Privacy Policy

INTRODUCTION

With the following information, we would like to give you, as a “data subject”, an overview of the processing of your personal data by us and your rights under data protection laws. In principle, it is possible to use our website without entering personal data. However, if you wish to make use of special services provided by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to “Compredict GmbH”. By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data to us by alternative means, for example by telephone or post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to take this opportunity to give you some tips on how to handle your data securely:

· Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

· Only you should have access to the passwords.

· Make sure that you only use your passwords for one account at a time (login, user or customer account).

· Don’t use one password for different websites, applications, or online services.

· In particular, when using publicly accessible IT systems or IT systems shared with other people, the following applies: You should definitely log out after each login to a website, an application or an online service.

Passwords should be at least 12 characters long and should be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common words from everyday life, one’s own names or names of relatives, but upper and lower case, numbers and special characters.

This privacy policy applies to the website of COMPREDICT GmbH, which can be accessed under the domain compredict.ai and the various subdomains (“our website”).

WHO IS RESPONSIBLE AND HOW DO I REACH THEM?

CONTROLLER

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

COMPREDICT GmbH
Birkenweg 14A
64295 Darmstadt

+49 (0)6151 3844614
contact@compredict.ai

Representatives of the controller: Dr.-Ing. Rafael Fietzek and Dr.-Ing. Stéphane Foulard

DATA PROTECTION OFFICER

Compliant Business Solutions GmbHThurn- und Taxis-PLatz 660313 Frankfurt

ds.compredict@cb-sol.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

DEFINITIONS

The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms in this Privacy Policy, among others:

1. Personal data

Personal data is any information relating to an identified or identifiable natural person.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; the restriction, deletion or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

5. Profiling

Profiling is any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymization

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person .

7. Processors

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

8. Recipients

The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union or Member State law are not considered recipients.

9. Third Party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

10. Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative action by which the data subject signifies that he or she agrees to the processing of personal data concerning him/her.

LEGAL BASIS FOR PROCESSING

Art. 6 para. 1 lit. a GDPR (in conjunction with § 25 para. 1 TTDSG) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, such as in cases of enquiries about our products or services.If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) (c)

GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, a hospital or other third parties. In that case, the processing would be based on Art. 6 (1) (d) GDPR.

Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).

Our offer is basically aimed at adults. Persons under the age of 16 may not transmit personal data to us without the consent of their parents or guardians. We do not request, collect or share personal information with children and adolescents.

COOKIES

General information about cookies

Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

The cookie stores information that results from the connection with the specific device used. However, this does not mean that we will immediately become aware of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a certain set period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimisation. These cookies allow us to automatically recognise that you have already visited our website when you visit it again.

The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.

Legal basis for the use of cookiesThe data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) (f) GDPR.

For all other cookies, you have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 (1) (a) GDPR.

Notes on how to avoid cookies in common browsers

Via the settings of the browser you are using, you have the option of deleting cookies,only allowing selected cookies or deactivating cookies completely at any time. For more information, please visit the respective vendors’ support pages:

• Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.

• Safari: https://support.apple.com/de-

at/guide/safari/sfri11471/mac?tid=311178978.

• Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-

loschen?tid=311178978.

• Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-

in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

YOUR RIGHTS AS A DATA SUBJECT

Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

Right to information Art. 15 GDPR

You have the right to receive information from us at any time free of charge about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Deletion Art. 17 GDPR

You have the right to demand that the personal data concerning you be deleted without undue delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

Restriction of processing Art. 18 GDPR

You have the right to demand that we restrict the processing if one of the legal requirements is met.

Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1)

(b) GDPR and the processing is carried out using automated processes, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability in accordance with Art. 20 (1) GDPR, you have the right to obtain that the personal data is transferred directly from one controller to another controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not adversely affected.

Objection Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f (data processing on the basis of a balancing of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

In individual cases, we process personal data in order to conduct direct marketing. You may object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us being processed for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

Notwithstanding Directive 2002/58/EC, you are free to exercise your right to object to the use of information society services by means of automated procedures using technical specifications.

Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

Complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

TRANSFER OF DATA TO THIRD PARTIES

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

1. you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR,

2. the disclosure is permissible in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

3. in the event that there is a legal obligation for the transfer pursuant to Art. 6 (1) (c) GDPR, and

4. this is legally permissible and necessary in accordance with Art. 6 (1) (b) GDPR for the

processing of contractual relationships with you.

In order to protect your data and, if necessary, to enable data transfer to third countries (outside the EU/EEA), this is only done in accordance with the legal requirements. If the level of data protection in the third country has been recognised by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. If no adequacy decision exists, data transfer will only take place if the level of data protection is otherwise ensured, in particular by standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent or, in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). In the Data Privacy Framework (DPF), the EU Commission has also recognized the level of data protection as secure for certified companies from the USA as part of the adequacy decision of 10.07.2023.

DURATION OF STORAGE OF PERSONAL DATA

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the performance of the contract or the initiation of a contract.

HOW IS MY DATA PROCESSED IN DETAIL?

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.

PROVISION OF THE WEBSITE

Type and scope of processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• IP address of the requesting computer

• Date and time of access• Name and URL of the retrieved file

• Website from which access is made (referrer URL)

• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Purpose and legal basis

The processing is carried out to safeguard our overriding legitimate interest in displaying our website and to ensure security and stability on the basis of Art. 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to processing due to the exception under Art. 21 (1) GDPR. Insofar as the further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that there is a “https://” instead of a “http://” in the address bar of the browser and by the lock symbol in your browser line.

We use this technology to protect the information you transmit.

CONTACT FORM

Contact / Contact form

Personal data is collected when contacting us (e.g. via contact form or e-mail). The data collected when using a contact form can be seen in the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been processed, this is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and that the deletion does not conflict with any statutory retention obligations.

NEWSLETTER

Type and scope of processing

If you register to receive our newsletter on our website, we collect your e-mail address and your name and store this information together with the date of registration. You will then receive an e-mail in which you have to confirm your subscription to the newsletter (double opt-in).

To send the newsletter, we use a service provided by Hubspot Inc., which processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not bepassed on to third parties. For more information, please see the HubSpot Forms Privacy

Policy: https://legal.hubspot.com/privacy-policy.

Purpose and legal basis

We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

Storage period

After successful confirmation, we will store your data until you revoke your consent (unsubscribe from the newsletter).

PRESENCE ON SOCIAL MEDIA PLATFORMS

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to offer you other ways to contact us and find out about our offers. In the following, we will inform you about which data we or the respective social network process about you in connection with the access and use of our fan pages/accounts.

Data we process about you

If you want to contact us via messenger or direct message via the respective social network, we usually process your user name, which you use to contact us, and may store other data provided by you insofar as this is necessary to process/answer your request.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary to protect the legitimate interests of the controller). (Static) Usage Data We Receive from Social Networks. We receive automatically provided statistics regarding our accounts via insights functionalities. The statistics include, but are not limited to, the total number of page views, likes, page activity and post interactions, reach, video views/views, and the percentage of men/women among our fans/followers.

The statistics contain only aggregated data and cannot be related to individual persons. They are not identifiable to us in this way.
What data the social networks process about you. In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and no user account for the respective social network is required.

Please note, however, that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no influence. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)If you want to interact with the content on our fan pages/accounts, e.g. comment, share or like our postings/contributions and/or contact us via messenger functions, you must register with the respective social network in advance and provide personal data. We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data will be stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behaviour (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both inside and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside the EU/EEA and passed on to third parties.

For information on the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use of social networks, please refer to the privacy policy/cookie policy of social networks. There you will also find information about your rights and options for objection.

TWITTER PAGE

Twitter is a social network of Twitter Inc., based in San Francisco, California, USA, which enables the creation of private profiles of natural persons (Personal Account) as well as professional profiles (Professional Account) of natural persons and companies. Via Twitter, users can, among other things, write spa messages (so-called “tweets”), interact with the content of other users, e.g. write so-called “retweets”, like posts, share posts and reply when other users mention or tag you in content. When using or visiting the network and thus also when visiting our Twitter account,

Twitter automatically collects data from users or visitors, such as username and IP address, during use or visit. This is done with the help of tracking technologies, in particular with the use of cookies. Twitter provides users with information, offers and recommendations based on the data collected in this way, among other things. This information is used to provide us, as the operator of our Twitter page, with statistical information about the use of the Twitter page. You can find more information on this in Twitter’s privacy policy: https://twitter.com/privacy#twitter-privacy-1.

Based on the statistical information transmitted, it is not possible for us to draw conclusions about individual users. We use these only to be able to respond to the interests of our users and to continuously improve our online presence and ensure the quality of these.

We only collect your data via our fan page in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content and the profile information you provide “publicly”. The processing of your personal data for our above-mentioned purposes is carried out on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f GDPR. If you as a user have given your consent to data processing vis-à-vis the respective provider of the social network, the legal basis for the processing extends to Art. 6 para. 1 a, Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfil your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively done directly against the respective provider.

Together with Twitter, we are responsible for the personal content of the fan page. Rights of data subjects can be asserted with Twitter Inc. as well as with us.

The primary responsibility under the GDPR for the processing of Insights Data lies with Twitter and Twitter complies with all obligations under the GDPR with respect to the processing of Insights Data. Twitter Inc. makes the essence of the Page Insights supplement available to data subjects.

We do not make any decisions regarding the processing of Insights data and the storage period of cookies on user devices.

For more information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines for the use of cookies and similar technologies in the context of registration and use, please refer to Twitter’s privacy policy/cookie policy:Privacy Policy: https://twitter.com/privacy#twitter-privacy-1

Cookie Policy: https://help.twitter.com/rules-and-policies/twitter-cookies

LINKEDIN PAGE

LinkedIn is a social network of LinkedIn Inc., based in Sunnyvale, California, USA, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organizations can create profiles that upload photos and other company information to present themselves as an employer and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on the professional exchange of specialist topics with people who have the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from users or visitors, such as username, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides benefits, information, offers, and recommendations, among other things, based on the data collected in this way.

We only collect your data via our company profile in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content and the profile information you provide “publicly”.

The processing of your personal data for our above-mentioned purposes is carried out on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f GDPR. If youas a user have given your consent to data processing vis-à-vis the respective provider of the social network, the legal basis for the processing extends to Art. 6 para. 1 a, Art. 7 GDPR.

Together with LinkedIn, we are responsible for the personal content of our company profile. Data subject rights can be asserted at LinkedIn Inc. as well as at us.

We do not make any decisions regarding the information collected on the LinkedIn Site through tracking technologies.

For more information about LinkedIn, please visit: https://about.linkedin.com.

For more information on LinkedIn’s data protection, please visit:

https://www.linkedin.com/legal/privacy-policy.

Further information on the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use with LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

DOWNLOAD FILES (WHITEPAPERS, CASE STUDIES)

We provide you with white papers or case studies on the website, which are associated with a high economic outlay. These can therefore only be downloaded in return by providing your e-mail address combined with advertising consent.

The permissibility of processing is governed by Article 6(1)(b) of the GDPR, according to which processing is lawful if it is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

The processed personal data will be deleted after the expiry of the statutory retention obligations, unless the controller has a legitimate interest in further storage. In any case, only those data will continue to be stored that are really absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be anonymized. These documents will be made available to you upon request as part of a contractual relationship. The data collected is also necessary for the implementation of the contractual measure, as without it it is not possible to respond to the request.

We also use the data for advertising purposes. The permissibility of this processing is governed by Art. 6 (1) (a) GDPR, according to which the processing is lawful if the data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.

Your data will be deleted after your consent has been revoked, unless the controller has a legitimate interest in further storage. This may be the case if the operator has tocontinue to store your data due to a contract with you. In any case, only those data will continue to be stored that are really absolutely necessary to achieve the corresponding purpose. The provision of the data is neither legally nor contractually required. Failure to provide them will result in you not being able to access the documents.

YOUTUBE CHANNEL

We use a YouTube channel that is part of YouTube’s platform and is owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Please note that you use our YouTube channel and its features, including the “Discussion” feature, at your own risk. For more information about how Google collects and uses data, please refer to Google’s privacy policy: Google Privacy Policy

Our ability to influence or control Google’s processing and use of your information is limited. When you use Google services, including our YouTube channel, your personal data is collected, processed and, in some cases, shared with third parties by Google.

This includes both data that you actively provide (such as name, username or comments on videos) and data that is collected automatically (e.g. via cookies or your location).

Google may use various tools, including Google Analytics, to analyze your data. We have no control over whether such tools are used on our YouTube channel, and we have no access to the data collected by these tools. Our insight is limited to the profiles of our subscribers.

Even if you don’t have a Google account, Google collects information when you view certain content. This may include information such as your IP address, the browser you are using, and others.

You can influence the data processing by Google in the settings of your Google account and in YouTube’s specific privacy settings. Google offers further information on this in its guide to data protection for its products: Google Product Data Protection

For more details on Google’s privacy practices and settings, please see their privacy policy under the “Privacy Settings” section: Google Privacy Policy

You can also request more information about data protection from Google via a special form: Google Privacy Form

CLARITY

Type and scope of processing

We have integrated Clarity on our website. Clarity is a service of Microsoft Corporation and provides optimization tools that analyze the behavior and feedback of users of our website through analytics and feedback tools.

Clarity uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on the activity of the website and to statistically evaluate visitor data. Furthermore, Clarity records clicks, mouse movements and scroll heights to create so-called heat maps and session replays.In this case, your data will be passed on to Clarity’s operator, Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States.

Purpose and legal basis

Clarity is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to EU-U.S. DPF), we have agreed with the recipients of the data other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third-country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there may be risks that are unknown in detail in the case of third-country transfers (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Microsoft Corporation. For more information, please see the Clarity Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.

GOOGLE CDN

Type and scope of processing

We use Google CDN to properly deliver the content of our website. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our website.

A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and, if applicable, browser data are transmitted like your user agent. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in secure and efficient provision as well as the optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please see the privacy policy for Google CDN: https://policies.google.com/privacy.

GOOGLE FONTS

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, connect to Google Ireland Limited servers, where your IP address will be transmitted.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to EU-U.S. DPF), we have agreed with the recipients of the data other appropriate safeguards within the meaning of Art. 44 et seq.GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Storage period

GOOGLE MAPS

Type and scope of processing

We use the Google Maps map service to create driving directions. Google Maps is a service of Google Ireland Limited, which displays a map on our website.

When you access this content on our website, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and, if applicable, browser data are transmitted as your user agent. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google Maps.

Purpose and legal basis

The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to EU-U.S. DPF), we have agreed with the recipients of the data other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EUCommission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/uri=CELEX:32021D0914&from=DE.

In addition, before such a third-country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there may berisks that are unknown in detail in the case of third-country transfers (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.

GOOGLE RECAPTCHA

Type and scope of processing

We have integrated components from Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and allows us to distinguish whether a contact request comes from a natural person or is automated by means of a program. When you access this content, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and, if applicable, browser data are transmitted like your user agent.

Furthermore, Google reCAPTCHA records the dwell time and mouse movements of the user in order to distinguish automated queries from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

HUBSPOT API

Type and scope of processing

We use HubSpot API from HubSpot, Inc., Cambridge, Massachusetts, US to access other services and data from HubSpot, Inc. Your IP address will be transmitted to HubSpot, Inc. Please note that a single section in this Privacy Policy is for each additional service we use from HubSpot, Inc.

Purpose and legal basis

The use of HubSpot API is based on our legitimate interests, i.e. interest in optimizing our online offering in accordance with Art. 6 (1) (f) GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, please see the HubSpot API Privacy Policy: https://legal.hubspot.com/privacy-policy.

HUBSPOT ANALYTICS

Type and scope of processing

We use HubSpot Analytics from HubSpot, Inc., Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of calls to our online offer, subpages visited and the length of stay of visitors.

HubSpot Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on the activity of the website.

Purpose and legal basis

HubSpot Analytics is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to EU-U.S. DPF), we have agreed with the recipients of the data other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EUCommission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Analytics Privacy Policy: https://legal.hubspot.com/privacy-policy.

HUBSPOT CDN

Type and scope of processing

We use HubSpot CDN to properly deliver the content on our website. HubSpot CDN is a service provided by HubSpot, Inc., which acts as a content delivery network (CDN) on our website to ensure the functionality of other HubSpot, Inc. services. For said services, you will find a separate section in this Privacy Policy. This section is only about using the CDN.

A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of HubSpot, Inc., Cambridge, Massachusetts, US, where your IP address and, if applicable, browsing data are transmitted like your user agent. This data is processed solely for the purposes set out above and to maintain the security and functionality of HubSpot CDN.

Purpose and legal basis

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, please see the HubSpot CDN Privacy Policy: https://legal.hubspot.com/de/privacy-policy.

HUBSPOT COOKIE BANNER

Type and scope of processing

We have integrated HubSpot cookie banners on our website. HubSpot Cookie Banner is a consent solution provided by HubSpot, Inc., Cambridge, Massachusetts, US, which can be used to obtain and document consent to the storage of cookies. HubSpot CookieBanner uses cookies or other web technologies to recognize users and store consent given or withdrawn.

Purpose and legal basis

The use of the service is based on obtaining the legally required consent to the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR and § 25 para. 2 no. 2 TDDDG.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, please see the HubSpot Cookie Banner Privacy Policy: https://legal.hubspot.com/privacy-policy.

HUBSPOT FORMS

Type and scope of processing

We’ve integrated HubSpot Forms on our website. HubSpot Forms is a service of HubSpot, Inc. and provides marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing, and web analytics.

HubSpot Forms is used to store data entered in forms, e.g. when contacting us via contact form. The data provided may be stored in our Customer Relationship Management System (CRM System).

In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc., Cambridge, Massachusetts, US.

Purpose and legal basis

We process your data with the help of HubSpot Forms for the purpose of processing the contact request and processing it in accordance with Art. 6 (1) (b) GDPR.

The use of HubSpot Forms and the integrated services is subject to our legitimate interest in accordance with Art. 6 (1) (f) GDPR, the optimization of our marketing measures and the improvement of our service quality on the website.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, please see the HubSpot Forms Privacy Policy: https://legal.hubspot.com/privacy-policy.

HUBSPOT PIXEL

Type and scope of processing

We use HubSpot pixels from HubSpot, Inc., Cambridge, Massachusetts, US to create so-called Custom Audiences, i.e. to segment visitor groups of our online offerings, determine conversion rates and then optimize them. This happens especially when you interact with ads we have served with HubSpot, Inc.

Purpose and legal basis

The use of HubSpot Pixel is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, please see the HubSpot Pixel Privacy Policy: https://legal.hubspot.com/privacy-policy.

LINKEDIN ADS

Type and scope of processing

We have integrated LinkedIn Ads on our website. LinkedIn Ads is a service provided by LinkedIn Corporation that provides targeted ads to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on different websites. This information is used to optimize the relevance of advertising. LinkedIn Ads also delivers targeted advertising based on behavioral profiles and geographic location.

Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, US.

Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be merged with you as a natural person, but are used, for example, for segmentation when displaying advertisements.

Purpose and legal basis

LinkedIn Ads are used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission.

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Corporation. For more information, please see the LinkedIn Ads Privacy Policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

LINKEDIN INSIGHT TAG

Type and scope of processing

We use LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, US to create target groups, segment visitor groups of our online offerings, determine conversion rates and then optimize them. This happens especially when you interact with ads we have placed with LinkedIn Corporation. To do this, LinkedIn Corporation offers retargeting for website visitors to display targeted advertising outside of our website.

LinkedIn Insight Tag collects data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamps. This data is used to present anonymized reports on the website audience and ad performance.

Purpose and legal basis

The LinkedIn Insight Tag is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission.The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Corporation. For more information, please see the privacy policy for LinkedIn Insight Tag: https://www.linkedin.com/legal/privacy-policy.

MATOMO

Type and scope of processing

We use the open source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (see above for cookies). When individual pages of our website are accessed, the following data is stored:

• Two bytes of the IP address of the user’s calling system (anonymized IP address)

• The website accessed

• The website from which the user came to the accessed website (referrer)

• The subpages that are accessed from the accessed website

• The time spent on the website

• The frequency of access to the website

The software runs exclusively on the servers of our website. Your personal data is only stored there. The data will not be passed on to third parties.

Purpose and legal basis

We process your data with the help of the Matomo analysis software for the purpose of evaluating the use of individual components and content of our website on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

Storage period

The specific storage period of the cookies set is 13 months.

PERSONIO

Type and scope of processing

We have integrated components of Personio on our website. Personio is a service of Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, which offers applicant and personnel management software.

Personio is used in connection with application procedures to optimize applicant management, for example through an automated analysis of employment references.

Furthermore, Personio enables us to create and evaluate job advertisements.

Purpose and legal basis

The use of the service is based on our legitimate interests, i.e. interest in optimising our application processes in accordance with Art. 6 (1) (f) GDPR. The legal basis for data processing is § 26 BDSG.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Personio GmbH. Further information can be found in the privacy policy for Personio: https://www.personio.de/datenschutz/.

SPLINE

Type and scope of processing

We use Spline to properly provide the content of our website. Spline is a service of Spline, Inc.

Spline contributes to the creation and provision of content from our online offer, in particular files such as graphics or images. When you access this content, you connectto servers of Spline, Inc., Spline, Inc., Delaware 651 N Broad St, Suite 206, Middletown,

DE 19709, United States, where your IP address and, if applicable, browser data are transmitted as your user agent.

Purpose and legal basis

The use is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer in accordance with Art. 6 (1) (f) GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Spline, Inc. For more information, please see the privacy policy for Spline: https://spline.design/privacy.

WORDPRESS CDN

Type and scope of processing

We use WordPress CDN to properly deliver the content of our website. WordPress CDN is a service provided by Automattic Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Automattic Inc., San Francisco, California, US, where your IP address and, if applicable, browser data are transmitted like your user agent. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of WordPress CDN.

Purpose and legal basis

The participating US companies and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In addition, before such a third-country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there may berisks that are unknown in detail in the case of third-country transfers (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Automattic Inc. Further information can be found in the privacy policy for WordPress CDN: https://automattic.com/privacy/.