubSpot

We have integrated HubSpot on our website. The operating company of HubSpot is HubSpot, Inc, 25

First St 2nd Floor Cambridge, MA, USA. For us, the company is HubSpot Germany GmbH. Am

Postbahnhof 17 10243 Berlin is responsible for us.

HubSpot is an all-in-one platform for inbound marketing, sales, CRM and customer service. It supports

companies in their growth and in increasing service quality. HubSpot offers a wide range of tools that

can be used as required. By integrating HubSpot, data such as your IP addresses, the duration of your

visit to our website, your operating system and clickstream data can be collected and processed. We

only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purposes of the processing

HubSpot is suitable for us to facilitate and optimize our day-to-day business and to increase your

satisfaction. HubSpot plays a very central role in our company and has become indispensable for us.

HubSpot also helps us to create a better user experience on our website.

Legal basis

We require your consent to use the tool, which is the legal basis according to § 25 para. 1 TDDDG and

Art. 6 para. 1 lit. a) GDPR (consent). We obtain this consent through our consent tool described above

and document this.

We also have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para.

1 lit. f) GDPR (legitimate interest).

You can find more information on the handling of personal data in HubSpot's privacy policy:

https://legal.hubspot.com/de/privacy-policy .

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of HubSpot Analytics

We have integrated the third-party provider HubSpot Analytics on our website. The operating

company of HubSpot Analytics is HubSpot, Inc, 25 First Street, Cambridge, MA 02141, USA. For us, the

company is HubSpot Germany GmbH. Am Postbahnhof 17 10243 Berlin is responsible for us.

HubSpot Analytics enables us to better understand user behavior on our website and to optimize our

content and offers accordingly. By analyzing the collected data, we can determine, for example, which

pages are particularly popular, how long visitors stay on certain pages and which content arouses less

interest. These findings help us to make our website more user-friendly and to better tailor our offering

to the needs of our visitors.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purposes of the processing

HubSpot Analytics is suitable for us to analyze the use of our website and to better understand how

visitors interact with our content. The data collected enables us to better target our content, optimize

our marketing measures and improve the efficiency of our customer communication.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this.

We also have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para.

1 lit. f) GDPR (legitimate interest).

You can find more information on the handling of personal data in HubSpot's privacy policy:

https://legal.hubspot.com/de/privacy-policy .

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Join

We have integrated the third-party provider "Join" on our website. The operating company of Join is

JOIN Solutions GmbH with its registered office at Schönhauser Allee 36, 10435 Berlin. Join is a

recruiting software that helps companies to hire faster and more efficiently. The software makes it

easy to create job advertisements for over 250 job boards with just one click. Several features are

provided, including the automatic publication of job ads and the effective search for the best

candidates for your company. As part of these functions, certain personal data is processed, such as

your IP address, product and version information about the browser and operating system used (so-

called user agent), the website from which your access took place (so-called referrer), the date and

time of the request and, if applicable, your Internet service provider. We only process personal data

for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, the data

will be blocked and deleted in accordance with the standards of our deletion concept, unless legal

regulations prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage

period has expired if you have not already deleted it yourself before this period expires.

Purposes of the processing

Join is suitable for us to speed up the recruitment process, to publish job advertisements efficiently

and to find the best candidates for our company.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent using our consent tool

described above and document this.

In the case of booked webinars and video feeds, there are also contractual or pre-contractual measures

in accordance with Art. 6 para. 1 lit. b) GDPR.

We also have a legitimate interest in optimizing our online service and refer to Art. 6 para. 1 lit. f) GDPR

(legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find the provider's privacy policy here: https://join.com/de/datenschutz

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of LinkedIn Ads

We have integrated the third-party provider LinkedIn Ads on our website. The operating company of

LinkedIn Ads is LinkedIn Ireland Unlimited Company with its registered office at Wilton Park House,

Wilton Park, Dublin, D02 T95, Ireland. LinkedIn Ads is an advertising platform that enables companies

to display targeted ads to LinkedIn users. By integrating LinkedIn Ads on our website, we can expand

our reach and target potential audiences. LinkedIn Ads processes personal data such as user

interactions, ad views and interests in order to provide personalized ads. We would like to point out

that we only process personal data for as long as is necessary for the respective purpose. Once the

processing purpose has been fulfilled, the data is blocked and deleted in accordance with our internal

guidelines, provided that there are no legal retention obligations to the contrary. If LinkedIn Ads uses

cookies, these are automatically deleted after the storage period has expired or can be deleted by the

user beforehand.

Purposes of the processing

LinkedIn Ads is suitable for us to carry out targeted advertising campaigns and to direct our messages

to a specific, professionally oriented target group. By using LinkedIn Ads, we can increase our visibility

in relevant networks and address potential customers or business partners more effectively.

Legal basis

The legal basis arises from your consent, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent using our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in LinkedIn's privacy policy:

https://www.linkedin.com/legal/privacy-policy .

Option to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of LinkedIn

We have integrated the social network LinkedIn on our website. The operating company of LinkedIn is

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

LinkedIn Ireland Unlimited Company Wilton Place, Dublin, is responsible for data processing in the

European Economic Area and Switzerland, whereby joint responsibility is assumed.

LinkedIn is an internet-based social network that enables users to connect with existing business

contacts and make new business contacts. Over 400 million registered people use LinkedIn in more

than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one

of the most visited websites in the world. Simply by integrating LinkedIn functions, no personal data

or data about your web activities is transferred to LinkedIn. Only when you interact with an integrated

LinkedIn function, for example by clicking on a button, can data be transmitted to LinkedIn, stored and

processed. User data is then stored, which may include your IP address, device data or login data, for

example. We only process personal data for as long as is necessary. As soon as the purpose of the data

processing has been fulfilled, the data will be blocked and deleted in accordance with the standards of

the deletion concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be

automatically deleted after the storage period has expired if you have not already deleted it yourself

before this period expires.

Purposes of the processing

LinkedIn is suitable for us because we are firmly convinced of our offer and our company. It is therefore

essential for us to communicate our company and our offering to the outside world. With its focus on

the business world, the social network is a perfectly suitable communication channel for us.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this.

We also have a legitimate interest in communicating our company and our offer to the outside world,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in LinkedIn's privacy policy:

https://www.linkedin.com/legal/privacy-policy .

Possibility of objection

In principle, you always have the option of freely managing the setting, management and deletion of

cookies in your browser according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of LinkedIn Analytics

We have integrated the third-party provider LinkedIn Analytics on our website. The operating company

of LinkedIn Analytics is LinkedIn Ireland Unlimited Company, Wilton Park House, Wilton Place, Dublin

2, Ireland. LinkedIn Analytics is a powerful analytics service that enables us to better understand and

optimize user behavior on our website. With the help of this service, visitors to this website can be

shown personalized advertisements on LinkedIn. Furthermore, it is possible to create anonymous

reports on the performance of the advertisements and information on website interaction. For this

purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the

LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

This service records various interactions, including page views, clicks and time spent on certain

content. LinkedIn Analytics processes personal data such as IP addresses, device information and, if

applicable, profile information of LinkedIn users. We only process personal data for as long as is

necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and

deleted in accordance with the standards of our deletion concept, unless legal regulations prevent

deletion. If a cookie is set during the use of LinkedIn Analytics, it will be automatically deleted after the

storage period has expired, unless you have removed it yourself beforehand.

Purposes of the processing

LinkedIn Analytics is suitable for us to analyze user behavior on our website and to gain insights into

how visitors interact with our content. This information helps us to improve our website, provide

relevant content and optimize the user experience for our visitors. By analyzing data such as page

views and dwell time, we can make more targeted decisions to improve our online presence.

Legal basis

The legal basis results from your consent, which is the legal basis according to § 25 para. 1 TDDDG and

Art. 6 para. 1 lit. a) GDPR (consent). We obtain this consent using our consent tool described above

and document this. However, it is also possible that this service is used on the basis of an existing

contract, in which case the legal basis is Art. 6 para. 1 lit. b) GDPR (contract). We also have a legitimate

interest in optimizing our online service, which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate

interest). Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of user data in LinkedIn's privacy policy:

https://www.linkedin.com/legal/privacy-policy.

If you are logged in to LinkedIn, you can deactivate data collection at any time by clicking on the

following link: https://www.linkedin.com/psettings/enhanced-advertising.

Option to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Facebook

We have integrated the social network Facebook on our website. The operating company is Die Meta

Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.

For the European area, the company Facebook Ireland Limited, 4 Grand Canal Square Grand Canal

Harbour Dublin 2 Ireland, is responsible for all Facebook services, whereby joint responsibility is to be

assumed.

Facebook is one of the largest and oldest social networks and offers people and companies the

opportunity to communicate with each other. The social network now has over one billion users. In

addition to personal use, Facebook is also an important platform for companies and organizations,

enabling companies to increase their awareness through their Facebook presence as well as their

presence and positioning vis-à-vis consumers. Advertising and branding measures on Facebook are

also possible for an individual fee. Facebook has the option of collecting and storing personal data such

as your IP address, browser version, browser type or the date of your page visit. We only process

personal data for as long as is necessary. As soon as the purpose of the data processing has been

fulfilled, the data is blocked and deleted in accordance with the standards of the deletion concept

here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically deleted

after the storage period has expired if you have not already deleted it yourself before this period

expires.

Purposes of the processing

Facebook is suitable for us because we are firmly convinced of our offer and our company. It is

therefore essential for us to communicate our company and our offering to the outside world. With

its huge number of users, the social network is an indispensable channel that we are happy to use.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this.

We also have a legitimate interest in communicating our company and our offer to the outside world,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in Facebook's privacy policy:

https://de-de.facebook.com/about/privacy/

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of OptinMonster (Omappapi)

We have integrated the third-party provider OptinMonster on our website. The operating company of

OptinMonster is OptinMonster Inc, 2035 Sunset Lake Road, Suite B-2, Newark, DE 19702, USA.

OptinMonster is an online marketing tool that helps us to optimize our website by enabling us to

provide personalized pop-ups, forms and other marketing content. For this purpose, personal data

such as IP address, browser information, date and time of access and information on the use of the

website are processed. We only process personal data for as long as is necessary. As soon as the

purpose of the data processing has been fulfilled, the data is blocked and deleted in accordance with

the standards of the deletion concept here, unless legal regulations prevent deletion. If a cookie is set

for you, it will be automatically deleted after the storage period has expired if you have not already

deleted it yourself before this period expires.

As soon as the purpose of the data processing has been fulfilled, it will be blocked and deleted in

accordance with the standards of the deletion concept here, unless legal regulations prevent deletion.

If a cookie is set for you, it will be automatically deleted after the storage period has expired if you

have not already deleted it yourself before this period expires.

Purposes of the processing

OptinMonster is suitable for us to optimize our external presence and to better reach our website

visitors.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this provider if you have given us your consent to do so.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can

find details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. You can find more

information on the handling of personal data in OptinMonster's privacy policy:

https://optinmonster.com/privacy/

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time . In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Pinterest

We have integrated the provider Pinterest of Pinterest Inc, 808 Brannan Street, San Francisco, CA

94103, USA. Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland is

responsible for the European area, whereby joint responsibility is assumed.

Pinterest is a social network that specializes in graphic representations or photographs and usually

loads the data from servers in the USA. The provider generally collects data through log data that

describes your website behavior, such as your IP address, search history or device data. If you have a

Pinterest account and are logged in while you visit our website, the data collected via our website may

be added to your Pinterest account and used for marketing purposes. We only process personal data

for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, the data

will be blocked and deleted in accordance with the standards of the deletion concept here, unless legal

regulations prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage

period has expired if you have not already deleted it yourself before this period expires. We would

therefore like to point out that, in the opinion of the European Court of Justice (ECJ), there is currently

no adequate level of protection for data transfer to the USA and that there are therefore various risks

for the legality and security of data processing, including your data.

Purposes of the processing

Pinterest is suitable for our company as part of our public image. That is why we are also represented

on Pinterest and also want to showcase our company. We can also use the data collected for marketing

purposes so that we can show our advertising messages to people who are interested in our company

and our services.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this.

We also have a legitimate interest in simple and targeted communication of our company and refer to

Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of user data in Pinterest's privacy policy:

https://policy.pinterest.com/de/privacy-policy.

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Stripe

We have integrated the Stripe service on our website. The operating company of Stripe is Stripe Inc,

510 Townsend St. Francisco, CA 94103, USA. For the European region, the company is Stripe Payments

Europe. Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland is responsible for Europe.

Stripe is a payment provider that enables online payments to be processed in a simple manner. Stripe

also processes the data that the user enters during the payment process in order to ensure the

provision of the service. We only process personal data for as long as is necessary. As soon as the

purpose of the data processing has been fulfilled, the data is blocked and deleted in accordance with

the standards of the deletion concept here, unless legal regulations prevent deletion. If a cookie is set

for you, it will be automatically deleted after the storage period has expired if you have not already

deleted it yourself before this period expires. As we cannot rule out the possibility that servers in the

USA are also used, we would like to point out as a precaution that, in the opinion of the European

Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA

and that there are therefore various risks associated with the legality and security of data processing,

including of your data.

Purposes of the processing

Stripe is suitable for us to optimize our online service and also to enable a simple and fast payment

process via our website.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this.

We also have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para.

1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in Stripe's privacy policy:

https://stripe.com/at/privacy

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Typeform

We have integrated the third-party provider Typeform on our website. The operating company of

Typeform is Typeform S.L., based in Carrer Bac de Roda, 163, 08018 Barcelona, Spain. Typeform is a

provider of online surveys and forms that enable us to create and analyze user-friendly and interactive

forms. When you fill out one of our forms, Typeform processes personal data, such as your IP address,

the answers you enter in the form and technical data collected during use (e.g. operating system,

browser type, language settings). This data is used to provide the survey or form functionalities and is

necessary to store and process the entries you make. We only process personal data for as long as is

necessary. As soon as the purpose of the data processing has been fulfilled, the data will be blocked

and deleted in accordance with the standards of the deletion concept here, unless legal regulations

prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage period has

expired if you have not already deleted it yourself before this period expires.

Purpose of the processing:

Typeform is suitable for us to provide surveys and interactive forms on our website. These help us to

obtain valuable information directly from our users and process it in structured data. This allows us to

collect targeted feedback and improve our services, which ultimately benefits our users.

Legal basis:

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in Typeform's privacy policy:

https://admin.typeform.com/to/dwk6gt

Note on cookie management:

In principle, you always have the option to freely manage the setting, management and deletion of

cookies in your browser according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Vimeo

We have integrated videos from the Vimeo video portal on our website. The operating company of

Vimeo is Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA.

Vimeo is a video portal similar to YouTube. Anyone can upload their videos via a free account and

distribute them on the internet. While the service is essentially free to use, Vimeo still offers the option

of providing paid video content via your own account. Vimeo only keeps 10% of the revenue for itself,

the rest goes to the creators. In addition, every member can create their own channel on Vimeo and

design it as they wish. When you visit our website, your browser connects to the Vimeo servers in

which a Vimeo video is embedded. In the course of this data transfer, Vimeo collects, processes and

stores data such as your IP address, information about your operating system, browser type or your

device information. In addition, Vimeo stores data that describes your user behavior: Interactions on

our website, the bounce rate, how long you are on our website and, of course, our URL itself. If you

are logged into Vimeo during your visit to our website, Vimeo can usually assign the interactions to

your profile. In addition, more data can usually be collected in this case. We only process personal data

for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, the data

will be blocked and deleted in accordance with the standards of the deletion concept here, unless legal

regulations prevent deletion. If a cookie is set for you, it will be automatically deleted after the storage

period has expired if you have not already deleted it yourself before this period expires.

Purposes of the processing

Vimeo is suitable for us to be able to offer you high-quality content in a simple way. With the help of

videos, we can give you a better picture of us, simplify complex issues and offer you a better online

experience on our website.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this.

We also have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para.

1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details

can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. More information

on the handling of personal data can be found in Vimeo's privacy policy: https://vimeo.com/privacy .

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of YouTube

We have integrated videos from the YouTube video portal on our website. The operating company of

YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. It should be noted that the video

portal has been a subsidiary of Google since 2006. For the European area, the company Google Ireland

Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services, whereby

the supervisory authorities have established joint responsibility between the two Google companies.

YouTube is an Internet video portal that enables video publishers to post video clips free of charge and

other users to view, rate and comment on them free of charge. YouTube allows the publication of all

types of videos, which is why both complete film and television programs, but also music videos,

trailers or videos made by users themselves can be accessed via the Internet portal. When you visit

our website, at least one cookie is set on the pages in which a YouTube video is embedded. This stores

your IP address and our URL. If you are logged into YouTube during your visit to our website, YouTube

can generally assign the interactions to your profile. The data stored here includes, for example, your

approximate location, your session duration, the bounce rate and technical information about your

browser type. If you are not logged into your YouTube account or Google account, Google stores data

with a unique identifier that is assigned to your device, browser or app. For example, your preferred

language settings are retained. However, less usage data is stored because fewer cookies are set. We

only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purposes of the processing

YouTube is suitable for us to be able to offer you high-quality content in a simple way. With the help

of videos, we can give you a better picture of us, simplify complex issues and offer you a better online

experience on our website.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this.

We also have a legitimate interest in communicating our company and our offer to the outside world,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Albacross

We have integrated the third-party provider Albacross on our website. The operating company of

Albacross is Albacross Nordic AB, based at Kungsgatan 26, 111 35 Stockholm, Sweden. Albacross offers

a platform for the analysis and optimization of online marketing and lead generation measures. By

integrating Albacross, information about visitors to our website is collected and processed. This

includes data such as the IP address, location data, pages visited, browser type and the date and time

of access. This data is used to identify companies that visit our website and enables targeted marketing.

Albacross uses cookies for this purpose, which are stored on your end device.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purpose of the processing

Albacross is used by us to specifically identify companies that visit our website and to optimize our

marketing measures. This enables us to better address potential business partners and to make our

online offering more targeted.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in the Albacross privacy policy:

https://albacross.com/privacy-policy.

Note on cookies

In principle, you always have the option of freely managing the setting, management and deletion of

cookies in your browser according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Cookiefirst

We have integrated the third-party provider Cookiefirst on our website. The operating company of

Cookiefirst is Digital Data Solutions B.V., Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands.

Cookiefirst offers a consent management tool that supports website operators in obtaining and

documenting the consent of users to the processing of cookies and other tracking technologies in a

legally compliant manner. The tool collects and stores information about which cookies have been

accepted or rejected by visitors to the website, as well as technical data such as the IP address, the

operating system used, browser type and the websites visited. This information is used to manage and

track consent.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purpose of the processing

The third-party tool Cookiefirst is suitable for us to obtain, manage and document the consent of our

website visitors to the use of cookies and tracking technologies in a legally compliant manner. In this

way, we ensure compliance with data protection regulations and improve transparency towards our

users.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through this very consent tool

and document this. We also have a legitimate interest in optimizing our online service, which is why

we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

You can find more information on the handling of personal data in Cookiefirst's privacy policy:

https://cookiefirst.com/legal/privacy-policy.

Note on cookies

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of DATEV eG

We have integrated the third-party provider DATEV eG on our website. The operating company of

DATEV eG is DATEV eG, Paumgartnerstraße 6-14, 90429 Nuremberg, Germany.

DATEV eG offers software and IT services, specializing in particular in the areas of accounting, human

resources management and business consulting. Data such as the IP address, access times, browsers

used and device information as well as other technical data can be processed via the integration. This

information is used, among other things, to provide specific services and optimize internal processes.

In some cases, personal data such as names or contact details may also be processed if this is necessary

for the use of the services.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purpose of the processing

The third-party product DATEV eG is suitable for us to optimize our internal processes, especially in

the areas of accounting and personnel management. With the help of DATEV eG, we can efficiently

and legally process data that is required for handling our business processes. This contributes

significantly to the quality and security of our internal processes.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in DATEV eG's privacy policy:

https://www.datev.com/privacy.

Note on cookies

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser according to your wishes and knowledge. For example, if you do not want this tool to

set cookies and collect information about you and possibly your behavior, you can deactivate the

general setting of cookies in your browser settings at any time. In individual cases, however, this may

mean that various functions (such as shopping baskets) on the websites you visit may no longer work

even if you want them to.

Data protection provisions about the application and use of FinanceAds

We have integrated the third-party provider FinanceAds on our website. The operating company of

FinanceAds is FinanceAds GmbH & Co KG, Karlstraße 9, 90403 Nuremberg, Germany.

FinanceAds is a specialized affiliate marketing network that focuses in particular on the finance and

insurance sector. By integrating FinanceAds, information such as IP address, click behavior, browser

type, operating system and websites visited can be processed. Cookies are also set to track

transactions initiated by partner sites. This information makes it possible to correctly allocate

commission payments and analyze the effectiveness of advertising measures.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purpose of the processing

The third-party product Financeads is suitable for us to effectively implement affiliate marketing

campaigns and to manage commission payments transparently and correctly. It helps us to analyze

and optimize the performance of advertising measures by making interactions between our partners

and our website traceable.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in the FinanceAds privacy policy:

https://www.financeads.com/datenschutz/.

Note on cookies

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Google Appspot

We have integrated the third-party provider Google Appspot on our website. The operating company

of Google Appspot is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For

the European area, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4,

Ireland, is responsible for all Google services, whereby joint responsibility is to be assumed.

Google Appspot is a platform provided by Google that enables the development and hosting of web

applications. By integrating Google Appspot, personal data such as IP addresses, browser type,

operating system, access times and pages visited can be processed. This data can also be used to

ensure the performance and security of the hosted applications. Google Appspot uses cookies and

other technologies to ensure the functionality of its services and to collect data for optimization.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purposes of the processing

The third-party product Google Appspot is suitable for us to provide efficient, scalable web applications

and to ensure their performance and security. It enables us to use modern technologies to improve

our online service and respond to the needs of our users.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this. We also have a legitimate interest in optimizing our online service, which is

why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of user data in Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Google's terms of use can be viewed at https://policies.google.com/terms?hl=de&gl=de

Note on cookies

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time . In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of HubSpot Forms

We have integrated the third-party provider HubSpot Forms on our website. The operating company

of HubSpot Forms is HubSpot, Inc, 25 First Street, Cambridge, MA 02141, USA. For us, the company is

HubSpot Germany GmbH. Am Postbahnhof 17 10243 Berlin is responsible for us.

HubSpot Forms is a tool for creating and managing forms that allows you to collect and manage contact

and other data from website visitors. When using HubSpot Forms, personal data such as name, email

address, telephone number, IP address, browser information, operating system, timestamp and

completed form content are processed. This data is used to improve communication with website

visitors and to optimize support and marketing processes. In addition, HubSpot Forms uses cookies to

recognize returning visitors and to better allocate form data.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing

has been fulfilled, the data is blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purpose of the processing

The third-party product HubSpot Forms is suitable for us to easily create contact forms and effectively

manage their content. It enables us to better process user inquiries, optimize marketing processes and

communicate more efficiently with website visitors.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. We also have a legitimate interest in optimizing our online service,

which is why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

Nevertheless, we only use this tool if you have given us your consent to do so.

You can find more information on the handling of personal data in HubSpot's privacy policy:

https://legal.hubspot.com/privacy-policy.

Note on cookies

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Zoho

We have integrated the third-party provider Zoho to provide our services. The operating company of

Zoho is Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, Netherlands. Zoho offers a

comprehensive suite of cloud-based applications for CRM, project management, marketing, support

and other business-related functions. Through the integration of Zoho, personal data such as name, e-

mail address, telephone number, IP address, browser version, operating system, access time and form

entries can be processed. This data is used to facilitate communication with the users of our services,

to process inquiries efficiently and to analyze the use of the platform. In addition, Zoho uses cookies

to improve the user experience and ensure the functionality of the platform.

We only process personal data for as long as necessary. As soon as the purpose of the data processing

has been fulfilled, the data will be blocked and deleted in accordance with the standards of the deletion

concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be automatically

deleted after the storage period has expired if you have not already deleted it yourself before this

period expires.

Purpose of the processing

The third-party product Zoho is suitable for us to optimize business processes and make them more

efficient. With Zoho, we can manage customer data, carry out marketing campaigns and ensure better

communication with our users. This helps us to fulfill customer requests and analyze business metrics.

Legal basis

We require your consent to use the tool, which is the legal basis in accordance with Section 25 (1)

TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool described

above and document this. We also have a legitimate interest in optimizing our online service, which is

why we refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest).

You can find more information on the handling of personal data in Zoho's privacy policy:

https://www.zoho.com/privacy.html.

Note on cookies

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Google Ads (formerly Google AdWords)

We have integrated the Google Ads marketing tool from Google Inc. The operating company of Google

Analytics is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the

European area, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland,

is responsible for all Google services, whereby joint responsibility is to be assumed.

The Google Ads tool makes it possible to implement advertising measures and ultimately to track the

conversion. The conversion tracking tag is used on our website, which makes it possible to analyze user

actions. We only process personal data for as long as is necessary. As soon as the purpose of the data

processing has been fulfilled, the data is blocked and deleted in accordance with the standards of the

deletion concept here, unless legal regulations prevent deletion. If a cookie is set for you, it will be

automatically deleted after the storage period has expired if you have not already deleted it yourself

before this period expires.

Purposes of the processing

Since we are convinced of our offer, we try to draw attention to ourselves and this is exactly where

Google Ads comes into play. The conversion tracking tool allows us to see which keywords, ads and

campaigns lead to the desired results. This gives us the opportunity to calculate the cost-benefit factor

of our marketing activities and thus ultimately make our website more interesting and targeted for

you and adapt the advertising measures more individually to your needs.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. However, it is also possible that this service is used on the basis

of an existing contract, in which case the legal basis is Art. 6 para. 1 lit. b) GDPR (contract).

We also have a legitimate interest in making our offer and marketing measures more economical and

targeted and refer to Art. 6 para. 1 lit. f) GDPR (legitimate interest). Nevertheless, we only use this tool

if you have given us your consent to do so.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details

can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the handling of user data in Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Google's terms of use can be viewed at https://policies.google.com/terms?hl=de&gl=de.

Possibility of objection

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Varify.io

We have integrated the third-party provider Varify.io® on our website. The operating company of

Varify.io® is Varify GmbH, Südliche Münchner Straße 55, 82031 Grünwald, Germany. Varify.io® enables

us to create A/B tests or dynamic websites from existing websites in just a few minutes, independently

of our CRM or store system. This involves processing personal data such as IP addresses, device

information and user behavior on our website. This data is used to adapt the website content in a

targeted manner and to optimize the user experience. We only process personal data for as long as is

necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and

deleted in accordance with the standards of the deletion concept here, unless legal regulations prevent

deletion. If a cookie is set for you, it will be automatically deleted after the storage period has expired

if you have not already deleted it yourself before this period expires.

Purposes of processing

Varify.io is suitable for us to improve the user experience on our website and to increase the

effectiveness of our online marketing measures through targeted A/B tests and dynamic website

adjustments.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. However, it is also possible that this service is used on the basis

of an existing contract, in which case the legal basis is Art. 6 para. 1 lit. b) GDPR (contract). We also

have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para. 1 lit. f)

GDPR (legitimate interest). Nevertheless, we only use this tool if you have given us your consent to do

so. You can find more information on the handling of personal data in Varify's privacy policy:

https://varify.io/datenschutzerklaerung/

Option to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Data protection provisions about the application and use of Stytch

We have integrated the third-party provider Stytch on our website. The operating company of Stytch

is Stytch, Inc, 555 Montgomery Street, Suite 1700, San Francisco, CA 94111, USA. Stytch offers a

comprehensive platform for modern authentication solutions, including passwordless methods and

traditional password-based authentication. By integrating Stytch, we can provide various

authentication services such as email magic links, single sign-on (SSO) and multi-factor authentication

(MFA). Personal data such as email addresses, IP addresses, device information and usage data are

processed to ensure secure and efficient authentication. We only process personal data for as long as

is necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and

deleted in accordance with the standards of the deletion concept here, unless legal regulations prevent

deletion. If a cookie is set for you, it will be automatically deleted after the storage period has expired

if you have not already deleted it yourself before this period expires.

Purpose of the processing

The use of Stytch enables us to provide secure and user-friendly authentication for our users. By using

these services, we can optimize access to our online offers and at the same time ensure high security

standards.

Legal basis

We require your consent to use the tool, which constitutes the legal basis in accordance with Section

25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). We obtain this consent through our consent tool

described above and document this. However, it is also possible that this service is used on the basis

of an existing contract, in which case the legal basis is Art. 6 para. 1 lit. b) GDPR (contract). We also

have a legitimate interest in optimizing our online service, which is why we refer to Art. 6 para. 1 lit. f)

GDPR (legitimate interest). Nevertheless, we only use this tool if you have given us your consent to do

so. You can find more information on the handling of personal data in Bunny.net's privacy policy:

https://stytch.com/legal/privacy-policy

Possibility to object

In principle, you always have the option to manage the setting, management and deletion of cookies

in your browser freely according to your wishes and knowledge. For example, if you do not want this

tool to set cookies and collect information about you and possibly your behavior, you can deactivate

the general setting of cookies in your browser settings at any time. In individual cases, however, this

may mean that various functions (such as shopping baskets) on the websites you visit may no longer

work even if you want them to.

Status: March 2025