Controller for the purposes of data protection law

PROLIANCE GmbH
Leopoldstr. 21
80802 München
Germany

Phone: +49 89 2500 392 20
Email: info@proliance.ai
Website: www.proliance.ai

Contact Details of the Data Protection Officer

PROLIANCE GmbH
Data Protection Officer
Leopoldstr. 21
80802 München
Email: dsb@proliance.ai‍

When contacting the Data Protection Officer, please state the company your inquiry refers to. Please refrain from attaching sensitive information, such as a copy of your ID, to your inquiry.

Data Processing During Website Operation

Webhosting

This website is hosted by an external service provider. Personal data collected on this website is stored on the host's servers. This may primarily include IP addresses, contact requests, meta and communication data, website access data, and other data generated via a website.

We collect the listed data to ensure a smooth connection to the website and a technically flawless provision of our services. The processing of this data is absolutely necessary to provide you with the website. The legal basis for processing this data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR, in which we oblige them to protect our customers' data and not to disclose it to third parties.

Webflow

For the creation and hosting of our website, we use the services of Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

Description of Data Processing and Purpose

Webflow is a tool for creating and hosting websites. We use these services to provide you with our website.

Personal data collected on this website is stored on the host's servers. This may primarily include IP addresses, contact requests, meta and communication data, website access data, log files, and other data generated via a website.

Webflow also stores cookies or other recognition technologies which are necessary for displaying the page, providing website functions, and ensuring security (technically necessary cookies).

We use Webflow for the purpose of creating and providing our online presence.

Legal Basis for Data Processing

Insofar as we use cookies and similar technologies in connection with the integration of the service, or insofar as data is stored on or read from your terminal device by the service, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in technically improving our website and making our online presence available efficiently.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• Webflow, Inc. 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

We generally have no influence on further data processing by the third-party provider.

Further information on how Webflow handles personal data can be found at https://webflow.com/legal/privacy and at https://webflow.com/legal/eu-privacy-policy.

Data Processing in Third Countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR exists with regard to companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Webflow, Inc. is certified under the EU-U.S. Data Privacy Framework and thus commits to adhering to adequate data protection standards, which can be viewed via the following link: Participant Search (dataprivacyframework.gov).

When transferring your data to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal redress.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses (SCCs) of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are insufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Period

By integrating the services, data is transmitted to the aforementioned recipients and stored there for a period of NUMBER months.

Any additional storage of data processed by the service and provided to us in our own systems takes place for a period of NUMBER months.

Amazon CloudFront (in conjunction with Webflow)

To provide our website, we use Amazon CloudFront, a service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. The service is integrated by our hosting provider Webflow.

The aforementioned provider is the authorized EU representative of Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA.

Description of data processing and purpose

Amazon CloudFront enables us to quickly deliver data to provide our website in the best possible way. The service is a Content Delivery Network (CDN) operated by Amazon Web Services. The CDN uses proxy servers worldwide, allowing companies to quickly and securely deliver content such as web videos or other large media. To do this, proxy servers cache files locally, thereby improving download access speed. In practice, this means companies can offer data-rich content on their websites that users can access without long waiting times.

To make content from our websites available via the service, your personal data is transmitted to Amazon Web Services. The data processed includes, in particular:

• your IP address,
• the accessed website,
• the referrer URL,
• the browser used,
• the operating system used,

We use the service to provide our online presence in the best possible way and without long loading times.

Legal basis for data processing

Insofar as we use cookies and similar technologies as part of the service's integration, or insofar as data is stored or read from your device by the service, this is done in accordance with Section 25 (2) TDDDG. Subsequent data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to technically improve our website and to provide our online presence efficiently.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg,
• Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA.

We generally have no influence over any further data processing by the third-party provider.

Further information on how AWS handles personal data can be found at https://d1.awsstatic.com/legal/privacypolicy/AWS%20Privacy%20Notice%20-%202024-01-01_DE.pdf.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Amazon Web Services, Inc. is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed via the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Duration

By integrating the services on our websites, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us takes place in our own systems.

CloudFlare (in conjunction with Webflow)

To provide our website, we use CloudFlare, a service of Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. The service is integrated by our hosting provider Webflow.

Description of Data Processing and Purpose

CloudFlare enables us to quickly deliver data to provide our website in the best possible way. The service is a Content Delivery Network (CDN). The CDN uses proxy servers worldwide, allowing companies to quickly and securely deliver content such as web videos or other large media. To do this, proxy servers cache files locally, thereby improving download access speed. In practice, this means companies can offer data-rich content on their websites that users can access without long waiting times.

Our hosting provider uses the CDN to make JavaScript files available, which serve to provide modern functionalities even in older browsers that do not inherently possess such features.

In order to make content from our websites available via the service, your personal data is transmitted to the service providers. The data processed includes, in particular:

• your IP address,
• the accessed website,
• the referrer URL,
• the browser used,
• the operating system used.

We use the service to provide our website in the best possible way and without long loading times.

Legal Basis for Data Processing

Insofar as we use cookies and similar technologies as part of the service integration, or insofar as data is stored on or read from your end device by the service, this occurs in accordance with § 25 para. 2 TDDDG. Subsequent data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in technically improving our website and making our online presence efficiently available.

Recipients

When using the service, data collected via our websites is transmitted to the following recipients:

• Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA.

We generally have no influence over further data processing by the third-party provider.

Further information on how the service provider handles personal data can be found at https://www.jsdelivr.com/terms/privacy-policy.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission exists in accordance with Art. 45 para. 1 GDPR for companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and thus commits to adhering to adequate data protection standards, which can be viewed via the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These clauses oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are insufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or if further supplementary measures may need to be taken.

Storage duration

By integrating these services on our websites, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us occurs in our own systems.

jsDelivr (in conjunction with Webflow)

To provide our website, we use jsDelivr, a service of Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, United Kingdom. The service is integrated by our hosting provider Webflow.

Description of data processing and purpose

The service allows us to quickly provide data to ensure our website is available in the best possible way. This service is a Content Delivery Network (CDN). The CDN utilizes proxy servers worldwide, enabling companies to deliver content such as web videos or other large media quickly and securely. These proxy servers temporarily store files locally, thereby improving download access speed. In practice, this means companies can offer data-rich content on their websites that users can access without long waiting times.

To provide content from our websites via the service, your personal data is transmitted to the service providers. The processed data includes, in particular:

• your IP address,
• the accessed webpage,
• the referrer URL,
• the browser used,
• the operating system used,

We use the service to provide our online presence optimally and without long loading times.

Legal Basis for Data Processing

Insofar as we use cookies and similar technologies as part of integrating the service, or insofar as data is stored on or read from your end device by the service, this occurs in accordance with § 25 Para. 2 TDDDG. Subsequent data processing takes place on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is to technically improve our website and provide our online presence efficiently.

Recipients

As part of using the service, the data collected via our websites is transmitted to the following recipients:

• Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, United Kingdom

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the United Kingdom.

For data transfers to the United Kingdom, an adequacy decision by the EU Commission exists in accordance with Art. 45 Para. 1 GDPR, which can be viewed via the following link: Data protection adequacy for non-EU countries.

If your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses (SCCs) of the European Commission are concluded in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the data recipient to process the data in line with European protection standards.

If the standard data protection clauses are insufficient to ensure the required level of protection, additional technical, contractual, or organizational measures are implemented to secure the data transfer. Furthermore, we regularly review and assess whether these additional measures continue to guarantee an adequate level of data protection or if further supplementary measures may be necessary.

Storage Duration

By integrating these services on our websites, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us takes place in our own systems.

Usage Data and Server Log Files

Description of Data Processing and Purpose

When you access our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

• Date and Time of the Request
• Name of the requested file
• Page from which the file was requested (Referrer URL)
• Access Status
• Web browser and operating system used
• (Full) IP address of the requesting computer
• Amount of Data Transferred

We collect the listed data to ensure a smooth connection to the website and the technically flawless provision of our services. The processing of this data is absolutely necessary to provide you with the website. The log files are used to evaluate system security and stability, as well as for administrative purposes.

Legal Basis for Data Processing

The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 (1) Sentence 1 lit. f GDPR.

Retention Period

For reasons of technical security, particularly to prevent attack attempts on our web server, these data are temporarily stored by us. After a maximum of 7 days, the data is anonymized by shortening the IP address at the domain level, making it impossible to establish a reference to the individual user.

In anonymized form, the data may also be processed for statistical purposes. These data are never stored together with other personal data of the user, compared with other data sets, or passed on to third parties.

Data Processing in Connection with Cookies and Similar Technologies

Accessing and Storing Information on End Devices

By using our website, information (e.g., IP address) may be accessed or stored (e.g., cookies) on your end devices. This access or storage may be associated with further processing of personal data within the meaning of the GDPR.

In cases where such access to information or storage of information is absolutely necessary for the technically flawless provision of our services, this is done on the basis of Section 25 (1) Sentence 1, (2) No. 2 TDDDG. Any subsequent data processing may take place on the basis of Art. 6 (1) Sentence 1 lit. f GDPR.

In cases where such a process serves other purposes (e.g., the needs-based design of our website), it is carried out based on Section 25 (1) TDDDG only with your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

Cookies and similar technologies

General Information

On this website, we use services that employ cookies and similar technologies to store data in your device's browser and read already stored data. This may include cookies, your browser's Local Storage, pixels, and so-called tags.

Cookies are small text files that can be stored and read on your device.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session for a certain period.

In addition to cookies, we may use your browser's Session Storage or Local Storage to store and read data there. We may also embed pixels on our websites. Pixels are small individualized image files that are loaded when a page is built and can be used to track user activities.

Finally, we may use tags on our websites. Tags are small HTML or JavaScript code fragments or markers that enable website analysis and user tracking services to distinguish or identify users and track specific user activities.

Further information on the cookies and similar technologies we use can be found below in the descriptions of the cookie categories and in our Consent Management Platform "Usercentrics", which is displayed to you when you visit our website. You can access "Usercentrics" again via the "Cookie Settings" link at the bottom of the website to change your settings.

Please note that without the use of certain cookies and similar technologies, our websites may not be displayed correctly, and some functions may no longer be technically available.

Category Essential

Services in this category may use cookies and similar technologies to store and read information on your device. We use these,

• to enable the display of the website and provide its basic functions, especially page navigation and access to secure areas,
• to enable the submission and revocation of consents,
• to protect our forms from abusive entries,
• to protect our website from cyberattacks and attempted fraud, and
• to enable the display of the website.

Some of the cookies and similar technologies used only contain information about specific settings and are not personally identifiable. We do not use them for the purpose of tracking your interactions, for measurement and statistical analysis, or for advertising purposes.

This category's services, along with corresponding cookies and similar technologies, are used based on Section 25 (2) No. 1, No. 2 TDDDG. Subsequent data processing is carried out based on Art. 6 (1) sentence 1 lit. f GDPR.

Category Functional

Services or external content and media from third-party providers in this category may use cookies and similar technologies to store and read information on your device. We use these,

• to enable the loading of content and media from third-party providers,
• to make our websites appealing to you and operate them efficiently and
• to provide you with certain settings and additional website functions.

The use of services, as well as corresponding cookies and similar technologies in this category, is based on your consent pursuant to Section 25 (1) TDDDG. Subsequent data processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

Category Statistics

Services in this category may use cookies and similar technologies to store and read information on your device. We use these,

• to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and your use of our websites,
• to tailor our websites to your needs and adapt them to user interactions,
• to test website adjustments and measure user reactions to them (A/B testing) and
• to monitor the technical functionality of our website and enable troubleshooting.

For this purpose, individual pseudonymous identifiers (recognition features) consisting of numbers and letters are regularly stored in cookies on your device by us and the services when you visit our website and are read again when you revisit it.

The use of pseudonyms allows for individual differentiation and recognition of users. However, the natural person behind a pseudonym usually cannot be directly identified, especially not by name, without further, additional data.

Regularly, other technologies may also be used to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, where data from properties of the browser you use (e.g., type and version of the browser) and its configuration (e.g., preferred language), from properties of your device (e.g., manufacturer and model of your mobile phone, operating system), or from the hardware you use (e.g., screen resolution) are used to pseudonymously recognize you as a distinct user.

The use of services, as well as corresponding cookies and similar technologies in this category, is based on your consent pursuant to Section 25 (1) TDDDG. Subsequent data processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

Category Marketing

Services in this category may use cookies and similar technologies to store and read information on your device. We use these,

• to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and your use of our websites,
• to track your interactions with advertisements placed by us via third parties on other websites across various devices and websites (so-called conversion tracking),
• to be able to understand and evaluate your interactions with our website, and to subsequently use this as the basis for targeted advertising campaigns in advertising networks, aimed at you or a specific target group to which you belong (so-called retargeting and remarketing),
• to improve the effectiveness of our advertising measures and to control our advertising campaigns.

For this purpose, individual pseudonymous identifiers (recognition features) consisting of numbers and letters are regularly stored in cookies by us and the services on your end device when visiting another website or our website, and are read out again when you revisit this or a new website.

Regularly, other technologies may also be used to read recognition features from your end device, such as in the case of so-called browser or device fingerprinting, where data from properties of the browser you are using (e.g., type and version of the browser) and its configuration (e.g., preferred language) or from properties of your end device (e.g., manufacturer and model of your mobile phone, operating system) or the hardware you are using (e.g., screen resolution) are used to pseudonymously recognize you as a distinct user.

If applicable, the processed pseudonymous recognition features can also be merged with other data by us or the providers of the services used.

Thus, the services we use and their providers can exchange and compare recognition features (IDs) among themselves to merge the features in case of a match and assign them to the same pseudonymous user (so-called ID Matching/ID Syncing). This enables cross-device, cross-platform, and cross-advertising network recognition and advertising targeting of website visitors.

If you identify yourself with your clear data such as name or email address, or enter your own user data on our websites, or log in to social networks or online services from third-party providers that also provide us with corresponding tracking and advertising services, pseudonymous recognition features can also be linked to your clear data or user data.

In this way, we or the service providers can create and evaluate comprehensive pseudonymous or non-pseudonymous user profiles, which are then used for targeted advertising based on your interests.

The use of the services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 (1) TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

Consent management via Consent Management Platform Usercentrics

On our websites, we use the consent management platform "Usercentrics" from Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, to manage your consent for the use of cookies and similar technologies.

Description of data processing and purpose

We use the service to manage your consent for the use of cookies and similar technologies, as well as for the subsequent data processing.

If you give or refuse consent via our consent banner, the service processes the following data:

• Your device information
  • the description of the web browser and operating system used
  • the language used by your browser and operating system
  • Device ID
• Website and banner data
  • the ID of the website operator and the address of the website where you give your consent
  • the language of the consent banner
  • the version of the banner template
• IP address
• geographical location

• Consent data
  • Your Consent ID for assigning and requesting your consent data
  • the date and time of consent
  • Your consent status regarding the cookies and similar technologies we use, or regarding the services used, which serves as proof of your consent.

This data is logged on the provider's servers. During data processing, data is stored in the browser's session storage and local storage, and a pixel is used to save your consent status on your terminal device, read it out again, and compare it upon revisiting the page.

In this way, we are able to check your consent status on all subsequent and future visits to our websites and, according to your decision regarding the use of cookies and other technologies, activate or deactivate them upon revisiting the page.

Legal basis for data processing

Insofar as we use cookies and similar technologies in connection with the integration of the service, or insofar as data is stored on or read from your terminal device by the service, this occurs in accordance with § 25 Para. 2 TDDDG. Subsequent data processing takes place on the basis of Art. 6 Para. 1 S. 1 lit. c GDPR in conjunction with Art. 5 Para. 2 GDPR, or on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR to protect our legitimate interest.

Our legitimate interest is to centrally manage cookies and similar technologies, as well as integrated services, on our website, and to provide you with an easy way to give and withdraw your consent. This enables us to fulfill our legal obligations under § 25 TDDDG and our accountability obligation pursuant to Art. 5 Para. 2 GDPR regarding your consent.

Recipients

When using the service, data collected via our websites is transmitted to the following recipients:

• Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich.

Further information on how the provider handles personal data can be found at https://usercentrics.com/de/datenschutzerklaerung/.

Storage duration

By integrating the services on our websites, data is transmitted to the aforementioned recipients and processed there for as long as necessary to achieve the stated purposes. Further storage of data processed by the service and provided to us in our own systems does not typically occur. In individual cases, data regarding the time, status, and scope of consent may also be stored longer in our own systems, provided this is permissible for other purposes mentioned in this declaration.

Google Tag Manager

On our websites, we integrate the "Google Tag Manager" service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of Data Processing and Purpose

"Google Tag Manager" is a Tag Management System (TMS) that allows us to integrate and manage additional website content in JavaScript or HTML code.

In particular, so-called tags can be integrated and managed on our website via it. Tags are small code fragments or markers (web beacons, tracking pixels, or similar markers) that enable website analysis services or user tracking to distinguish or identify users.

The analysis of website visits or user tracking is not carried out by "Google Tag Manager" itself, but by the services used for these purposes, such as "Google Analytics" or other third-party solutions. Rather, "Google Tag Manager" merely serves to integrate and manage the tags necessary for analysis or tracking on our websites.

Since "Google Tag Manager" is provided by Google and reloaded from its servers when a page is accessed, the usage data technically required for page access is also transmitted. In this respect, Google also receives your IP address, which is technically necessary for retrieving the content.

Legal Basis for Data Processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on § 25 para. 1 TDDDG. The subsequent data processing is based on Art. 6 para. 1 sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to reopen "Usercentrics" and change your settings.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence over further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to adhering to adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Data Protection Clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Duration

By integrating the service on our websites, data is transmitted to the aforementioned recipients and processed there for as long as necessary to achieve the stated purposes.

Google Analytics

On our websites, we integrate the Google Analytics service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of Data Processing and Purpose

"Google Analytics" creates usage profiles based on pseudonyms (recognition features from cookie and device ID and other data about the device used or the so-called browser fingerprint) and usage data (e.g., name and address of website content requested by your browser, referral links, description of the web browser and operating system used, and the IP address of the requesting device).

Also,

• demographic data (such as continent, country, region, city, age, gender, and user interests)
• Data on your interactions with search engines or other websites,
• Data on your interactions with our websites (subpages visited, data on visit times, button clicks, scroll depth, reading depth, as well as the use of filters, search functions, forms, and other input and registration options, data on products and services you have viewed on our websites), as well as
• Data on your interactions with social media networks

collected and analyzed.

In this way, Google can pseudonymously recognize website visitors and the devices they use, count them as such, and assign them to specific demographic target groups, interest groups, or customer segments.

Visitors who have their own user account on Google platforms can also be identified by Google across devices as visitors to our websites.

Data collection and processing on our websites is carried out using cookies and JavaScript code, which is loaded and executed in your device's browser when you visit a page. This JavaScript code then allows cookies to be stored on your device and various information to be read from your device and from cookies stored there. Details on the cookies and similar technologies used can be found above under "Data processing in connection with cookies and similar technologies" and via the information available through our consent management platform "Usercentrics".

From the processed information, Google creates aggregated statistics for us, from which we can see what interests the users of our websites and how many users have interacted with our websites in what way.

We only receive aggregated statistics (aggregated data) from Google, from which we, as users of Google advertising services, cannot draw conclusions about individual persons.

We then use these insights to display target group-oriented online advertising measures and marketing campaigns in advertising networks, particularly in Google advertising services.

Legal Basis for Data Processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 para. 1 sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the webpage to reopen "Usercentrics" and change your settings.

Recipients

As part of using the services, the data collected via our websites is transferred to the following recipients:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence over further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission exists in accordance with Art. 45 para. 1 GDPR for companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed via the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses (SCCs) of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These clauses oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are insufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or if further supplementary measures need to be taken.

Storage Period

By integrating the services on our websites, data is transmitted to the aforementioned recipients and stored there for a period of 14 months. No further storage of the data processed by the service and provided to us takes place in our own systems.

Google Advertising Services and Functions: Google Ads, Google Ads Conversion Tracking, Google Marketing Platform (formerly Google DoubleClick), Google AdSense, Google Ads Remarketing.

On our websites, we integrate Google advertising services and functions from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the services are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of Data Processing and Purpose

We use Google Marketing services and functions such as Google Ads, Google Ads Conversion Tracking, Google Ads Retargeting, and the Google Marketing Platform to display and manage target group-oriented advertisements for our products and services via Google's advertising network, and to measure how successful these advertisements are.

Data collection and processing on our websites is carried out using cookies and JavaScript code, which is loaded when the page is accessed and executed in your device's browser. With the help of this JavaScript code, cookies can then be stored on your device and various information from your device, as well as from cookies stored there, can be read out. Details on the cookies and similar technologies used can be found above under "Data processing in connection with cookies and similar technologies" and via the information you can retrieve through our consent management platform "Usercentrics".

In this way, Google can pseudonymously recognize website visitors and the end devices they use. Visitors who have their own user account on Google platforms can also be identified by Google across devices as visitors to our websites.

If you click on an ad placed for us via Google, cookies for conversion tracking are set by the website or app of other providers. These are read again when our page is accessed. Data from the original website or app is processed to determine which search terms (keywords) you may have entered in a search engine, which advertisement or groups of advertisements you clicked on, and which of our online marketing campaigns the advertisement was assigned to.

Subsequently, we collect data on our websites about how you have used our website and how you have interacted with the website content, e.g., which subpages were accessed, which content was clicked or retrieved, or which forms or dialogues you used. The transformation of an advertisement into a specific action by the website visitor on a website is referred to as a conversion.

When "Google Analytics" is used simultaneously, we can evaluate your actions on our websites even more precisely with the data collected through it.

From the processed information, Google creates summarized statistics for us within the framework of "Google Ads Conversion Tracking" in "Google Ads" and the "Google Marketing Platform". These statistics show us how many users reacted to our advertisements and in what way. We only receive summarized statistics (aggregated data) from Google, from which we, as users of Google advertising services, cannot draw conclusions about individual persons.

Based on these statistics, we can optimize the effectiveness of our online advertising and manage our advertising strategy through Google advertising services.

Google Ads Remarketing subsequently allows us to display interest- and target group-specific advertisements during your further internet or app usage, based on the websites and content you have visited with us, how you have used them, and what actions (conversions) you have taken on our websites.

Legal Basis for Data Processing

The legal basis for integrating and using the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Recipients

When using the services, the data collected via our websites is transmitted to the following recipients:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence over further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR concerning companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage duration

By integrating the services on our websites, data is transmitted to the aforementioned recipients and processed there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us takes place in our own systems.

Meta Pixel and other Meta Marketing Services and Features: Meta Conversion Tracking, Meta Custom Audiences, Meta Retargeting, Meta Ads Manager

On our websites, we integrate the "Meta Pixel" from Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Description of data processing and purpose

We use the Meta Pixel and other Meta marketing services and features such as Meta Custom Audiences, Meta Conversion Tracking, Meta Retargeting, and the Meta Ads Manager to display and manage targeted advertisements for our products and services on Meta social media platforms Facebook and Instagram, and to measure the success of these advertisements.

Data collection and processing on our website is carried out via the "Meta Pixel". This is a JavaScript code that is loaded when the page is accessed and executed in your device's browser. With the help of this JavaScript code, cookies can then be stored on your device and various information from your device and from cookies stored there can be read out.

In this way, we can pseudonymously recognize website visitors and the devices they use. Visitors who have their own user account on the Meta Social Media Platform can also be identified by Meta as visitors to our websites across devices.

In addition, the "Meta Pixel" allows us to track and evaluate your interests based on the websites you visit and your interactions with our websites.

The information read out via the "Meta Pixel" includes, in particular,

• Information contained in the so-called HTTP header in your device's browser when a website is accessed, in particular usage data such as IP address, information about the web browser used, the page location, the files retrieved, the referral link indicating from which page you arrived at ours,
• Characteristics of the device you use when accessing our websites,
• Any cookies already present in your device's browser that have been set by Meta services, e.g., marketing cookies "_fbp" and "fr",
• Button click data, i.e., data on which buttons on the websites were clicked by visitors, the labels of these buttons, and all pages visited as a result of the button clicks; this includes, for example, clicking buttons in web forms for product inquiries or demonstrations, for downloading documents, or for booking appointments. 

From this information, Meta creates statistics for us within the "Meta Conversion Tracking" in the "Meta Ads Ad Manager", from which we can see how many users reacted to our ads displayed on the Meta Social Media Platforms and in what way. The conversion of an ad into an action by the website visitor is called a conversion. Based on these statistics, we can optimize the effectiveness of our advertising and manage our advertising strategy.

Furthermore, we use the information collected via the "Meta Pixel" on our websites to create so-called "Meta Custom Audiences" (custom audiences) in the "Meta Ads Ad Manager" and to display targeted advertising for them on the Meta Social Media Platform. For example, we can display ads on the platforms to website visitors who have previously shown interest in our products, services, or promotions and visited our websites within a certain period. This type of targeted advertising is called retargeting.

Legal basis for data processing

The legal basis for integrating and using the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to reopen "Usercentrics" and change your settings.

Recipients

When using the service, data collected via our websites is transmitted to the following recipients:

• Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland,
• Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

We generally have no influence over further data processing by the third-party provider.

Further information on how Meta handles personal data can be found at https://de-de.facebook.com/privacy/policy.

Data processing in third countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework and thus commits to adhering to adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without informing you or allowing you to seek legal recourse.

To ensure an adequate level of data protection when transferring your data to a third country, the European Commission's Standard Contractual Clauses are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These clauses oblige the data recipient to process the data in line with European protection standards.

If the standard data protection clauses are insufficient to guarantee the required level of protection, additional technical, contractual, or organizational measures are implemented to secure data transfers. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or if further supplementary measures may be necessary.

Storage period

By integrating these services on our websites, data is transmitted to the aforementioned recipients and stored there for a period of 24 months.

Microsoft Advertising (Bing Ads)

On our websites, we integrate the service "Microsoft Advertising (Bing Ads)" from Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Description of data processing and purpose

We use this service on our websites to measure the success of our advertisements placed via Microsoft Advertising (Bing Ads). To do this, we track how website visitors interact with the ads and their subsequent use of our websites. This involves tracking the conversion of an advertisement into a website visitor's action (conversion tracking) with the goal of managing and optimizing our online marketing efforts.

If an ad placed by us via "Microsoft Advertising (Bing Ads)" is displayed to you on other websites, or if you click on such an ad, these other websites will store a tracking cookie with a pseudonym assigned to us on your device, based on your consent provided there. If you subsequently visit our websites within the cookie's storage period, this cookie will be read.

Additionally, when you visit our websites, other pseudonymous cookies are stored on your device to track your page views and interactions with our websites.

This allows Microsoft to determine for us whether an advertisement we placed was displayed to you, if you clicked on it and subsequently visited our websites, and how you may have used our websites afterwards.

Specifically, when using Microsoft Advertising (Bing Ads), the following types of data are collected and processed:

• Website visit data
  • IP address
  • Timestamp
  • Time zone
• Data of the device used to access the website
  • Device hardware features
  • Information about the operating system
  • Information about the web browser used
  • Device language settings
  • Pseudonymous device identifier
• Data about the displayed advertisement
  • Data about the website where the ad was displayed
  • Website visitor's click on the ad
• Data on user behavior on our websites
  • Visited web pages
  • Duration and number of visits
  • Mouse movements
  • Click path
  • Successful implementation of the website visitor's defined target action (Conversion)

From this information, Microsoft generates statistics for us, which allow us to see how many users have reacted to our advertisements and in what way. Based on these statistics, we can optimize the effectiveness of our advertising campaigns and manage our advertising strategy.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on § 25 para. 1 TDDDG. The subsequent data processing is based on Art. 6 para. 1 sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, an adequacy decision of the EU Commission exists pursuant to Art. 45 para. 1 GDPR in relation to companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure data transmission. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Recipients

In the context of using the service, data collected via our website is transmitted to the following recipients

• Microsoft Ireland Operations, Ltd, One Microsoft Place, South Country Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
• Microsoft Corporation, One Microsoft Way, Redmond, WA 94043, USA

We generally have no influence over further data processing by the third-party provider.

Further information on how Microsoft handles personal data can be found at https://privacy.microsoft.com/de-de/privacystatement.

Storage duration

By integrating the service on our websites, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes.

LinkedIn advertising services and features: LinkedIn Ads & Analytics, LinkedIn Conversion Tracking and Retargeting (Insight Tag), LinkedIn Ads & Analytics

On our websites, we integrate LinkedIn advertising services and features from LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA.

In the European Union (EU) and the European Economic Area (EEA), "LinkedIn Conversion Tracking" is offered as a service by LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland, .

Description of data processing and purpose

If an advertisement placed by us via LinkedIn is displayed to you on other websites or you click on it, these other websites will store a "LinkedIn Conversion-Tracking" cookie with a pseudonym assigned to us on your device, based on your consent given there.

If you subsequently visit our websites within the storage period of this cookie, this cookie and your usage data will be read out on our websites using a pixel and JavaScript code (so-called "LinkedIn Insight Tag"). The following data is processed:

• the name and address of the requested content,
• the date and time of the request,
• the description of the web browser and operating system used, including information on the language used,
• the referrer address, which indicates from which websites you reached ours,
• the IP address of the requesting computer,
• Your interactions with our websites (e.g., clicked content and events, form submissions, frequency of response).
• IP addresses of website visitors are by LinkedIn truncated so that personal identification is no longer possible.

If website visitors are also LinkedIn members, their user ID is also processed. IP addresses of members are not truncated but hashed to enable cross-device tracking. In addition to the user ID, demographic data such as job title, company, and industry of the member are also processed.

In this way, LinkedIn can determine that an advertisement placed by us was shown to you, or that you clicked on it and subsequently visited our websites, and possibly how you then used our websites.

The conversion of an advertisement into an action by the website visitor is called a conversion. From this information, "LinkedIn Ads & Analytics" creates statistics for us, from which we can see how many users reacted to our advertisements and in what way.

Based on these statistics, we can optimize the effectiveness of our advertising and manage our advertising strategy. In particular, LinkedIn Ads allows us to create target audiences for "LinkedIn Retargeting" (audience-oriented advertising) based on this data and to address them via LinkedIn advertisements.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Recipient

When using the service, data collected via our websites is transmitted to the following recipients:

• LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland,
• LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA.

We generally have no influence on further data processing by the third-party provider.

Further information on how the provider handles personal data can be found at https://www.linkedin.com/legal/privacy-policy.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 Para. 1 GDPR concerning companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

LinkedIn Corporation is certified under the EU-U.S. Data Privacy Framework and thus commits to adhering to adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses of the European Commission are concluded in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Duration

By integrating the services on our websites, data is transmitted to and stored by the recipients mentioned above. IP addresses of website visitors are truncated by LinkedIn so that personal identification is no longer possible. For LinkedIn members, IP addresses are not truncated but hashed to enable cross-device tracking. Direct member identifiers are removed within seven days to pseudonymize the data. These remaining pseudonymized data are then deleted within 90 days.

No further storage of the data processed by the service and provided to us takes place in our own systems.

Microsoft Clarity

On our websites, we integrate the service “Microsoft Clarity” from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Within the European Union (EU) and the European Economic Area (EEA), the service is offered by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Description of Data Processing and Purpose

We use this service to better understand, analyze, and evaluate the origin and type of our website visitors and how they interact with our websites.

The service provides statistical evaluations of specific individual values (e.g., pages visited per session, scroll depth, visitor time spent, origin, type of device used), heatmaps (graphical highlighting of user clicks on individual web pages), and session recordings (playable recordings of individual users' interactions with our websites during a visit).

Cookies and similar technologies, particularly JavaScript, are used to store and read data on your device. Further details can be found above under "Data Processing in Connection with Cookies and Similar Technologies".

Based on the results obtained, we try to

• to understand the origin of our website visitors,
• to identify errors in the structure and design of the websites or insufficient compatibility with certain devices, browsers, or operating systems,
• to understand obstacles visitors face when using our websites and
• to determine the effectiveness of online advertising campaigns.

This allows us to understand how we can adapt and optimize our websites to meet existing demand and to manage our online advertising campaigns more effectively.

For these purposes, the service collects various information about website visits, the devices used, and user interactions with our websites, based on a pseudonym.

Specifically, the service processes the following types of data:

• User pseudonym (Clarity User ID).
• Website visit data
  • IP address of the requesting device
  • Time of request
  • Number of visits
  • Time spent
  • Referring third-party websites
  • Pages visited
  • User's country of origin
• Device data
  • Type of device (PC, tablet, mobile device, other)
  • Screen resolution
  • Operating system
  • Web browser
• Interactions with the website
  • Mouse movements
  • Click behavior
  • Scrolling behavior
  • Entered text
  • Selected text
  • Clicked text
• Potentially custom interactions and events
• Recording of the entire website visit (Session Recording)

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on § 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with future effect. To revoke your consent, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Recipients

When using the service, the data collected via our websites will be transmitted to the following recipients:

• Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
• Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

We generally have no influence on further data processing by the third-party provider.

Further information on how the service provider handles personal data can be found at https://privacy.microsoft.com/de-de/privacystatement.

Data processing in third countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR exists for companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage period

By integrating the service on our websites, data is transmitted to the aforementioned recipients and stored there for a period of 13 months. Playable session recordings are deleted after 30 days. Further storage of the data processed by the service and provided to us in our own systems does not take place.

Dealfront Leadfeeder

On our websites, we integrate the "Leadfeeder" service from Dealfront Group GmbH Durlacher Allee 73, 76131 Karlsruhe, Germany.

Description of data processing and purpose

We use the service on our websites to find out which companies have visited our websites and how visitors have used our content.

When using the service, the following data is processed via cookies and similar technologies:

• IP address
• MAC address
• Time and date of visit
• Source (previously visited website) and medium (device data, especially browser, operating system, and language)
• Number of pages visited
• Visited pages (title, URL, and length of page visit)
• Visitor ID number
• Total duration of the visit
• Information on the visitor's location (domain and geolocation)
• viewed videos and downloaded files
• Use of website forms
• Name, origin, and industry of the visiting company

Leadfeeder identifies companies based on IP addresses using its own IP address database. The provider automatically filters out all users who visit our websites via private IP addresses and providers.

Using "Leadfeeder", we are able to categorize, analyze, and evaluate prospects based on their company type, their use of our websites, and their interests into segments and target groups, with the aim of identifying promising prospects.

Furthermore, the service provider provides us with a database containing contact details of relevant contacts in companies, enabling us to easily and quickly get in touch with potential customers by phone. The data for this comes from publicly accessible sources and databases.

The service also allows us to connect our other marketing systems and our customer and prospect data management software via interfaces, thereby supplementing existing information on customers and prospects.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with future effect. To withdraw your consent, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Recipients

When using the service, data collected via our website is transmitted to the following recipients:

• Dealfront Group GmbH Durlacher Allee 73, 76131 Karlsruhe, Germany

Storage period

By integrating the services on our websites, data is transmitted to the aforementioned recipients and processed there for as long as necessary to achieve the stated purposes.

Further storage of the data processed by the service and provided to us in our own systems takes place as long as this is necessary for the fulfillment of other purposes mentioned in this declaration.

YouTube and YouTube Images

On our websites, we embed videos via YouTube, a social media platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of data processing and purpose

Since embedded videos are reloaded from the servers of the social media platform "YouTube" when a page is accessed, the usage data technically required for page access is also transmitted. In this respect, Google also receives your IP address, which is technically necessary for retrieving the content.

We have integrated the service on our websites in a data-minimizing "No Cookie Mode" to prevent the setting and reading of cookies for collecting information on user behavior, linking with user profiles, creating video statistics, improving user-friendliness, and preventing abusive actions by the provider. However, to prevent the setting and reading of such cookies, a cookie is itself stored in the memory of your device in "No Cookie Mode".

Details on the cookies and similar technologies used can be found above under "Data processing in connection with cookies and similar technologies" as well as via the information you can access through our consent management platform "Usercentrics".

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. Subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Recipients

When using the services, data collected via our websites is transmitted to the following recipients:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence over further data processing by the third-party provider.

For more information on how Google handles personal data, please visit https://policies.google.com/privacy?hl=de.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission exists pursuant to Art. 45 para. 1 GDPR concerning companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed via the following link: Participant Search (dataprivacyframework.gov).

When transferring your data to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to exercise legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Duration

By integrating the services on our websites, data is transmitted to the aforementioned recipients and processed there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us takes place in our own systems.

Google Photos

On our websites, we integrate the service "Google Photos" from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the services are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of Data Processing and Purpose

Google Photos allows us to integrate and display image galleries on our website. Images are loaded via a server request, typically from a Google server in the USA. This transmits to the server which page of our website you have visited. Google also stores the IP address of the visitor's device browser.

We use Google Photos for optimization purposes, particularly to improve your experience on our website and to make its design more user-friendly.

Legal Basis for Data Processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked at any time with future effect. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to access "Usercentrics" again and change your settings.

Recipients

As part of using the service, the data collected via our websites is transmitted to the following recipients:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence over further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures will be taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Period

By integrating these services on our websites, data is transmitted to the aforementioned recipients and processed there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us takes place in our own systems.

Google Fonts

On our websites, we embed Google Fonts web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Within the European Union (EU) and the European Economic Area (EEA), the services are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of Data Processing and Purpose

Google Fonts allows us to use web fonts. To do this, when you access our website, the necessary Google Fonts are loaded from your web browser into your browser cache. This is necessary so that your browser can display our texts with an improved visual presentation. If your browser does not support this function, a standard font from your computer will be used for display.

Since Google Fonts are provided by Google and reloaded from its servers when a page is accessed, the usage data technically required for the page view is also transmitted. Google also receives your IP address, which is technically necessary for retrieving the content.

We use Google Fonts for optimization purposes, specifically to enhance your experience on our website and to make its design more user-friendly.

Legal Basis for Data Processing

The legal basis for integrating and using the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 S. 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with future effect. To revoke your consent, please use the "Cookie Settings" link at the bottom of the website to reopen "Usercentrics" and adjust your preferences.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence on further data processing by the third-party provider.

Further information on how Google handles personal data can be found at https://policies.google.com/privacy?hl=de.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission exists pursuant to Art. 45 Para. 1 GDPR concerning companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to adhering to adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without informing you or allowing you to exercise legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the data recipient to process the data in line with European protection standards.

If the standard data protection clauses are insufficient to ensure the required level of protection, additional technical, contractual, or organizational measures are implemented to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to guarantee an adequate level of data protection or if further supplementary measures may be necessary.

Data Retention Period

By integrating the services on our websites, data is transmitted to the recipients mentioned above and processed there for as long as necessary to achieve the stated purposes. No further storage of the data processed by the service and provided to us takes place in our own systems.

Contact Form and General Inquiries via Email

Description of Data Processing and Purpose

If you send us inquiries via the contact form or email, your details from the inquiry form or your email, including the personal data you provided there, will be stored by us for processing the inquiry and for follow-up questions.

Providing an email address is required for contact; providing your first and last name and your phone number is voluntary. We will never disclose this data without your consent.

Legal Basis for Data Processing

The legal basis for processing your data is your and our legitimate interest in responding to your request pursuant to Art. 6 (1) sentence 1 lit. f GDPR, as well as, if applicable, Art. 6 (1) sentence 1 lit. b GDPR, if your inquiry aims at concluding a contract.

Recipients

Within our company, we only disclose your personal data to departments and individuals who require this data to fulfill contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to affiliated companies insofar as this is permissible within the scope of the purposes and legal bases set out in this privacy policy.

Your personal data is processed on our behalf based on data processing agreements pursuant to Art. 28 GDPR. In these cases, we ensure that the processing of personal data complies with the provisions of the GDPR. In this case, the categories of recipients are internet service providers as well as providers of customer management systems and software.

Otherwise, data will only be transferred to recipients outside the company if legal provisions permit or require it, if the transfer is necessary for processing and thus for fulfilling the contract or, upon your request, for carrying out pre-contractual measures, if we have your consent, or if we are authorized to provide information.

Under these conditions, recipients of personal data may include, for example:

• External Tax Advisor
• Public bodies and institutions (e.g., public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
• Recipients to whom the disclosure is directly necessary for the establishment or fulfillment of a contract,
• Other data recipients, provided you have given us your consent for data transfer.

Data Processing in Third Countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission exists pursuant to Art. 45 (1) GDPR regarding companies certified under the EU-U.S. Data Privacy Framework.

The recipient is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to exercise legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage duration

Your data will be deleted after your request has been fully processed, as soon as no further follow-up is expected and provided that no statutory retention obligations prevent deletion.

Web forms for collecting advertising data, HubSpot

On our websites, we collect personal data via various web forms for the purpose of contacting you for promotional purposes and to promote the sale of our products, goods, or services through direct marketing.

These can be forms

• for signing up for newsletters, webinars or events,
• for booking consultation or product demo appointments or
• for downloading whitepapers and other documents
• concern.

For data collection, we integrate forms from the lead data and marketing platform HubSpot on our websites.

Further information on the processing of your data for advertising purposes and regarding HubSpot can be found in the following section of this privacy policy.

Data protection information for customers and other contractual or business partners as well as interested parties

Contract establishment, execution, fulfillment, and for carrying out pre-contractual measures in general

Description of data processing and its purpose

We process your personal data insofar as it is necessary for the establishment, execution, and fulfillment of a contract, as well as for carrying out pre-contractual measures.

We only process data that is related to the establishment of a contract or pre-contractual measures. This may include general data about you or individuals within your company (name, address, contact details, etc.), as well as any other data you provide to us during the contract formation process.

Legal basis for data processing

Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of pre-contractual measures, processing is lawful according to Art. 6 para. 1 sentence 1 lit. b GDPR.

Sources

We process personal data that we receive from you by post, telephone, or email via forms on our website or through one of our social media profiles, in the context of establishing contact, initiating a contractual relationship, or during pre-contractual measures.

Recipients

Within our company, we only disclose your personal data to departments and individuals who require this data to fulfill contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to affiliated companies, insofar as this is permissible within the scope of the purposes and legal bases set out in this privacy policy.

Your personal data will be processed on our behalf based on data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data complies with the provisions of the GDPR. The categories of recipients in this case are internet service providers and providers of customer management systems and software.

Otherwise, data will only be transferred to recipients outside the company if legal provisions permit or require it, if the transfer is necessary for processing and thus fulfilling the contract or, upon your request, for carrying out pre-contractual measures, if we have your consent, or if we are authorized to provide information.

Under these conditions, recipients of personal data may include:

• External Tax Advisor
• Public bodies and institutions (e.g., public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
• Recipients to whom the disclosure is directly necessary for the establishment or fulfillment of a contract,
• Other data recipients, provided you have given us your consent for data transfer.

Storage Period

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes, among other things, the initiation and execution of a contract.

Furthermore, we are subject to various retention and documentation obligations arising, among other things, from the German Commercial Code (HGB) and the Fiscal Code (AO). The prescribed retention and documentation periods range from two to ten years.

Finally, the storage period is also determined by statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

Necessity of Providing Personal Data

Providing personal data for the purpose of deciding on a contract, fulfilling a contract, or carrying out pre-contractual measures is voluntary. However, we can only make a decision regarding contractual measures if you provide the personal data necessary for concluding the contract, fulfilling the contract, or for pre-contractual measures.

Booking Demo Appointments with Demodesk

You can use our websites to book an appointment for a non-binding discussion and a product demo.

For this purpose, we use the service "Demodesk Scheduling" from Demodesk GmbH, Franz-Joseph Street 9, 80801, Munich, Germany.

Description of data processing and purpose

We use Demodesk Scheduling to enable interested parties to book appointments automatically. Demodesk uses cookies for this purpose.

In addition to the preferred appointment date and company name, the following personal data is also processed by Demodesk:

• First and last name
• Email address
• Phone number

Legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the booking person is our contractual partner, or Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as the booking person is a contact person of a contractual partner.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR as well as Art. 6 para. 1 sentence 1 lit. f GDPR.

Our legitimate interest is to arrange a non-binding consultation with you as a potential customer or contact person at a potential customer and, if necessary, carry out further pre-contractual measures.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• Demodesk GmbH, Franz-Joseph Street 9, 80801, Munich, Germany.

You can find more information on how the service processes data here: https://demodesk.com/legal/privacy-policy-platform.

Storage duration

By using the service, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes.

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes.

Otherwise, your data will be deleted as soon as timely telephone contact with you has been made, was unsuccessful, or did not lead to a contract.

Booking Audit Appointments with Microsoft Bookings

For booking online appointments, we use the service "Microsoft Bookings" from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Description of Data Processing and Purpose

When booking an appointment, we process mandatory information (first and last name, email address) of the booking person, as well as optional information such as address, phone number, company name, details regarding the auditing of affiliated companies, and the language of the audit discussion.

We use the service to enable you to book audit and re-audit appointments online and to efficiently manage appointment scheduling and administration.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the booking person is our contractual partner, or Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as the booking person is a contact person of a contractual partner.

Our legitimate interest lies in fulfilling our contractual obligations.

Recipients

When using the service, the data collected via our websites is transferred to the following recipients:

• Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
• Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR exists for companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed via the following link: Participant Search (dataprivacyframework.gov).

When transferring your data to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These clauses oblige the data recipient to process the data in accordance with the European level of protection.

If the standard data protection clauses are insufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage duration

By using the service, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes.

Where necessary, we process and store your personal data for the duration of our business relationship or to fulfill contractual purposes.

Conducting Product Demonstrations with Storylane

On our websites, we integrate the service "Storylane" from Storylane Inc., 2261 Market Street #4813, San Francisco, CA 94114, USA.

Description of Data Processing and Purpose

We use the service to offer an interactive demo of our software on our website. This allows us to provide interested parties with an easy way to get an impression of our software and guide themselves through the demo.

When using the service, personal data is processed to provide the software demo, such as the IP address of the website visitor. Within the software demo, you can contact us via a corresponding form.

Furthermore, information about the interaction with the software demo and the user, such as the duration of the interaction, region of access, time of access, progress in the demo, and clicking on the contact option, is collected. This data is used to optimize the software demo and measure its success in attracting new prospects and customers.

Legal Basis for Data Processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to access our consent management platform "Usercentrics" again and change your settings.

Recipients

When using the service, the following recipients receive your data:

• Storylane Inc., 2261 Market Street #4813, San Francisco, CA 94114, USA

We generally have no influence on further data processing by the third-party provider.

Further information on how the service provider handles personal data can be found at Privacy Policy - Storylane | Interactive Product Demos

Data Processing in Third Countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

To ensure an adequate level of data protection when transferring your data to a third country, Standard Contractual Clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Retention Period

By integrating the service on our websites, data is transmitted to the aforementioned recipients and stored there for a maximum of 90 days.

Conducting Webinars with GoTo Webinar

To conduct our webinars, we use the GoTo Webinar service from GoTo Technologies Ireland Unlimited Company, 77 Sir John Rogerson's Quay, Block C, Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland.

Description of Data Processing and Purpose

When using the service, the data you enter during participation, as well as data related to establishing the connection (session duration, established connections, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers, and, if applicable, diagnostic data for troubleshooting issues in providing the webinars) are processed.

We use the service to conduct our webinars and enable your participation.

Legal Basis for Data Processing

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the participating person is our contractual partner, or Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as the participating person is a contact person of a customer or contractual partner. Our legitimate interest lies in the fulfillment of our contractual services.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• GoTo Technologies Ireland Unlimited Company, 77 Sir John Rogerson's Quay, Block C,Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland.

Retention Period

By using the service, data is transmitted to the aforementioned recipients and stored there for as long as necessary to achieve the stated purposes.

Where necessary, we process and store your personal data for the duration of our business relationship or to fulfill contractual purposes.

Data Processing for Marketing Purposes

We process your personal data to contact you by post, phone, and email for direct marketing purposes, as well as to analyze prospect data, conduct market research, and carry out customer satisfaction surveys.

Data Collection

Web Forms for Collecting Marketing Data

On our websites, we collect personal data via various web forms for the purpose of contacting you for promotional purposes to promote the sale of our products, goods, or services through direct marketing.

These may be forms

• for registering for newsletters, webinars, or events,
• for booking product demonstrations, or
• for downloading whitepapers and other documents,

act.

Further information on the scope of data processing, purposes, legal bases, recipients, and storage duration of the collected data can be found in the following sections.

Trade Fair Forms for Collecting Marketing Data

Description of Data Processing

At trade fairs, we may collect personal data via analog or digital forms for the purpose of contacting you for promotional purposes to promote the sale of our products, goods, or services through direct marketing.

Further information on the scope of data processing, purposes, legal bases, recipients, and storage duration of the collected data can be found in the following sections.

Email Marketing

Existing Customer Marketing

Description of Data Processing and Purpose

We process your personal data (salutation, first name, last name, business email address for business contacts or private email address for consumers) that we receive in connection with a contract, for the purpose and in our legitimate interest of sending you or your company personalized direct marketing as an existing customer for similar products, goods, and services related to the previous contract.

Legal Basis for Data Processing

The legal basis for this processing is Article 6(1)(f) GDPR. Since we comply with the requirements of the exemption rule in Section 7 (3) UWG and, for the purpose of achieving our goal, exclusively process personal data related to your professional activity, there are no overriding interests on your part that would conflict with our interest in data processing, provided you have not yet objected to the processing.

You can object to data processing at any time with future effect, without incurring any costs other than the transmission costs at the basic rates. To exercise your right to object, please use the unsubscribe link in our promotional emails or contact info@proliance.ai.

Recipients

As part of data processing, your data will be transferred to the following recipients:

• HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland,
• HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.

Data Processing in Third Countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can also be viewed at the following link: Data protection adequacy for non-EU countries.

HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to seek legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are concluded. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures will be taken to secure the data transfer. Furthermore, it will be regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Duration

We store your data for as long as it is necessary to achieve the aforementioned purpose or as long as you have not objected to the data processing. Subsequently, we will delete your data, unless data processing is still permissible or mandatory for us based on another legal basis (e.g., in the case of statutory retention obligations).

Consent to Receive Promotional Emails and Newsletters, Email Tracking

Description of Data Processing and Purpose

Furthermore, we process your personal data (salutation, first name, last name, business email address for business contacts) for the purpose of sending you or your company personalized promotional messages via email or our email newsletter and informing you about our products, goods, services, and offers, only if you have given us your explicit consent separately for this purpose.

If you give us your consent, you also allow us to process data on whether you have received and opened our marketing emails, the extent to which you have interacted with the content, in particular which links you have clicked, and the extent to which you have read or skimmed our emails (newsletter tracking).

Legal Basis for Data Processing

The legal basis for this processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Your consent is voluntary and can be revoked at any time with effect for the future. The revocation of your consent does not affect the lawfulness of the data processing carried out until then. To exercise your right of revocation, please use the unsubscribe link in our promotional emails or newsletter, or use the contact details provided above under "Controller".

Recipients

As part of the data processing, your data will be transferred to the following recipients:

• HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland,
• HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.

Data Processing in Third Countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, an adequacy decision of the EU Commission exists pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework, which can also be viewed at the following link: .

HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures will be taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage Period

We store your data for as long as it is necessary to achieve the aforementioned purpose or as long as you have not objected to the data processing. Subsequently, we delete your data, unless data processing is still permissible or mandatory for us based on another legal basis (e.g., in the case of existing statutory retention obligations).

Receipt of promotional emails in exchange for permanent access to webinars, whitepapers, guides, checklists, and other templates and samples

Description of Data Processing and Purpose

Furthermore, we process your personal data (salutation, first name, last name, business email address for business contacts) for the purpose of sending you or your company personalized promotional communications via email or our email newsletter and informing you about our products, goods, services, and offers, only if you have given us your explicit consent for this separately.

If you give us your consent, you also allow us to process data on whether you receive our marketing emails and have opened them, the extent to which you have interacted with the content, in particular which links you have clicked, and the extent to which you have read or skimmed our emails (email tracking).

Legal Basis for Data Processing

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as you receive permanent access to our webinars, whitepapers, guides, checklists, and other templates and samples in exchange for the use of your data for promotional communication. The legal basis for email tracking is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can object to data processing for advertising purposes at any time. An objection does not affect the lawfulness of data processing carried out prior to that point. To exercise your right to object, please use the unsubscribe link in our promotional emails or newsletter, or use the contact details provided above under "Controller".

Recipients

As part of the data processing, your data will be transferred to the following recipients:

• HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland,
• HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, an adequacy decision by the EU Commission exists pursuant to Article 45 (1) GDPR concerning companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework and thus commits to complying with adequate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Article 46 (2) lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage duration

We store your data for as long as it is necessary to achieve the aforementioned purpose or until you object to the data processing. Subsequently, we delete your data, unless further data processing is permissible based on another legal basis or is mandatory for us (e.g., in the case of statutory retention obligations).

Telephone marketing activities

Description of data processing and purpose

If you are a business contact, we process your business phone number. If you are a consumer, we process your private phone number for the purpose of contacting you or your company personally by phone and informing you about our products, goods, services, and offers.

Legal basis for data processing for business contacts

For business contacts, the legal basis for processing is Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in promoting the sale of our products, goods, and services through direct marketing.

Given that we adhere to the provisions of the exception rule in Section 7 (3) UWG and, for the purpose of achieving our goal, exclusively process personal data related to your professional activity, no overriding interests on your part that conflict with our interest in data processing are apparent, provided you have not yet objected to the processing.

You can object to data processing at any time with future effect, without incurring any costs other than the transmission costs according to the basic tariffs. To exercise your right to object, please use the contact details provided above under "Controller".

Legal basis for data processing for consumers

For consumers, the legal basis for processing is your consent in accordance with Article 6 (1) sentence 1 lit. a GDPR in conjunction with Section 7a (1) UWG. Your consent is voluntary and can be revoked at any time with future effect. The revocation of your consent does not affect the lawfulness of processing carried out prior to the revocation. To exercise your right of revocation, please use the contact details provided above under "Controller".

Storage duration

We store your data for as long as necessary to achieve the aforementioned purpose or until you have objected to the data processing. Subsequently, we delete your data, unless further data processing is permissible based on another legal ground or is mandatory for us (e.g., in the case of statutory retention obligations).

Statistical evaluation and analysis of customer and prospect data, market research, and customer satisfaction surveys

Description of data processing and purpose

We process data collected from you as a prospect (e.g., via forms on our website) and, where applicable, data collected from you as a customer or an employee of a customer (in the context of pre-contractual measures or contract fulfillment). This processing aims to identify which of our products and services prospects and customers are interested in, how we can potentially improve them, and how we can optimize our advertising. To enable more targeted advertising for prospects, we create target groups from this data. Your information from customer satisfaction surveys conducted by us may also be included in this analysis and evaluation.

For this purpose, we may collect your information and data regarding

• your company (e.g., size, industry)
• your position in the company,
• your country,
• your areas of interest or product categories,
• as well as the referral source, i.e., information on how you became aware of our company.

Legal Basis for Data Processing

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interests lie in further developing our products and services based on market requirements, as well as better understanding the needs and interests of our customers and potential customers, and on this basis, enabling target group-oriented direct advertising.

Retention Period

We store your data for as long as necessary to achieve the aforementioned purpose or until you have objected to the data processing. Subsequently, we delete your data, unless further data processing is permissible based on another legal ground or is mandatory for us (e.g., in the case of statutory retention obligations).

HubSpot Prospect Data and Marketing Platform

On our websites, we integrate the service "HubSpot" from HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland.

Description of data processing and purpose

The platform enables us

• the management of prospect and customer data,
• the analysis and evaluation of interactions with our websites,
• the creation, analysis, and evaluation of interactions with our social media presence, as well as for establishing contact and managing communications via social media,
• the execution and analysis of email marketing campaigns, as well as
• where applicable, the creation, enrichment, and evaluation of profiles of potential prospects,

with the goal of acquiring new prospects for our products and services, specifically targeting acquired prospects and existing customers with advertising, and optimizing our marketing strategy, especially in online and email marketing, through evaluations and analyses.

Cookies and similar technologies, especially JavaScript, are also used to store and retrieve data on your device. Details on the cookies and similar technologies used can be found above under "Access to and Storage of Information on End Devices" and "Cookies and Similar Technologies," as well as in our Cookie Policy, which you can access via our "Usercentrics" consent management platform.

We use "HubSpot" for managing prospect and customer data.

For this purpose, we process personal data you provide via forms and chat on our websites (salutation, first name, last name, contact details such as email address and phone number, and where applicable, information about your company), details about which of our products you are interested in, and any other information you voluntarily provide. Additionally, we use the platform to manage our customer contacts, including the aforementioned data of our customer contact persons.

We use "HubSpot" for the analysis and evaluation of website visits.

We monitor and analyze the behavior of website visitors and their use of our websites. This allows us to pseudonymously identify and count returning visitors. We process data on how a visitor reached our websites (e.g., via web search, direct page access, social media pages, redirects from other websites, and potentially via marketing emails or other advertising campaigns), the number of visits, the duration of a stay, and how many individual pages were viewed.

Furthermore, we also process additional data regarding your interactions and behavior on our website (e.g., filling out forms, downloading documents, playing media, etc.).

We use this data to generate statistics to improve the appeal of our website, optimize the effectiveness of our marketing measures, and guide our advertising strategy.

We use HubSpot to analyze and evaluate interactions with our social media presence, as well as to establish contact and manage communications via the social media platform.

We publish posts and, where applicable, newsletters on our social media channels, such as LinkedIn, via HubSpot and analyze visitor interactions (e.g., sharing or liking posts, user interaction with newsletters, specifically the extent of content interaction, which links were clicked, and how much of the newsletter was read or skimmed). We use this data to generate statistics to enhance the appeal of our social media presence, optimize the effectiveness of our marketing efforts, and guide our advertising strategy.

We use "HubSpot" to communicate with you on our website via our chat function and to answer your inquiries.

In the course of responding to your inquiry, we process personal data you provide (salutation, first name, last name, contact details such as email address and phone number, and where applicable, information about your company), details about which of our products you are interested in, and any other information you voluntarily provide.

We also use "HubSpot" for the preparation and execution of email marketing, and potentially for email tracking.

If you give us separate consent on our website, we also use your email address to contact you via marketing emails and to inform you, through direct marketing, about our products and services, current events, promotions, and offers, tailored to your interests.

If you also give us separate consent, you permit us to process data regarding whether you receive and open our marketing emails, which email client software you use, the extent of your interaction with the content, specifically which links you clicked, and how much of our emails you read or skimmed. We use this data to generate statistics to improve the appeal of our marketing emails, optimize the effectiveness of our marketing measures, and guide our advertising strategy.

After your email address has been submitted via a form or chat on our website, you will receive an email from us with a link asking you to confirm your email address and thus subscribe to promotional emails. This way, we want to ensure that only authorized individuals subscribe to our promotional emails.

We use "HubSpot" for the creation, enrichment, and evaluation of prospect profiles.

We combine the data processed via the platform into a personalized profile, enrich it with data from other sources if necessary, evaluate it in the profile using score values, and conduct analyses to infer which of our products and services, current events, promotions, and offers you are interested in, which customer segment you can be assigned to, and with what probability your interest in our products and services would lead to a contract conclusion.

For this purpose, we process the following data:

• regarding your person (salutation, first name, last name, contact details such as email address and phone number, and, if applicable, data about your company),
• regarding your use, interactions, and behavior on our website (e.g., page views, form submissions, document downloads, media playback, etc.),
• regarding your use of our marketing emails (receipt and opening, email client software used, click data, read rate),
• regarding your interactions with our social media presences.

In this way, we optimize our marketing measures and manage our advertising strategy to reach you in the most targeted way possible.

Legal bases for data processing

The legal basis for using the platform to manage prospect and customer data is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in effectively managing the contact data of potential prospects and customers and also using it for further data processing enabled by the platform.

The legal basis for integrating and using the platform on our websites for the analysis and evaluation of interactions with the website is your consent, provided you have given it via our consent management platform "Usercentrics".

The use of cookies and similar technologies takes place on the basis of Section 25 (1) TTDSG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie Settings" link at the bottom of the website to reopen "Usercentrics" and change your settings.

The legal basis for the analysis and evaluation of interactions with our social media presences is your consent according to Art. 6 (1) sentence 1 lit. a GDPR, insofar as you have given it via the social media provider.

Your consent is voluntary and can be freely revoked at any time with effect for the future. You can find out how to exercise your right of revocation in the privacy policy of the respective social media provider. Furthermore, regarding the data processed exclusively by us, you can exercise your right to object by contacting the data controller using the contact details provided above.

The legal bases for contacting and handling communication via social media are your consent according to Art. 6 (1) sentence 1 lit. a GDPR, insofar as you have given it via the social media provider. The legal basis for handling inquiries via our social media presences is Art. 6 (1) sentence 1 lit. f GDPR, as well as Art. 6 (1) sentence 1 lit. a GDPR insofar as you voluntarily provide us with information in correspondence. Our legitimate interest lies in being able to effectively answer your inquiry via the social media channel.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your right of revocation regarding the processing of data voluntarily provided in correspondence, please contact the data controller using the contact details provided above.

The legal basis for processing your data in the context of conducting email marketing and email tracking, including the evaluation of target groups and the analysis of the success of our email campaigns, as well as, where applicable, the legal basis for creating and evaluating prospect profiles, is also your consent, Art. 6 (1) sentence 1 lit. a GDPR, which is, however, obtained separately, e.g., through forms. If your data is used for advertising purposes in exchange for permanent access to our webinars, whitepapers, guides, checklists, and other templates and samples, the legal basis is Art. 6 (1) sentence 1 lit. b GDPR.

The use of cookies and similar technologies also takes place here on the basis of Section 25 (1) TTDSG. The subsequent data processing is based on Art. 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your right of revocation regarding data processing in the context of email marketing and email tracking, please use the unsubscribe link in our marketing emails or contact the data controller using the contact details provided above.

The legal basis for processing your data in the context of email marketing and email tracking, as well as the creation, enrichment, and evaluation of prospect profiles, is also your consent, which, however, is obtained separately, e.g., through forms.

The use of cookies and similar technologies also takes place here on the basis of § 25 Para. 1 TTDSG. The subsequent data processing is based on Art. 6 Para. 1 S. 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your right of revocation regarding the implementation of email marketing and email tracking, as well as the creation, enrichment, and evaluation of prospect profiles, please contact the data controller using the contact details provided above.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

• HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland,
• HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.

Further information on how the service provider handles personal data can be found at https://legal.hubspot.com/de/privacy-policy.

Data processing in third countries

When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 Para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can also be viewed at the following link: Data protection adequacy for non-EU countries.

HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to exercise legal remedies.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures will be taken to secure the data transfer. Furthermore, it will be regularly reviewed and assessed whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Storage duration

Unless otherwise specified, we store your data to the extent necessary for as long as required to achieve the aforementioned purposes. Subsequently, we delete your data, unless further data processing, possibly in other systems, is permissible for other purposes based on a different legal basis or is mandatory for us (e.g., in the case of statutory retention or documentation obligations).

Data protection information for applicants

Data processing in the application process

Description of data processing and purpose

We process your personal data insofar as this is necessary for the decision on establishing an employment relationship with us.

We only process data that is related to your application. This may include general personal data (name, address, contact details, etc.), information on your professional qualifications and schooling, information on professional development, and possibly other data that you submit to us in connection with your application.

If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of rights and obligations of the employee representation arising from a law or a collective agreement, a works or service agreement (collective agreement).

Legal Basis for Data Processing

The legal basis for this is Art. 88 GDPR in conjunction with Section 26 (1) BDSG or Art. 6 (1) sentence 1 lit. b GDPR for the purposes of the employment relationship, if this is necessary for the decision on establishing an employment relationship.

If you give us explicit consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent according to Section 26 (2) BDSG, Art. 6 (1) sentence 1 lit. a GDPR. Any given consent can be revoked at any time with effect for the future.

The legal basis for further processing for the purpose of establishing or terminating an employment relationship is Art. 88 GDPR in conjunction with Section 26 (1) BDSG or Art. 6 (1) sentence 1 lit. b GDPR.

Source

We process personal data that we receive from you during initial contact or your application via the upload function of our career portal, by post or email, or that you submit to us through job portals and professional networks of your choice.

Recipients

Within our company, we only disclose your personal data to departments and individuals who require this data to fulfill contractual and legal obligations or to pursue our legitimate interests.

We may transfer your personal data to affiliated companies, insofar as this is permissible within the scope of the purposes and legal bases set out in this privacy policy.

Your personal data may be processed on our behalf based on data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data complies with the provisions of the GDPR.

In this case, the categories of recipients are internet service providers and providers of applicant management systems and software.

In the course of data processing, your data will be transferred in particular to the following recipients:

• Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Otherwise, data will only be transferred to recipients outside the company if permitted or required by law, if the transfer is necessary to fulfill legal obligations, or if we have your consent.

Data Processing in Third Countries

A transfer to a third country is not intended.

Storage Duration

We store your personal data for as long as necessary to make a decision about your application. Your personal data and application documents will be deleted no later than six months after the application process concludes (e.g., the announcement of a rejection decision), unless longer storage is legally required or permissible.

Furthermore, we only store your personal data to the extent legally required or, in specific cases, necessary for the assertion, exercise, or defense of legal claims for the duration of a legal dispute.

If you have consented to a longer storage period for your personal data, we will store it in accordance with your declaration of consent.

If an employment, training, or internship relationship is established following the application process, your data will, where necessary and permissible, initially continue to be stored and subsequently transferred to your personnel file.

Following the application process, you may receive an invitation to join our talent pool. This allows us to consider you for suitable future vacancies during our applicant selection. If we have your consent, we will store your application data in our talent pool in accordance with your consent or any future consents.

Necessity of providing personal data

Providing your personal data during the application process is voluntary. However, we can only make a decision regarding or establish an employment relationship with you if you provide the personal data required for the application.

provided data in our own systems does not occur.

Processing of applicant data via online forms

For collecting applicant data via online forms, we use the HR and applicant management software Personio from Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Description of data processing and purpose

Personio allows us to store and manage applicant data we receive. If you submit your application data to us via the application form on our website, the information entered in the input fields will be transmitted to and stored by Personio. Personio does not perform any automatic data processing. Processing only occurs when you use our application form.

As part of your application, the service provider may process the following data, specifically:

• First name, Last name,
• Phone number,
• Address,
• Email address,
• Salary expectations and start date
• CV,
• Certificates,
• Cover letter,
• Other uploaded attachments.

We use Personio exclusively for processing your application.

Legal Basis for Data Processing

Insofar as we use cookies and similar technologies in connection with the integration of the service, or insofar as data is stored on or read from your terminal device by the service, this is done in accordance with § 25 para. 2 TDDDG.

Subsequent data processing takes place for the purpose of initiating a contract or an employment relationship at the request of the data subjects, based on Art. 6 para. 1 sentence 1 lit. b GDPR and § 26 para. 1 sentence 1 BDSG.

Recipients

When using the service, data collected via our websites is transmitted to the following recipients:

• Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Further information on how Personio handles personal data can be found at https://www.personio.de/datenschutzerklaerung/.

Retention Period

By integrating these services on our websites, data is transmitted to the aforementioned recipients and stored there for six months after the application process is completed. If, in individual cases, data processed by the service and provided to us is stored beyond this period in our own systems, it will also be retained for a maximum of six months after the application process is completed.

Data Protection Information for Social Media Profiles

Below you will find information on how your data, collected through your use of our social media profiles on social networks and platforms, is handled.

Social Media Profiles

We maintain profiles, presences, pages, or fan pages on the following social media platforms:

Different Responsibilities and Roles

The specific responsibility or role varies depending on how platform operators and we, as site operators, are involved in processing your personal data.

Therefore, we can either share responsibility with the platform operator, or the platform operator can be solely responsible.

Joint Responsibility with Platform Operators

Joint Controllers

There is joint responsibility between us and the following platform operators:

For the processing of your personal data in connection with your visit to the presence, profile, page, or fan page on the platforms, we, as the page operator, are jointly responsible with the providers of the respective platform, if the platform operators provide aggregated information about visitors to our profiles, presences, pages, or fan pages (e.g., "Insights" or "Analytics").

In the case of joint responsibility, we have concluded agreements with the platform operators in accordance with Art. 26 GDPR regarding joint responsibility for the processing of your personal data (e.g., Page Controller Addendum or Joint Controller Addendum).

This agreement specifies which data processing operations we or the respective platform operator are responsible for. You can view these agreements via the following links:

Further information on data processing by the platform operators can be found in their privacy policies:

Contacting data protection officers of platform operators

You can contact the data protection officers of the platform operators here:

Joint data processing

Access to and storage of information on end devices

When you access our profiles on the aforementioned platforms, cookies and similar technologies are used on your device by the platform operator to store or read data from your device. This access or storage may be associated with further processing of personal data within the meaning of the GDPR.

In cases where such access to information or storage of information is absolutely necessary for the technically flawless provision of services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TDDDG. Subsequent data processing may take place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

In cases where such a process serves other purposes (e.g., the needs-based design of our website), this is done only with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, based on § 25 para. 1 TDDDG. Consent can be revoked at any time for the future. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the use of cookies and similar technologies, as well as their legal bases, can be found in the respective privacy policy of the platform operator. Links to the respective privacy policies can be found above. For further questions, please contact the operator of the respective social media platform directly.

Data processing for advertising and market research purposes

As a rule, personal data on our social media profile is primarily processed for market research and advertising purposes by the platform operator. Insofar as data collection also takes place directly on our social media profile, we participate in the platform operator's data processing and are therefore jointly responsible with them in this respect.

During data processing, cookies and similar technologies are used, which enable the platform operator to recognize you when you visit a social media profile. Furthermore, for members of the social media platform, the platform operator conducts an extensive evaluation of your interactions on the platform (clicks, comments, and likes), as well as processing information you provide to the platform operator, such as your master data, profile picture, or name. In particular, demographic information (age, gender, country, industry, profession, etc.) from your own member profile may also be processed.

User profiles can be created using the collected data. These are then used by the platform operator to display advertisements, both within and outside the platform, that presumably match your interests.

Although we do not have direct access to the data processed by the platform operator, we also benefit from these data processing activities by placing corresponding advertisements within or outside the platforms, based on the target groups identified by the platform operator.

The legal basis for processing your personal data in relation to this is your consent given to the platform operator in accordance with Art. 6 para. 1 lit. a GDPR.

Please note that we have no influence over the data collection and further processing carried out under the responsibility of the platform operators. Consequently, we cannot provide information on the extent, location, and duration for which data is stored by the platform operator.

Further information on this can be found in the data protection information of the respective provider.

Data Processing within "Insights" or "Analytics"

Furthermore, your data is jointly processed under joint responsibility in connection with so-called "Page Insights" or "Page Analytics".

"Page Insights" or "Page Analytics" are analysis functions provided by the platform operator, through which your master data, particularly demographic data, and data on your interactions with our profile are jointly collected by the platform operator and us.

The platform operator then analyzes this data and creates summarized data (so-called aggregated data) for us, from which we can see which demographic target group has visited our profile and how our profile was used by them.

In this respect, we also do not have direct access to the data processed by the platform operator. This data is only provided to us by the platform operator in aggregated form. This means that we cannot identify individual visitors or their interactions from the summarized data.

We then use this aggregated data for target group-specific alignment of our social media profile and generally for its optimization with regard to the aforementioned advertising purposes (increasing the reach and awareness of our profile and evaluating the success of marketing campaigns).

The legal basis for processing your personal data in this regard is your consent given to the platform operator pursuant to Art. 6 para. 1 lit. a GDPR.

Please note that we have no influence over the data collection and further processing carried out under the responsibility of the platform operators. Consequently, we cannot provide information on the extent, location, and duration for which data is stored by the platform operator.

Further information on this can be found in the data protection information of the respective provider.

Data Processing Based on Consent

If you are asked by the respective platform operator for consent to processing for a specific, common purpose, the legal basis for processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. Granted consent can be revoked at any time with future effect.

Recipients and Data Transfer to Third Countries

If we transfer personal data to the operators of social media platforms, the latter are the recipients of the data within the meaning of Art. 4 No. 9 GDPR.

When you visit our social media profiles, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA), specifically in third countries such as the USA.

For data transfers to the USA, an adequacy decision of the EU Commission exists pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework, which can be viewed via the following link: Data protection adequacy for non-EU countries.

When your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to appeal.

To ensure an adequate level of data protection when transferring your data to a third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are insufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to secure the data transfer. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures may need to be taken.

Exercising your rights in cases of joint controllership

Your rights as a data subject

If, as a visitor to the site, you wish to exercise your rights (information, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection or withdrawal), you can contact both the platform operator and us.

Responsibility of the platform operators

If your personal data is processed by one of the social media platform operators listed below, this processing is carried out under the sole responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR.

We have no influence over the data processing carried out by the platform operators. For further information, please check the privacy policy of the respective platform operator:

For exercising your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require assistance, please feel free to contact us at any time.

Our sole responsibility

We are solely responsible for the following data processing activities via our social media profiles.

Data processing by operating the social media profile

When you visit or interact with our social media profile, we process your personal data.

This may include information you actively provide (comments, likes, and publicly available information such as your profile picture or name). Depending on the provider and your settings on the provider's platform, we may also be informed about who has viewed our profile within the platform.

The legal basis for processing personal data when operating our social media profile is Art. 6 para. 1 sentence 1 lit. f GDPR.

The legitimate interest lies in addressing visitors for advertising purposes and in providing an effective communication and interaction opportunity with our company on the social media platform.

Data processing upon contact

We collect personal data ourselves when you contact us, for example, via a contact form or a messenger function of the respective platform.

The data collected depends on the information you provide and the contact details you have given or released. This data is stored by us for the purpose of processing your inquiry and for any follow-up questions.

The legal basis for processing the data is our legitimate interest in responding to your inquiry in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Your data will be deleted after your request has been fully processed, provided there are no legal retention obligations to the contrary. We consider processing to be complete when circumstances indicate that the matter in question has been definitively resolved.

Data processing for contract fulfillment

If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the provision of the desired services.

In this case, the legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. b GDPR.

Your data will be deleted when it is no longer required for the performance of the contract or if it is clear that the pre-contractual measures do not lead to a contract corresponding to the purpose of the initial contact.

Please note, however, that it may also be necessary after the conclusion of the contract to store personal data of our contractual partners in order to comply with contractual or legal obligations.

Data Processing Based on Consent

If you are asked by us for consent to process data for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. Granted consent can be revoked at any time with effect for the future.

Other Data Processing Activities

Documentation of Data Protection Compliance

Description of data processing and purpose

Insofar as you provide us with a declaration of consent, we process your personal data regarding the circumstances and time of its submission (where applicable, signature, email address, telephone or fax number, or IP address) in order to be able to demonstrate, within the scope of our accountability pursuant to Art. 5 para. 2 GDPR, that you have consented to the data processing in question.

Insofar as you exercise your data subject rights under the GDPR with us, we also process your personal data in order to be able to demonstrate, within the scope of our accountability pursuant to Art. 5 para. 2 GDPR, that we have complied with the GDPR when processing your request.

Legal Basis for Data Processing

The processing is carried out in each case on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR or Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to document compliance with the requirements of the GDPR as part of our accountability.

Recipients

In addition, we may forward your personal data in connection with your request to our external operational data protection officer, who supports us in complying with the requirements of the GDPR.

Retention Period

We store your data for as long as it is necessary to achieve the aforementioned purpose. Data relating to a given consent is regularly stored by us for up to 3 years from the end of the year in which we last made use of it. Data that we process in connection with the exercise of data subject rights is regularly stored for a period of 3 years from the end of the year in which you exercised your data subject right.

Subsequently, we delete your data, unless data processing, possibly also in other systems, remains permissible on the basis of another legal ground or is mandatory for us (e.g., in the case of statutory retention obligations).

Compliance with other legal obligations

Description of data processing and purpose

We process personal data insofar as this is necessary for the fulfillment of a legal obligation. The scope of the data to be processed results from the legal obligation that we must comply with.

Legal Basis for Data Processing

In these cases, the legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the respective legal norm that imposes such an obligation on us.

These may include, for example, provisions from the German Tax Code (Abgabenordnung - AO), e.g., § 147 AO, the German Commercial Code (Handelsgesetzbuch - HGB), e.g., § 257 HGB, or the German Code of Criminal Procedure (Strafprozessordnung - StPO).

Recipients

If necessary, your data will be transmitted to tax advisors, auditors, financial or investigative authorities, lawyers, experts, or courts to the extent required.

Storage Duration

We store your data to the extent necessary, as long as this is required to achieve the aforementioned purpose. The storage duration results from specific legal regulations that oblige us to retain or process data for up to 10 years, with the specific start of the retention periods arising from the respective special law.

Subsequently, we delete your data, unless data processing, possibly also in other systems, is still permissible based on another legal basis.

Exercise or Defense of Legal Claims

Description of Data Processing and Purpose

Furthermore, in individual cases, we process your data for the purpose and in the interest of asserting legal claims, for example, to enforce our claims due to unpaid invoices, provided your data is relevant for a legal dispute.

Furthermore, in individual cases, we process your data for the purpose and in the interest of defending against legal claims brought against us, for example, in the assertion of claims for defects, provided your data is relevant for a legal dispute.

Legal Basis for Data Processing

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

Recipients

If necessary, your data will be transmitted to tax advisors, auditors, financial or investigative authorities, lawyers, experts, or courts to the extent required.

Storage Duration

We store your data on a case-by-case basis to the extent necessary, as long as this is required to achieve the aforementioned purpose. Subsequently, we delete your data, unless data processing, possibly also in other systems, is still permissible based on another legal basis or is mandatory for us (e.g., in the case of existing statutory retention obligations).

Your Rights

Below you will find information on the data subject rights granted to you by applicable data protection law vis-à-vis the controller regarding the processing of your personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

The right, pursuant to Art. 16 GDPR, to request the immediate rectification of inaccurate or completion of your personal data stored by us.

The right, pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

The right, pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.

The right, pursuant to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state where our registered office is located, as stated above, or, if applicable, the supervisory authority of your usual place of residence or work.

The right to withdraw consent given pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal ground for processing without consent. The withdrawal of consent does not affect the lawfulness of processing carried out based on the consent until its withdrawal.

Rights of Objection

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that there are reasons arising from your particular situation. If the objection is directed against the processing of personal data for direct marketing purposes, you have a general right to object without the need to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, an email to info@proliance.ai will suffice.

Date of this privacy policy: January 16, 2025