General terms and conditions of business

The data protection declaration of Finanzmakler.online is based on the terms used by the European legislator for directives and regulations when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance. We use the following terms, among others, in this data protection declaration: a) personal data Personal data is all information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. b) affected person Data subject is any identified or identifiable natural person whose personal data are processed by the data controller. c) Processing Processing is any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data, such as collecting, recording, organizing, classifying, storing , adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or any other form of provision, alignment or combination, restriction, deletion or destruction. d) Restriction of processing Restriction of processing is the marking of stored personal data with the aim of restricting their future processing. e) Profiling Profiling is any type of automated processing of personal data, which consists in using that personal data to determine certain personal aspects relating to a natural person evaluate, in particular, aspects relating to f) Pseudonymization Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and are subject to technical and organizational measures to ensure that the personal data are not assigned to an identified or identifiable natural person. g) Controller or person responsible for processing The person responsible or responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data Data decides. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. h) Processor Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller. i) Recipient Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not . However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients. j) Third party Third party is a natural or legal person, authority, institution or other body other than the data subject, the controller, the processor and the persons under the direct responsibility of the controller or the processor is authorized to process the personal data. k) Consent Consent is any voluntary, informed and unambiguous expression of will given by the data subject for the specific case in the form of a statement or other clear confirmatory act with which the data subject indicates that you agree to the processing of your personal data.

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is: Finanzmakler.online Responsible: Sten Valandt Haydnstr. 20 Germany Tel.: (+49)0351 79 99 32 32 Email: kontakt(a)finanzmakler.online< /a> Website: https://www.finanzmakler .online

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used of an online offer. Cookies can also be used for various purposes, e.g. for the purposes of the functionality, security and comfort of online offerings as well as the creation of analyzes of visitor flows. Notes on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). Strictly necessary cookies generally include cookies with functions related to the display and operability of the online offering, load balancing, security, storage of users' preferences and choices or similar to the provision of the main and secondary functions of those requested by users purposes related to the online offering. The revocable consent is clearly communicated to the users and contains information on the respective cookie use. Notes on data protection legal bases: On which data protection legal basis we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing your data is their declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is within the scope of the fulfillment of our contractual obligations, if the use of cookies is necessary for our purposes to fulfill contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes. Storage period: With regard to the storage period, a distinction is made between the following types of cookies: • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application). • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status Saved or preferred content displayed directly when the user visits a website again. User data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years. General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and can also object to the processing in accordance with the legal requirements in Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (which may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. Cookie settings/possibility of objection: https://www.finanzmakler.online/cookies • Types of data processed: usage data (e.g. websites visited, interest in content, access times). • Affected persons: users (e.g. website visitors, users of online services). • Purposes of processing: Provision of our online offering and user-friendliness. • Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Further information on processing processes, procedures and services: • Processing of cookie data based on consent: We use a cookie consent management procedure, within which the users' consent to the use of cookies, or as part of cookie consent management Processing and providers mentioned in this procedure can be obtained and managed and revoked by users. The declaration of consent is saved so that it does not have to be asked again and to be able to prove consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). • Cookie opt-out: In the footer of our website you will find a link through which you can change your cookie settings and revoke the corresponding consent; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). • Cookiebot: Cookie consent management; Service provider: Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark; Website: https://www.cookiebot.com/de; Data protection declaration: https://www.cookiebot.com/de/privacy-policy/; Further information: Data stored (on the service provider's server): The user's IP number in anonymized form (the last three digits are set to 0), date and time of consent, browser details, the URL from which the consent was sent , An anonymous, random and encrypted key value; the user's consent status.

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects. Types of data processed • Inventory data. • Payment details. • Location data. • Contact details. • Content data. • Contract data. • Usage data. • Meta, communication and procedural data. • Image and/or video recordings. • Event data (Facebook). Categories of data subjects • Customers. • Employees. • Interested parties. • Communication partner. • Users. • Business and contractual partners. • Participants. • People depicted. Purposes of processing • Provision of contractual services and customer service. • Contact inquiries and communication. • Security measures. • Direct marketing. • Range measurement. • Tracking. • Office and organizational procedures. • Remarketing. • Conversion measurement. • Target group formation. • Managing and responding to inquiries. • Feedback. • Marketing. • Profiles with user-related information. • Registration procedure. • Provision of our online offering and user-friendliness. • Information technology infrastructure.

Due to legal regulations, the Finanzmakler.online website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address so-called electronic mail (e-mail address). If a data subject contacts the person responsible for processing by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.

Finanzmakler.online offers users the opportunity to leave individual comments on individual blog posts on a blog that is located on the website of the controller . A blog is a portal maintained on a website, usually publicly accessible, in which one or more people, called bloggers or web bloggers, can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented on by third parties. If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information will also be provided on the time the comment was entered and by the data subject The user name (pseudonym) chosen by the person is stored and published. Furthermore, the IP address assigned to the data subject by the Internet service provider (ISP) is also logged. This storage of the IP address is done for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment made. The storage of this personal data is therefore in the own interest of the person responsible for processing, so that he could be exculpated in the event of a legal violation. This collected personal data will not be passed on to third parties unless such transfer is required by law or serves the legal defense of the person responsible for processing.

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent permitted for processing is revoked or other permissions no longer apply (e.g. if the purpose for processing this data no longer applies or it is not necessary for the purpose). Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Our data protection information may also contain further information on the storage and deletion of data, which applies primarily to the respective processing.

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR: Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR ; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. Right to revoke consent: You have the right to revoke your consent at any time. Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements. Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected. Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with the legal requirements.< /p> Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another person responsible. Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing the personal data concerning you violates the requirements of the GDPR.

Below you will find an overview of the legal basis of the GDPR, on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you about these in the data protection declaration. • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes. • Fulfillment of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the fulfillment of a contract to which the data subject is a party or to carry out pre-contractual measures based on request from the person concerned. • Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject. • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, that require the protection of personal data predominate. In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships as well as associated measures and as part of communication with the contractual partners (or pre-contractual), e.g. to answer queries. We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse and jeopardy of their data, secrets, information and rights (e.g. for the participation of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this data protection declaration. We inform the contractual partners which data is required for the aforementioned purposes before or as part of the data collection, e.g. in online forms, through special marking (e.g. colors) or symbols (e.g. asterisks, etc.), or personally. We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons . The statutory retention period is ten years for documents relevant to tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions and other organizational documents and accounting documents required to understand these documents, and six years for commercial and business letters received and copies of the commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created and the recording was also made or the other documents have been created. If we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers. Types of data processed: inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: customers; Interested persons; Business and contractual partners. Purposes of processing: provision of contractual services and customer service; Safety measures; Contact inquiries and communication; office and organizational procedures; Managing and responding to inquiries. Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Customer account: Customers can create an account within our online offering (e.g. customer or user account, “customer account” for short). If registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the time of termination, unless it is retained for purposes other than provision in the customer account or must be retained for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the responsibility of customers to secure their data upon termination of the customer account; Legal basis: fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Shop and e-commerce: We process our customers' data to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such as part of the ordering or comparable purchase process and includes the information required for delivery, provision and billing as well as contact information in order to be able to hold any consultations; Legal basis: fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Brokerage and brokerage services: We process the data of our customers, clients and interested parties (uniformly referred to as “customers”) in accordance with the underlying order of the customer. We may also process information about the characteristics and circumstances of people or things belonging to them if this is part of the subject of our order. This can be, for example, information about personal living conditions, mobile or immobile property and the financial situation. If necessary for the fulfillment of the contract or by law or approved by the customer or based on our legitimate interests, we disclose or transmit the customer's data within the framework of cover inquiries, conclusions and the processing of contracts to providers of the brokered services/objects, insurers, reinsurers, broker pools, technical service providers, other service providers, such as cooperating associations, as well as financial service providers, credit institutions and investment companies as well as social security institutions, tax authorities, tax advisors, legal advisors, auditors , insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). Furthermore, subject to other agreements, we may commission subcontractors, such as sub-agents; Legal basis: fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

We take appropriate technical measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and their separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings. TLS encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.

The criterion for the duration of storage of personal data is the respective statutory retention period. After the deadline has expired, the relevant data will be routinely deleted unless it is no longer required to fulfill or initiate the contract.

We would like to clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the data subject provides personal data, the data subject must contact our data protection officer. Our data protection officer explains to the person concerned on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

In order to give you a good overview of the market for your financing projects and to be able to make financing suggestions that are as suitable as possible, the Europace marketplace is used to compare the products available for this purpose. Below you will be informed in a concise manner about the processing of your data in connection with the Europace marketplace and your rights in this regard. Please note that this data protection information applies in addition to the data protection information of the other parties involved (e.g. lenders). 1. What is the Europace Marketplace? The Europace marketplace is a European platform for the sale of financing services in which the products of numerous German lenders are listed. In addition to the affiliated lenders, only registered financial distributors and Europace have access to the Europace marketplace. 2. Who is responsible for the Europace marketplace? Is responsible within the meaning of the EU General Data Protection Regulation (GDPR) for the data processing described below in connection with the Europace marketplace, • If you apply for a general consumer loan (e.g. an installment loan), Europace AG, Heidestr. 8, 10557 Berlin, • If you are applying for a consumer property loan (e.g. home financing) or a building savings product, Hypoport Mortgage Market Ltd., Mulranny, Westport, Co. Mayo, Ireland. With "Europe" The company responsible for processing your data will be referred to below, i.e. either Europace AG or Hypoport Mortgage Market Ltd. designated. Regardless of this, responsibility for data processing that takes place outside of the Europace marketplace or independently of it lies with other entities involved in processing your financing application (e.g. consultant or sales organization, Schufa, lender). 3. Europace Data Protection Officer If you have any questions about data protection in connection with the Europace marketplace, you can contact the data protection team of the responsible company at any time: • Europace AG: datenschutz@europace.de • Hypoport Mortgage Market Ltd.: datenschutz@europace.ie In addition, you always have the option of contacting the respective data protection officer by post at the addresses listed in section 2 (keyword: “data protection officer”). 4. Purposes of data processing by Europace The data processing in connection with the Europace marketplace essentially takes place for the purpose of product selection, preparation and application for your loan. Using the Europace marketplace, your individual financing request is quickly compared based on the information you provide with the currently available products from the lenders connected to the Europace marketplace that are suitable for you. Depending on the processing phase of your financing project and the purposes for which the Europace marketplace is used, different data is required. a) Identification and comparison of financing proposals: As part of a product comparison, the information you provide about your financing project (needs, if necessary further information about the intended purpose, desired terms, installments and dates), your person (name, date of birth, place of birth, marital status, nationality) and personal situation (housing situation, such as address or number of people in the household), your financial situation (income and expenses as well as liabilities), and, if applicable, your account details are transmitted to Europace and there for the purpose of comparison with the financing products under consideration processed. Your information is automatically compared with the conditions of the lender(s) for the financial products in question and any product additions or alternatives that may be required or that make sense for your project are determined. If different financing products are to be combined (e.g. an additional installment loan for building financing), your advisor can, if desired, use your data to determine other financing products and create a uniform financing proposal. The determination of financing proposals is generally carried out in a data-efficient manner and exclusively within the Europace platform. Using the Europace marketplace makes it possible to access a wide range of products and find a suitable financing proposal for you. The legal basis for this data processing is Article 6 Paragraph 1 b) GDPR (fulfillment of the contract and pre-contractual measures). b) Application preparation and application: If you have decided on a specific financial product based on a suggested proposal, the information you provided under point 4 a) will be used to submit an application to the respective lender in your name via the Europace marketplace. Depending on the financing project and the financial product you choose, the lender may consider further information or evidence necessary to examine your application. The lender will then request further information or evidence required via the Europace marketplace. If you provide the required information or evidence, this will be forwarded to the lender via the Europace marketplace. The lender then communicates the results of the application review in the same way. The legal basis for this data processing is Article 6 Paragraph 1 b) GDPR (fulfillment of the contract and pre-contractual measures). c) Follow-up processing, enabling processing continuity and commission determination: Europace stores and processes the transmitted data to the extent that this is necessary for the brokerage activity and/or further application processing by the parties involved (advisors, intermediaries, lenders). If your financing application is to be further processed by another financial distributor in the future, your data and documents stored in the Europace marketplace will also be released by Europace for the other financial distributor or passed on to them (subject to the consent given by your advisor/agent in the individual case). he or she can continue processing your application. Europace will not make your data and documents available to other financial distributors without the express consent of your previous financial distributor. Based on the data transmitted and the other information about the financing application that the respective lender has posted in the Europace marketplace, Europace will also determine and bill the commissions for the parties involved. The data from the financing process can also be included in evaluations that the lender needs for further processing or processing of the application. The legal basis for the aforementioned data processing is Article 6 Paragraph 1 b) GDPR (fulfillment of the contract and pre-contractual measures). d) Further development of the Europace marketplace: Europace also uses the data generated when using the Europace marketplace to continuously optimize and develop the Europace marketplace. For this purpose, the information and data on financing transactions entered by users of the Europace marketplace are evaluated. Users of the Europace marketplace are also regularly surveyed about their general experiences and wishes with regard to future functionalities of the Europace marketplace. The relevant data processing by Europace takes place without regard to the persons concerned. Statistical evaluations of the processes and the surveys are therefore generally not carried out in connection with your directly personal information (e.g. your name and contact details), but only on the basis of carefully anonymized information in accordance with the requirements of EU data protection law. In particular, no personal information from the documents submitted as part of your application via the Europace marketplace will be evaluated. The legal basis for the aforementioned data processing is Article 6 Paragraph 1 f) GDPR (balancing of interests, based on Europace's interest in the continuous optimization and further development of the Europace marketplace). You have the right to object to the data processing described here. Please inform Europace about this using the contact details given in point 2. e) Real estate valuation: If you would like to borrow against a property as part of the financing, the lender will need the market value or the possible lending value of the property. To determine this, Europace uses an internal database of historical transactions and external service providers. Information about the property (approximate location, amenities, approximate living space) as well as the possible purchase price are transmitted to this database and service provider. No personal information about you will be used or disclosed. The legal basis for the aforementioned data processing is Article 6 Para. 1 f) GDPR (balancing of interests, based on Europace's interest in determining the historical property values and the lender's interest in efficient initial assessments of the loan value). You have the right to object to the data processing described here. Please inform Europace about this using the contact details given in point 2. 5. Data transfer by Europace Your data will generally only be passed on to third parties by Europace if this is necessary to process your financing application, if Europace or the third party has a legitimate interest in passing it on or if you have given your consent. In addition, your data may be transmitted by Europace to third parties if Europace is obliged to do so by law or by an enforceable official or court order. Europe generally stores and processes your data in data centers within the European Union. Europace has designed its data processing operations so that, wherever possible, your data will not be processed outside the European Union. If the involvement of an external service provider is necessary for individual processing steps or technical support services, it may be necessary to transfer your data to a location outside the European Union. In any case, Europace ensures that the respective service provider guarantees, contractually or otherwise, a level of data protection equivalent to the European level of data protection. You can request a copy of these guarantees at any time using the contact details mentioned in point 2. Currently, data transfer according to this section 5 concerns the following processing steps: • Sales support: Europace uses service providers who prepare information in special loan constellations or offer additional partial services (e.g. sales support in processing your financing proposal, checking the IBAN, preparing property valuations, commission billing or ordering land register extracts). All processing operations take place exclusively within the European Union. • Contact and document management: Europace uses special service providers who handle contact and document management as well as certain data archiving services. The processing takes place within the European Union. • E-mail dispatch: The Europace marketplace uses an e-mail service so that the financing proposals obtained using the Europace marketplace can be forwarded directly to you by e-mail. The relevant data processing takes place exclusively within the European Union. Data collected during email retrieval (e.g. when and from which region the email was opened) is used exclusively in anonymized form to create general statistics that can be accessed by Europace. Attachments, in particular the documents you have provided or the suggestions you have prepared, will generally not be sent by email. You will always receive a link through which you can access the documents. All documents are also stored within the European Union. • IT infrastructure and support: Europace is also supported by external service providers in maintaining the IT infrastructure, analyzing errors and ensuring the functionality of the Europace marketplace as well as managing support tickets. The error analysis is generally carried out without the use of personal data. Occasionally, employees of the IT service providers commissioned by Europace also need to access the European IT systems of the Europace marketplace for necessary maintenance work. The ticket system provider also uses data about Europace's use of the system in aggregated or anonymized form for its own purposes, such as improving its own software solution or ensuring technical security. We have contractually agreed with the service providers within the framework of the so-called EU standard contractual clauses to comply with European data protection standards or these are ensured by binding internal data protection regulations (so-called Binding Corporate Rules). Europe has taken extensive technical precautions to ensure the security and control of personal data. The service providers' IT infrastructure and internal processes are subject to strict controls and are continuously certified by an independent body. 6. Duration of data storage Europace stores your data for as long as this is necessary to process your financing applications and for continued support during the financing project or as long as Europace has a legitimate interest in further storage as explained in this data protection notice. In all other cases, Europace deletes or anonymizes your personal data, with the exception of data that must be retained to meet contractual or legal (e.g. tax or commercial) retention periods (e.g. invoices). Additional contractual retention periods may also arise from the contracts with the departments involved in processing your financing application (e.g. contractual documentation obligations of Europace towards the consultants or sales organizations). The information on the brokered financial product required to check the commission statements will be stored in accordance with the accounting obligations for a period of 10 years after the commission has been paid out by Europace and then deleted. The legal basis for the aforementioned data processing is Article 6 Paragraph 1 b) GDPR (if storage serves the further processing of your financing application), Article 6 Paragraph 1 f) GDPR (if the underlying data processing in accordance with this data protection notice is based on a legitimate interest of Europace) or Article 6 Para. 1 c) GDPR (if storage is necessary to fulfill legal obligations). 7. Your rights You have the right at any time to request an overview of the data stored about you by Europace. If stored data is incorrect or no longer up to date, you have the right to have this data corrected. You can also request that your data be deleted. If deletion is not possible due to other legal regulations (e.g. due to retention obligations under the Money Laundering Act or the principles of proper accounting), the data will be blocked so that it is only available for this legal purpose. You can also have the processing of your personal data restricted if, for example: B. the accuracy of the data is doubted on your part. You also have the right to data portability, i.e. H. that, upon request, Europace will send you a digital copy of the personal data you have provided. In addition, you have the right to object to the data processing described above at any time for reasons arising from your particular situation, provided that the processing is based on Article 6 Paragraph 1 f) GDPR. Please inform Europace about this using the contact details given in point 2. You also have the right to complain to the data protection supervisory authority responsible for Europace. For Europace AG, the person responsible is the Berlin Commissioner for Data Protection and Freedom of Information (Friedrichstraße 219, 10969 Berlin). For Hypoport Mortgage Market Ltd. The responsible party is the Office of the Data Protection Commissioner (Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland) as the lead data protection supervisory authority. You can also contact the data protection authority where you live, which will then forward your request to the relevant authority. 8. Changes to this data protection notice Due to the further development of the Europace marketplace and the associated implementation of new technologies or to take new functions into account, changes to this data protection notice may become necessary. You will be informed of any corresponding changes.

I/we as legal guardians consent to the collection, processing, use and storage of personal data Enter the data of our child(ren) if this is necessary to carry out or complete the financing request. This applies in particular for all data that we provided unsolicited as part of the financing request - as far as a legitimate interest of the company/or of the data processing company in storing the data. If there is more, we can request the deletion of this data at any time. If financing is provided by the company can be offered, we also declare our consent to data processing for the corresponding Contract execution. If the financing request is canceled at our request, we can also immediately request the deletion of the personal data against written confirmation. We have on request The right to know at any time whether, which and to what extent our child's personal data is being processed become. If the purpose of the processing no longer applies, the child's personal data must generally be returned immediately can be deleted unless the company is subject to a legal obligation to keep the data for a longer period of time.

People under the age of 18 should not provide us with personal information without the consent of their parent or guardian. We do not request personal data from children and young people. We do not knowingly collect such data or pass it on to third parties.

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (“services” for short) in compliance with legal requirements. Their use is based on our interests in the proper, legal and economic management of our business operations and our internal organization. • Types of data processed: inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Contract data (e.g. subject matter of the contract, term, customer category). • Affected persons: customers; Interested persons; Users (e.g. website visitors, users of online services); business and contractual partners; Employees (e.g. employees, applicants, former employees). • Purposes of processing: provision of contractual services and customer service; Office and organizational procedures. • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Further information on processing processes, procedures and services: • DATEV: Software for accounting, communication with tax advisors and authorities and with document storage; Service provider: DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.datev.de/web/de/mydatev/online-applications/; Data protection declaration: https://www.datev.de/web/de/m/ueber-datev/datenschutz/; Data processing agreement: Provided by the service provider. • Lexoffice: Online software for invoicing, accounting, banking and tax filing with receipt storage; Service provider: Haufe Service Center GmbH, Munzinger Straße 9, 79111 Freiburg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.lexoffice.de; Data protection declaration: https://www.lexoffice.de/datenschutz/; Order processing contract: https://www.lexoffice.de/vertragsprocessing/.

We would like to point out that when processing your online loan application, automated decisions can be made using an algorithm to determine the interest conditions. Before making such a decision, we are legally required to obtain your consent. We would like to inform you that, in accordance with European Commission regulations, you have the right to object to an automated decision and that we have put in place appropriate safeguards to protect your rights and freedoms. This particularly includes the opportunity to express your own point of view and challenge the decision. Please note that obtaining your consent and ensuring your rights are part of our data protection regulations and we are committed to complying with them at all times.

In the first step, where a consultation takes place between you and “Finanzmakler.online”, your personal data will not be used for creditworthiness inquiries with SCHUFA or other providers. If a brokerage takes place or a loan application is made at a corresponding institute that was brokered by Finanzmakler.online, the data protection regulations of the brokered institute that apply there apply. As a rule, a creditworthiness inquiry is also associated with the loan application. The individual applicable regulations will be shown to you before you submit your application and require your consent.

If a digital loan application is submitted, in certain cases we use the digital account check via our platform partner Europace. The digital account check enables us to receive a digital account statement of your account transactions from the last three to twelve months for the selected lender, without you having to provide us with further documents about your income and expenses. To use this service, simply enter the bank code of your salary account and log in with your online banking details on the next page. Please note that your salary account must be an individual account in your name and must be accessible in online banking so that the digital account check can be carried out.

As part of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively "payment service providers"). The data processed by the payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose, we refer to the general terms and conditions and data protection information of the payment service providers. The terms and conditions and data protection information of the respective payment service providers apply to payment transactions, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert cancellation, information and other rights of those affected. • Types of data processed: inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). • Affected persons: customers; Interested parties. • Purposes of processing: provision of contractual services and customer service. • Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Further information on processing processes, procedures and services: • PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de; Data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. • Wix Payments: payment services (technical connection to online payment methods); Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://de.wix.com/payments; Data protection declaration: https://de.wix.com/about/privacy.

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device. • Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. entries in online forms). • Affected persons: users (e.g. website visitors, users of online services). • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Security measures. • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Further information on processing processes, procedures and services: • Collection of access data and log files: Access to our online offering is in the form of so-called "server log files" logged. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to monitor the utilization of the servers and ensure their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified. • Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). • STRATO: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: STRATO AG, Pascalstrasse 10, 10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.strato.de; Data protection declaration: https://www.strato.de/datenschutz; Data processing agreement: Provided by the service provider. • Wix: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://de.wix.com/; Data protection declaration: https://de.wix.com/about/privacy; Order processing contract: https://www.wix.com/about/privacy-dpa-users; Further information: As part of the aforementioned Wix services, data may also be sent to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA on the basis of standard contractual clauses or an equivalent data protection guarantee as part of further processing on behalf of Wix be transmitted.

We process the data of the users of our application to the extent necessary to be able to provide users with the application and its functionalities, monitor its security and further develop it. We can also contact users in compliance with legal requirements if the communication is necessary for the purposes of administration or use of the application. Furthermore, with regard to the processing of user data, we refer to the data protection information in this data protection declaration. Legal basis: The processing of data that is necessary to provide the functionalities of the application serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g. approval of device functions). If the processing of data is not necessary to provide the functionality of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimizing the application or security purposes), it is carried out on the basis of our legitimate interests Interests. If users are expressly asked for their consent to the processing of their data, the data covered by the consent will be processed on the basis of the consent. • Types of data processed: inventory data (e.g. names, addresses); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Image and/or video recordings (e.g. photographs or video recordings of a person); Location data (information about the geographical position of a device or person). • Affected persons: users (e.g. website visitors, users of online services). • Purposes of processing: provision of contractual services and customer service. • Legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: • Commercial use: We process the data of the users of our application, registered users and any test users (hereinafter referred to as “users”) in order to be able to provide them with our contractual services and on the basis of legitimate interests in order to ensure the security of our services to ensure the application and to further develop it. The required information is identified as such in the context of the conclusion of the usage, contract, order or comparable contract and may include the information required for the provision of services and any billing as well as contact information in order to be able to hold any consultations; Legal basis: fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). • Device permissions for access to functions and data: The use of our application or its functionalities may require users to have permissions to access certain functions of the devices used or to the data stored on the devices or accessible using the devices. By default, these permissions must be granted by users and can be revoked at any time in the settings of the respective devices. The exact method for controlling app permissions may depend on the user's device and software. If you need clarification, users can contact us. We would like to point out that the denial or revocation of the respective authorizations can affect the functionality of our application. • Access to the camera and saved recordings: As part of the use of our application, image and/or video recordings (which also include audio recordings) of the users (and other people captured by the recordings) are accessed through access to the Camera functions or stored recordings processed. Access to the camera functions or saved recordings requires authorization by the user, which can be revoked at any time. The processing of the image and/or video recordings only serves to provide the respective functionality of our application, in accordance with its description to the users, or its typical and expected functionality. • Processing of stored contacts: As part of using our application, the contact information of people (name, email address, telephone number) stored in the device's contact directory is processed. The use of contact information requires user authorization, which can be revoked at any time. The use of the contact information only serves to provide the respective functionality of our application, in accordance with its description to the users, or its typical and expected functionality. Users are advised that permission to process contact information must be permitted and, particularly in the case of natural persons, requires their consent or legal permission. • Use of contact data for contact matching purposes: The contact data stored in the device's contact directory can be used to check whether these contacts also use our application. For this purpose, the contact details of the respective contacts (which include the telephone number and email address as well as the names) are uploaded to our server and used only for the purpose of matching. • Processing of location data: When using our application, the location data collected by the device used or otherwise entered by the user is processed. The use of location data requires user authorization, which can be revoked at any time. The use of location data only serves to provide the respective functionality of our application, in accordance with its description to the users, or its typical and expected functionality.

Users can create a user account. As part of registration, users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment of obligations. The data processed includes, in particular, login information (username, password and an email address). As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. Users can be informed by email about processes that are relevant to their user account, such as technical changes. Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: provision of contractual services and customer service; Safety measures; managing and responding to inquiries; Provision of our online offering and user-friendliness. Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Registration with real names: Due to the nature of our community, we ask users to only use our offer using real names. This means that the use of pseudonyms is not permitted; Legal basis: fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). User profiles are not public: The user profiles are not publicly visible or accessible. Deletion of data after termination: If users have terminated their user account, their data with regard to the user account will be deleted, subject to a legal permission, obligation or consent of the user; Legal basis: fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Procedures are referred to as “single sign-on” or “single sign-on registration or “authentication” that allow users to log in to a single sign provider using a user account -On a method (e.g. a social network), including our online offer, to register. The prerequisite for single sign-on authentication is that the user is registered with the respective single sign-on provider and enters the required access data in the online form provided, or is already registered with the single sign-on provider and confirm the single sign-on login via button. Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that can no longer be used by us for other purposes (so-called "User “Handle”). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected as part of the authentication and also on what data users enter in the privacy or other settings of the user account during single sign-on. On providers have released. Depending on the single sign-on provider and the user's choice, there can be different data, usually the email address and the user name. The password entered as part of the single sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us. Users are asked to note that the information we store can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. For example, if the users' email addresses change, they must change them manually in their user account with us. If agreed with the users, we can use the single sign-on registration as part of or before the fulfillment of the contract, if the users have been asked to do so, process it as part of their consent and otherwise use it on the basis of legitimate interests on our part and the interests of the users in an effective and secure registration system. If users decide that they no longer want to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must use this connection within their user account with the single sign-on provider. Cancel provider. If users want to delete their data from us, they must cancel their registration with us. • Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). • Affected persons: users (e.g. website visitors, users of online services). • Purposes of processing: provision of contractual services and customer service; Safety measures; Registration procedure. • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Further information on processing processes, procedures and services: • Auth0: authentication service; Service provider: Auth0, Inc, 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://auth0.com/de; Data protection declaration: https://auth0.com/privacy/. • Google Single Sign-On: authentication service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy; Option to object (opt-out): Settings for the display of advertising: https://adssettings.google.com/authenticated. • Microsoft Single Sign-On: authentication service; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.microsoft.com/de-de/security/business/identity-access-management/single-sign-on; Data protection declaration: https://privacy.microsoft.com/de-de/privacystatement; Further information: https://www.microsoft.com/de-de/trustcenter.

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers' data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice. Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: provision of contractual services and customer service; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness; Safety measures; Managing and responding to inquiries. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security if someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author. We also reserve the right to process user information for spam detection based on our legitimate interests. We reserve the same legal basis In the case of surveys, we plan to store the IP addresses of users for their duration and to use cookies to avoid multiple voting. The personal information provided in the comments and posts, any contact and website information as well as the content information stored permanently by us until the user objects; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

When contacting us (e.g. by post, contact form, e-mail, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to answer the contact inquiries and any requested measures is required. Types of data processed: contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: communication partners. Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Further information on processing processes, procedures and services: Contact form: If users contact us via our contact form, email or other communication channels, we process the data provided to us in this context to process the request communicated; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

With the consent of the users, we can send so-called "push notifications" send. These are messages that are displayed on users' screens, devices or browsers, even when our online service is not being actively used. In order to register for push notifications, users must confirm that their browser or device asks them to receive push notifications. This consent process is documented and saved. Storage is necessary to determine whether users have agreed to receive push notifications and to be able to prove their consent. For these purposes, a pseudonymous browser identifier (so-called “push token”) or the device ID of a terminal device is stored. The push messages may be necessary for the fulfillment of contractual obligations (e.g. technical and organizational information relevant to the use of our online offering) and are otherwise based on the consent of the user, unless specifically mentioned below sent. Users can change the receipt of push notifications at any time using the notification settings of their respective browsers or devices. Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: communication partners. Purposes of processing: Provision of our online offering and user-friendliness; Reach measurement (e.g. access statistics, recognition of returning visitors); Direct marketing (e.g. by email or post). Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Further information on processing processes, procedures and services: Push notifications with promotional content: The push notifications we send may contain promotional information. The advertising push messages are processed based on the consent of the users. If their content is specifically described as part of consent to receive advertising push messages, the descriptions are decisive for the user's consent. Furthermore, our newsletters contain information about our services and us; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Analysis and measurement of success: We evaluate push messages statistically and can therefore determine whether and when push messages were displayed and clicked on. This information is used to technically improve our push messages based on the technical data or the target groups and their retrieval behavior or retrieval times. This analysis also includes determining whether the push messages are opened, when they are opened and whether users interact with their content or buttons. For technical reasons, this information can be assigned to the individual push message recipients. However, it is neither our intention nor, if used, that of the push notification service provider to monitor individual users. Rather, the evaluations serve us to recognize the usage habits of our users and to adapt our push messages to them or to send different push messages according to the interests of our users. The evaluation of the push messages and the measurement of success are carried out on the basis of express consent of the user, which takes place with the consent to receive push notifications. Users can object to the analysis and performance measurement by unsubscribing from push notifications. Unfortunately, a separate revocation of the analysis and performance measurement is not possible; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

We use messengers for communication purposes and therefore ask you to note the following information on the functionality of the messengers, encryption, the use of communication metadata and your options for objection. You can also contact us in alternative ways, e.g. via telephone or email. Please use the contact options provided to you or the contact options provided within our online offering. In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end . This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption activated to ensure that the message content is encrypted. However, we would also like to point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners communicate with us as well as technical information about the device used by the communication partner and depending on the settings of their device Location information (so-called metadata) is also processed. Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Furthermore, if we do not ask for your consent and, for example, you contact us on your own initiative, we use Messenger in relation to our contractual partners as well as in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests on fast and efficient communication and meeting the needs of our communication partner on communication via messenger. We would also like to point out that we will not transmit the contact details provided to us to Messenger for the first time without your consent. Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partner. if no reference to a previous conversation is to be expected and deletion does not conflict with any legal retention obligations. Reserve of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer inquiries via messenger. This is the case if, for example, contractual details require special confidentiality or an answer via messenger does not meet the formal requirements. In such cases, we will refer you to more appropriate communication channels. Types of data processed: contact details (e.g. email, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. entries in online forms). Affected persons: communication partners. Purposes of processing: contact requests and communication; Direct marketing (e.g. by email or post). Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Apple iMessage: Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.apple.com/de/ ; Data protection declaration: https://www. apple.com/legal/privacy/de-ww/. Instagram: sending messages via the social network Instagram; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com< /a>; Data protection declaration: https://instagram.com/about/legal /privacy. Facebook Messenger: Facebook Messenger with end-to-end encryption (Facebook Messenger's end-to-end encryption requires activation unless it is activated by default); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com< /a>; Data protection declaration: https://www.facebook.com/about /privacy; Order processing contract: https://www.facebook.com /legal/terms/dataprocessing; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https:/ /www.facebook.com/legal/EU_data_transfer_addendum. Microsoft Teams: Microsoft Teams - Messenger; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.microsoft .com/de-de/microsoft-365; Data protection declaration: https://privacy.microsoft.com /de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA . Skype: Skype Messenger with end-to-end encryption - Skype end-to-end encryption requires it to be enabled (unless it is enabled by default); Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.skype.com/de/ ; Data protection declaration: https://privacy.microsoft.com /de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter. WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.whatsapp.com/ ; Data protection declaration: https://www.whatsapp.com/legal. Ascend by Wix: email and online marketing and communication platform; Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://de.wix.com/ascend /home; Data protection declaration: https://de.wix.com/about /privacy; Order processing contract: https://www.wix .com/about/privacy-dpa-users.

We use platforms and applications from other providers (hereinafter referred to as “conference platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter referred to collectively as “conference”). a. When selecting conference platforms and their services, we observe the legal requirements. Data processed by conference platforms: As part of participation in a conference, the conference platforms process the following personal data of participants. The scope of processing depends, on the one hand, on what data is required as part of a specific conference (e.g. providing access data or real names) and what optional information is provided by the participants. In addition to processing to carry out the conference, the participants' data can also be processed by the conference platforms for security purposes or service optimization. The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about professional status/function, the IP address of the Internet access, information about the participants' end devices, their operating system, the browser and its technical and linguistic settings, information about the content of communication processes, i.e. entries in chats as well as audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference provider. If the participants are registered as users on the conference platforms, then further data can be processed in accordance with the agreement with the respective conference provider. Logging and recordings: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are logged, this will be transparently communicated to the participants in advance and they will be asked for consent - if necessary. Data protection measures of the participants: Please note the details of the processing of your data by the conference platforms in their data protection information and select the security and data protection settings that are optimal for you within the framework of the settings of the conference platforms. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g. by informing roommates, locking doors and using, where technically possible, the function to obscure the background). Links to the conference rooms and access data may not be passed on to unauthorized third parties. Notes on legal bases: If, in addition to the conference platforms, we also process users' data and ask the users for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis is Processing this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g. in participant lists, in the case of processing the results of discussions, etc.). Furthermore, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: communication partner; Users (e.g. website visitors, users of online services); People depicted. Purposes of processing: provision of contractual services and customer service; Contact inquiries and communication; Office and organizational procedures. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Google Hangouts / Meet: conference and communication software; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://hangouts.google.com/ ; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://cloud.google .com/terms/data-processing-addendum; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause. Microsoft Teams: conference and communication software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.microsoft .com/de-de/microsoft-365; Data protection declaration: https://privacy.microsoft.com /de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA . Skype: messenger and conference software; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.skype.com/de/ ; Data protection declaration: https://privacy.microsoft.com /de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter. Zoom: conference and communication software; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://zoom.us; Data protection declaration: https:/ /zoom.us/docs/de-de/privacy-and-legal.html; Order processing contract: https:/ /zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA); Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://zoom.us/docs/de-de/privacy-and-legal.html (Referred to as Global DPA).

We maintain online presences within social networks and process user data in this context in order to communicate with active users there or to offer information about us. We would like to point out that user data may be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the objection options (opt-out), we refer to the data protection declarations and information of the operators of the respective networks. In the case of requests for information and the assertion of the rights of those affected, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us. Types of data processed: contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Instagram: social network; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com< /a>; Data protection declaration: https://instagram.com/about/legal /privacy. Facebook pages: Profiles within the social network Facebook - Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy ), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Facebook data policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services called “Page Insights” to page operators to help them understand how people interact with their Pages and interact with the content associated with them. We have entered into a special agreement with Facebook ("Information about Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook agrees to do so must fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com/ legal/terms/information_about_page_insights_data); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com< /a>; Data protection declaration: https://www.facebook.com/about /privacy; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https:/ /www.facebook.com/legal/EU_data_transfer_addendum; Further information: Shared Responsibility Agreement: https:// www.facebook.com/legal/terms/information_about_page_insights_data. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses). LinkedIn: social network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com< /a>; Data protection declaration: https://www.linkedin.com /legal/privacy-policy; Order processing contract: https://legal.linkedin.com/dpa; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://legal .linkedin.com/dpa; Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Xing: social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.xing.de< /a>; Data protection declaration: https://privacy.xing.com/de /data protection declaration.

We only send newsletters, emails and other electronic notifications (hereinafter “newsletter”) with the consent of the recipient or legal permission. If the contents are specifically described when registering for the newsletter, they are decisive for the user's consent. Our newsletters also contain information about our services and us. In order to register for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name so that you can be addressed personally in the newsletter, or other information if this is necessary for the purposes of the newsletter. Double opt-in procedure: Registration for our newsletter is generally carried out using a so-called double opt-in procedure. This means that after registering you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with someone else's email address. Registrations for the newsletter are logged in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to your data stored by the shipping service provider are also logged. Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove that we have previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the email address in a blacklist (so-called "blocklist") solely for this purpose. The recording of the registration process is based on our legitimate interests for the purpose of providing evidence of its proper execution. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system. Contents: Information about us, our services, promotions and offers. Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Usage data (e.g. websites visited, interest in content, access times); Event data (Facebook) ("Event data" is data that can be transmitted by us to Facebook, for example via Facebook pixel (via apps or other ways) and relates to people or their actions; Zu The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of forming target groups for content and advertising information (custom audiences); event Data does not include the actual content (such as written comments), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years target groups formed by you with the deletion of our Facebook account); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category). Affected persons: communication partner; Customers; Interested persons; Users (e.g. website visitors, users of online services); Business and contractual partners. Purposes of processing: direct marketing (e.g. by email or post); Marketing; Contact inquiries and communication; Reach measurement (e.g. access statistics, recognition of returning visitors); Conversion measurement (measuring the effectiveness of marketing measures); Profiles with user-related information (creating user profiles); Provision of contractual services and customer service; office and organizational procedures; Provision of our online offering and user-friendliness. Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Ability to object (opt-out): You can cancel your receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email. Further information on processing processes, procedures and services: Measurement of opening and click rates: The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server becomes. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their access locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until it is deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of the opening rates and click rates as well as the storage of the measurement results in the users' profiles and their further processing take place based on user consent. Unfortunately, it is not possible to revoke the success measurement separately; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the saved profile information will be deleted; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Google Analytics: Measuring the success of email campaigns and creating user profiles with a storage period of up to two years; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform. google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://business .safety.google/adsprocessorterms; Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/ businesses/adsservices (types of processing and data processed). Reminder emails about the ordering process: If users do not complete an ordering process, we can remind users of the ordering process by email and send them a link to continue it. This function can be useful, for example, if the purchase process could not be continued due to a browser crash, oversight or forgetting. Shipping is based on consent, which users can revoke at any time; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Sending via SMS: The electronic notifications can also be sent as SMS text messages (or are sent exclusively via SMS if the authorization to send them, e.g. consent, only includes sending via SMS); Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). CleverReach: email marketing platform; Service provider: CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cleverreach.com/de; Data protection declaration: https://www.cleverreach.com/ de/data protection/; Data processing agreement: Provided by the service provider. Facebook Messenger Broadcasts: Messenger with end-to-end encryption; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com< /a>; Data protection declaration: https://www.facebook.com/about /privacy; Order processing contract: https://www.facebook.com /legal/terms/dataprocessing; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https:/ /www.facebook.com/legal/EU_data_transfer_addendum; Option to object (opt-out): https://www. facebook.com/adpreferences/ad_settings (Facebook login is required). SendGrid: Email sending and communication platform for transactional and marketing emails; Service Provider: Twilio Ireland Limited, 25 – 28 North Wall Quay, North Wall, Dublin 1, D01 H104, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://sendgrid.com; Privacy policy: https://www.twilio.com/legal /privacy; Order processing contract: https://www.twilio .com/legal/data-protection-addendum; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://www.twilio.com/legal/data-protection-addendum. Zapier: automation of processes, merging of various services, import and export of personal and contact data and analysis of these processes; Service Provider: Zapier, Inc., 548 Market St #62411, San Francisco, California 94104, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://zapier.com; Privacy policy: https://zapier.com/privacy; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://zapier.com /tos (part of the Terms and Conditions). Wix Events: Event management platform for tickets & attendance management; Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://support.wix. com/de/wix-events/; Data protection declaration: https://de.wix.com/about /privacy; Order processing contract: https://www.wix .com/about/privacy-dpa-users. Ascend by Wix: email and online marketing and communication platform; Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://de.wix.com/ascend /home; Data protection declaration: https://de.wix.com/about /privacy; Order processing contract: https://www.wix .com/about/privacy-dpa-users

We offer online chats and chatbot functions (collectively referred to as "chat services") as a means of communication. A chat is an online conversation that takes place with a certain degree of timeliness. A chatbot is software that answers users' questions or informs them about messages. If you use our chat functions, we may process your personal data. If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. We also store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove these in accordance with legal requirements. We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services as well as technical information about the device used by the user and, depending on the settings of their device, location information (so-called metadata) for this purpose to optimize the respective services and security purposes. The metadata of communication via chat services (i.e., for example, the information about who communicated with whom) could also be used by the respective platform providers in accordance with their regulations, to which we refer for further information, for marketing purposes or to display advertising tailored to users be used. If users agree to activate information with regular messages to a chatbot, they have the option to unsubscribe from the information in the future at any time. The chatbot tells users how and with which terms they can unsubscribe from the messages. When you unsubscribe from chatbot messages, user data is deleted from the list of message recipients. We use the above information to operate our chat services, e.g. to address users personally, to answer their inquiries, to transmit any requested content and also to improve our chat services (e.g. to use chatbots "Teach" answers to frequently asked questions or identify unanswered queries). Notes on legal bases: We use the chat services on the basis of consent if we have previously obtained permission from users to process their data as part of our chat services (this applies to cases in which users consent may be requested, e.g. so that a chatbot can send you regular messages). If we use chat services to answer user inquiries about our services or our company, this is for contractual and pre-contractual communication. Furthermore, we use chat services based on our legitimate interests in optimizing the chat services, their business efficiency and increasing the positive user experience. Revocation, objection and deletion: You can revoke your consent at any time or object to the processing of your data as part of our chat services. Types of data processed: contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: communication partners. Purposes of processing: contact requests and communication; Direct marketing (e.g. by email or post). Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Ascend by Wix: email and online marketing and communication platform; Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://de.wix.com/ascend /home; Data protection declaration: https://de.wix.com/about /privacy; Order processing contract: https://www.wix .com/about/privacy-dpa-users.

We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements. The recipients have the right to revoke their consent at any time or to object to the advertising communication at any time. After revocation or objection, we store the data required to prove previous authorization to contact or send you up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest in permanently observing the user's revocation or objection, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, telephone number, name). Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers). Affected persons: communication partners. Purposes of processing: Direct marketing (e.g. by email or post). Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

We carry out surveys and surveys to collect information for the communicated purpose of the survey or survey. The surveys and surveys we conduct (hereinafter “surveys”) are evaluated anonymously. Personal data is only processed to the extent that this is necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address in order to display the survey in the user's browser or to enable the survey to be resumed using a cookie). Types of data processed: contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: communication partner; Participants. Purposes of processing: Feedback (e.g. collecting feedback via online form). Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: ProvenExpert: Rating platform; Service provider: Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.provenexpert.com/ de-de/; Data protection declaration: https://www.provenexpert. com/de-de/data protection regulations/. Google customer reviews: service for collecting and/or presenting customer satisfaction and customer opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Terms and conditions: https:/ /support.google.com/merchants/topic/7259129?hl=de&ref_topic=7257954; Privacy policy: https://policies.google.com/privacy; Further information: When collecting customer reviews, an identification number and the time for the business transaction to be evaluated are processed; for review requests sent directly to customers, the customer's email address and their country of residence as well as the review information itself are processed; Further information on the types of processing and the data processed: https ://privacy.google.com/businesses/adsservices; Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

We use software services accessible via the Internet and running on their providers' servers (so-called "cloud services", also referred to as "Software as a Service") for the storage and management of content (e.g. document storage and management , exchange of documents, content and information with specific recipients or publication of content and information). In this context, personal data can be processed and stored on the providers' servers if they are part of communication processes with us or are otherwise processed by us as set out in this data protection declaration. This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and service optimization. If we provide forms or other documents and content to other users or publicly accessible websites using the cloud services, the providers may set cookies on the users' devices for the purposes of web analysis or to remember the user's settings (e.g. in the case of Media control) to remember, save. Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Image and/or video recordings (e.g. photographs or video recordings of a person). Affected persons: customers; Employees (e.g. employees, applicants, former employees); Interested persons; communication partner; Users (e.g. website visitors, users of online services). Purposes of processing: office and organizational procedures; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Provision of contractual services and customer service. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Adobe Creative Cloud: Applications and cloud storage for photo editing, video editing, graphic design and web development; Service Provider: Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.adobe.com /de/creativecloud.html; Data protection declaration: https://www.adobe.com /de/privacy.html; Data processing agreement: Provided by the service provider; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): inclusion in the order processing contract. Amazon Drive: cloud storage service; Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.amazon.de< /a>; Data protection declaration: https ://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Apple iCloud: cloud storage service; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.apple.com/de/ ; Data protection declaration: https://www. apple.com/legal/privacy/de-ww/. Dropbox: cloud storage service; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.dropbox.com/de; Privacy policy: https://www.dropbox.com/privacy; Order processing agreement: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf. Google Cloud Services: cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://cloud.google.com/ ; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://cloud.google .com/terms/data-processing-addendum; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause; Further information: https://cloud.google.com/privacy< /span>. Google Cloud Storage: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://cloud.google.com/ ; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://cloud.google .com/terms/data-processing-addendum; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause; Further information: https://cloud.google.com/privacy< /span>. Google Workspace: Cloud-based application software (e.g. text and spreadsheet editing, appointment and contact management), cloud storage and cloud infrastructure services; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://workspace.google.com/ ; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://cloud.google .com/terms/data-processing-addendum; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause; Further information: https://cloud.google.com/privacy< /span>. Microsoft cloud services: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://microsoft.com/de-de; Data protection declaration: https://privacy.microsoft.com /de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter; Order processing agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .

We participate in review and rating processes to evaluate, optimize and promote our services. If users rate us via the evaluation platforms or procedures involved or otherwise give feedback, the general terms and conditions or terms of use and the data protection information of the providers also apply. As a rule, the evaluation also requires registration with the respective provider. In order to ensure that the reviewers have actually used our services, we transmit, with the consent of the customer, the necessary data regarding the customer and the service used to the respective review platform (including name, email -Address and order number or article number). This data is used solely to verify the authenticity of the user. Types of data processed: contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: customers; Users (e.g. website visitors, users of online services). Purposes of processing: Feedback (e.g. collecting feedback via online form); Marketing. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Further information on processing processes, procedures and services: Rating widget: We integrate so-called “rating widgets” into our online offering. A widget is a functional and content element integrated into our online offering that displays changeable information. It can, for example, be in the form of a seal or comparable element, sometimes also a “badge”. called, represented. Although the corresponding content of the widget is displayed within our online offering, it is currently being retrieved from the servers of the respective widget provider. This is the only way to always show the current content, especially the current rating. To do this, a data connection must be established from the website accessed within our online offering to the widget provider's server and the widget provider receives certain technical data (access data, including IP address) that is necessary for the content of the widget to be sent to the browser of the user. Furthermore, the widget provider receives information that users have visited our online offering. This information can be stored in a cookie and used by the widget provider to recognize which online offers that take part in the evaluation process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Google customer reviews: service for collecting and/or presenting customer satisfaction and customer opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Terms and conditions: https:/ /support.google.com/merchants/topic/7259129?hl=de&ref_topic=7257954; Privacy policy: https://policies.google.com/privacy; Further information: When collecting customer reviews, an identification number and the time for the business transaction to be evaluated are processed; for review requests sent directly to customers, the customer's email address and their country of residence as well as the review information itself are processed; Further information on the types of processing and the data processed: https ://privacy.google.com/businesses/adsservices; Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms. ProvenExpert: Rating platform; Service provider: Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.provenexpert.com/ de-de/; Data protection declaration: https://www.provenexpert. com/de-de/data protection regulations/. Trusted Shops (Trustedbadge): Rating platform - As part of the shared responsibility between us and Trusted Shops, if you have any data protection questions or to assert your rights, please contact Trusted Shops using the contact options provided in the data protection information. Regardless of this, you can always contact the responsible person of your choice. If necessary, your request will then be passed on to the other person responsible for an answer. The trust badge is provided by a US CDN provider (content delivery network). An appropriate level of data protection is ensured through standard data protection clauses and other contractual measures. When you access the trust badge, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and for error analysis. If you have given your consent, the trust badge accesses the order information stored in your end device (order total, order number, product purchased if applicable) as well as your e-mail address after the order has been completed and your e-mail address. Email address is hashed using a one-way cryptographic function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. This is to check whether you are already registered for Trusted Shops services. If this is the case, further processing will take place in accordance with the contractual agreement made between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the trust badge, you will then be given the opportunity to register manually for the use of the services or to complete the protection as part of your existing usage contract, if applicable For this purpose, after completing your order, the Trustbadge accesses the following information, which is stored in the device you use: order total, order number and email address. This is necessary so that we can offer you buyer protection. The data will only be transmitted to Trusted Shops if you actively decide to take out buyer protection by clicking on the corresponding button in the so-called Trustcard. If you decide to use the services, further processing will be based on the contractual agreement with Trusted Shops in accordance with Art If necessary, to be able to send review invitations via email afterwards.Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Article 6 (1) (f) GDPR for the purpose of ensuring trouble-free operation. Processing can take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA through standard data protection clauses and other contractual measures and in the case of Israel through an adequacy decision. ; Service provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.trustedshops.de< /a>; Data protection declaration: https://www.trustedshops.de/ imprint/#data protection. Trustpilot: rating platform; Service provider: Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://de.trustpilot.com< /a>; Data protection declaration: https://de .legal.trustpilot.com/end-user-privacy-terms.

Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently or invite reuse. We can also understand which areas require optimization. In addition to web analysis, we can also use testing procedures, for example to test and optimize different versions of our online offering or its components. Unless otherwise stated below, profiles, i.e. data summarized into a usage process, can be created for these purposes and information can be stored in a browser or in a device and read out from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information about times of use. If users have agreed to the collection of their location data to us or to the providers of the services we use, location data can also be processed. The users' IP addresses are also stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of web analysis, A/B testing and optimization, no clear user data (such as email addresses or names) is stored, but rather pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures. Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: remarketing; Reach measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Tracking (e.g. interest/behavioral profiling, use of cookies); Provision of our online offering and user-friendliness. Security measures: IP masking (pseudonymization of the IP address). Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Further information on processing processes, procedures and services: Google Analytics: web analysis, reach measurement and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform. google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://business .safety.google/adsprocessorterms; Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/ businesses/adsservices (types of processing and data processed). Google Universal Analytics: Reach measurement and web analysis - We use Universal Analytics, a version of Google Analytics, to carry out user analysis based on a pseudonymous user identification number. This identification number does not contain any plain data, such as names or email addresses. It is used to assign analysis information to a user, e.g. to identify which content users have accessed during a session or whether they access our online offering again. Here, pseudonymous user profiles are created with information from the use of various devices; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com< /a>; Terms and Conditions: https://business.safety.google/adsprocessorterms/ ; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://business .safety.google/adsprocessorterms; Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/ businesses/adsservices (types of processing and data processed). Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Analytics provides higher-level geolocation data by collecting the following metadata from IP lookup: City (and the city's derived latitude and longitude), Continent, Country, Region , “subcontinent” (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The user's IP address is not logged and is shortened by the last two digits by default. The shortening of the IP address takes place on EU servers for EU users. Additionally, all sensitive data collected from users in the EU will be deleted before it is collected across EU domains and servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform. google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/ ; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://business .safety.google/adsprocessorterms; Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/ businesses/adsservices (types of processing and data processed). Google Analytics in consent mode: In consent mode, users' personal data is processed by Google for measurement and advertising purposes, depending on the user's consent. Consent is obtained from users as part of our online services. If the user's consent is completely missing, the data will only be processed on an aggregated level (i.e. not assigned to individual users and summarized). If the consent only includes statistical measurement, no personal data of the user will be processed for the placement of advertisements or the measurement of advertising success (so-called "conversion"); Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://support .google.com/analytics/answer/9976101?hl=de. Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offering (refer to further information in this data protection declaration). The Tag Manager itself (which implements the tags) is therefore used, for example: For example, user profiles have not yet been created or cookies have been stored. Google only learns the user's IP address, which is necessary to run Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com< /a>; Privacy policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://business .safety.google/adsprocessorterms.

We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness. For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar processes are used, through which the user information relevant to the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information about times of use and functions used. If users have consented to the collection of their location data, this can also be processed. The users' IP addresses are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of the online marketing process, no clear user data (such as e-mail addresses or names) is stored, but rather pseudonyms. This means that we as well as the providers of the online marketing processes do not know the actual identity of the users, but only the information stored in their profiles. The information in the profiles is usually stored in cookies or using similar methods. These cookies can later generally also be read on other websites that use the same online marketing process, analyzed for the purposes of displaying content, and supplemented with further data and stored on the server of the online marketing process provider. Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing processes we use and the network connects the users' profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving consent during registration. We generally only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures. Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years. Types of data processed: content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Event data (Facebook) ("Event data" is data that can be transmitted by us to Facebook, for example via Facebook pixel (via apps or other ways) and relates to people or their actions; Zu The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of forming target groups for content and advertising information (custom audiences); Event Data does not include the actual content (such as written comments), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years target groups formed by them with the deletion of our Facebook account). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioral profiling, use of cookies); Conversion measurement (measuring the effectiveness of marketing measures); target group formation; Marketing; Profiles with user-related information (creating user profiles); Provision of our online offering and user-friendliness; Remarketing. Security measures: IP masking (pseudonymization of the IP address). Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Objection option (opt-out): We refer to the data protection information of the respective providers and the objection options specified for the providers (so-called "opt-out"). If no explicit opt-out option has been provided, you have the option of turning off cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices . c) USA: https://www.aboutads.info/choices . d) Cross-territorial: https://optout.aboutads.info. Further information on processing processes, procedures and services: Facebook pixel and target group formation (custom audiences): With the help of the Facebook pixel (or comparable functions, for transmitting event data or contact information using interfaces in apps), it is possible for Facebook to identify visitors to our online offering as Determine the target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to only show the Facebook ads we place to those users on Facebook and within the services of the partners that cooperate with Facebook (so-called “Audience Network” https://www.facebook.com/audiencenetwork/ ) which also have shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products, which are evident from the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion measurement”); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com< /a>; Data protection declaration: https://www.facebook.com/about /privacy; Further information: User event data, i.e. behavioral and interest information, is used for the purposes of targeted advertising and target group formation on the basis of the shared responsibility agreement ("Addendment for Controllers", https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses). Facebook advertisements: Placement of advertisements within the Facebook platform and evaluation of the ad results; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com< /a>; Data protection declaration: https://www.facebook.com/about /privacy; Option to object (opt-out): We refer to the data protection and advertising settings in the user profile on the Facebook platform as well as within the framework of Facebook's consent process and Facebook's contact options for exercising information and other data subject rights in Facebook's data protection declaration; Further information: User event data, i.e. behavioral and interest information, is used for the purposes of targeted advertising and target group formation on the basis of the shared responsibility agreement ("Addendment for Controllers", https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses). Google Ads and conversion measurement: Online marketing process for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users, who have a presumed interest in the advertisements. In addition, we measure the conversion of the ads, i.e. whether users took them as an opportunity to interact with the ads and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://marketingplatform.google.com< /a>; Privacy policy: https://policies.google.com/privacy; Further information: Types of processing and data processed: https: //privacy.google.com/businesses/adsservices; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business .safety.google/adscontrollerterms. Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology that allows users who use an online service to be included in a pseudonymous remarketing list so that users can be contacted based on their visit to the online service -Service advertisements can be displayed on other online offers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com< /a>; Privacy policy: https://policies.google.com/privacy; Further information: Types of processing and data processed: https: //privacy.google.com/businesses/adsservices; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business .safety.google/adscontrollerterms. Extended conversions for Google Ads: When customers click on our Google ads and then use the advertised service (so-called "conversion"), the data entered by the user, such as the email address, can be the name, home address or telephone number are transmitted to Google. The hash values are then compared with the users' existing Google accounts in order to better evaluate and improve the users' interaction with the ads (e.g. clicks or views) and thus their performance; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://support.google .com/google-ads/answer/9888656. Instagram advertisements: Placement of advertisements within the Instagram platform and evaluation of the ad results; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.instagram.com< /a>; Data protection declaration: https://instagram.com/about/legal /privacy; Option to object (opt-out): We refer to the data protection and advertising settings in the user's profile on the Instagram platform as well as within the framework of Instagram's consent process and Instagram's contact options for exercising information and other data subject rights in Instagram's data protection declaration; Further information: User event data, i.e. behavioral and interest information, is used for the purposes of targeted advertising and target group formation on the basis of the shared responsibility agreement ("Addendment for Controllers", https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses). Microsoft Advertising: Online marketing process for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a have a presumed interest in the advertisements. In addition, we measure the conversion of the ads, i.e. whether users took them as an opportunity to interact with the ads and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://about.ads.microsoft.com/ ; Data protection declaration: https://privacy.microsoft.com /de-de/privacystatement; Option to object (opt-out): https:/ /account.microsoft.com/privacy/ad-settings/; Further information: https://about.ads.microsoft.com/de-de/policies/legal-privacy-and-security.

We include functional and content elements in our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This can be, for example, graphics, videos or city maps (hereinafter referred to as “content”). The integration always requires that the third party providers of this content process the users' IP address, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the "pixel tags" Information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources. Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Location data (information about the geographical position of a device or person). Affected persons: users (e.g. website visitors, users of online services). Purposes of processing: Provision of our online offering and user-friendliness; Provision of contractual services and customer service; Profiles with user-related information (creating user profiles). Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the user and can process it for the purpose of transmitting the software to the user's browser as well as for security purposes and to evaluate and optimize their offer. - We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the user and can process it for the purpose of transmitting the software to the user's browser as well as for security purposes and to evaluate and optimize their offer; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Font Awesome (delivery on own server): Display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the Font Awesome provider; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Google Maps: We integrate the maps from the “Google Maps” service provided by Google. The data processed may include, in particular, IP addresses and location data of the users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/ ; Privacy policy: https://policies.google.com/privacy. Google Maps APIs and SDKs: Interfaces to Google's map and location services, e.g. B. allow the addition of address entries, location determinations, distance calculations or the provision of additional information about locations and other locations; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/ ; Privacy policy: https://policies.google.com/privacy. reCAPTCHA: We include the "reCAPTCHA" in order to be able to recognize whether entries (e.g. in online forms) are made by people and not by automatically acting machines (so-called "bots"). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes ( e.g. answering questions or selecting objects in pictures). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.google.com/recaptcha/ ; Privacy policy: https://policies.google.com/privacy; Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated. YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com< /a>; Privacy policy: https://policies.google.com/privacy; Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated. YouTube videos: video content; YouTube videos are sent via a special domain (recognizable by the “youtube-nocookie” component) in the so-called “extended data protection mode”. integrated, which means that no cookies are collected on user activities in order to personalize video playback. Nevertheless, information about the user's interaction with the video (e.g. remembering the last playback point) can be saved; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com< /a>; Privacy policy: https://policies.google.com/privacy. Vimeo: video content; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://vimeo.com; Data protection declaration: https://vimeo.com/privacy; Option to object (opt-out): We would like to point out that Vimeo can use Google Analytics and refer to the data protection declaration (https://policies.google.com/privacy) as well as the opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de ) or Google's settings for data use for marketing purposes (https://adssettings.google.com/).

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements. In this context, personal data can be processed and stored on the third-party servers. This may affect various data, which we process in accordance with this data protection declaration. This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content. If users are referred to third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party providers. Types of data processed: content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers). Affected persons: communication partner; Users (e.g. website visitors, users of online services). Purposes of processing: provision of contractual services and customer service; office and organizational procedures; Contact inquiries and communication; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.). Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures and services: calendly: Online appointment planning and appointment management; Service provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://calendly.com/de; Data protection declaration: https://calendly.com/pages/privacy; Order processing contract: https://calendly.com/dpa; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://calendly.com /dpa. ChatGPT: AI-based service designed to understand and generate natural language and associated inputs and data, analyze information and make predictions ("AI", i.e. "Artificial Intelligence", is to be understood in the applicable legal sense of the term); Service provider: OpenAI OpCo, LLC, 3180 18th St., San Francisco, CA 94110 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://openai.com/product; Privacy Policy: https://openai.com/policies/privacy -policy; Option to object (opt-out): https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZSOcIWzcUYUXQ1xttjBgDpA/viewform. Twilio: Cloud communications platform that can be used, for example, to programmatically make and receive calls, send and receive text messages, and perform other communications functions using the web service interfaces; Service Provider: Twilio Ireland Limited, 25 – 28 North Wall Quay, North Wall, Dublin 1, D01 H104, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.twilio.com< /a>; Privacy policy: https://www.twilio.com/legal /privacy; Order processing contract: https://www.twilio .com/legal/data-protection-addendum; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://www.twilio.com/legal/data-protection-addendum.

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification. If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.