Privacy Policy

If you have any questions or suggestions about this information, or if you wish to contact us about
asserting your rights, please send your request to:

Retraced GmbH
Kölner Straße 336a
40227 Düsseldorf, Germany

The term "personal data" under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the Federal Data Protection Act. Data processing by us only takes place on the basis of legal permission. We process personal data only with your consent (Section 25 para. 1 TTDSG or Art. 6 para. 1 lit. a GDPR), for the performance of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 para. 1. lit. b GDPR), for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or where processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 para. 1 lit. f GDPR).

If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding on the establishment of an employment relationship (§ 26 para. 1 s. 1 BDSG).

Unless stated otherwise in the following notes, we only store the data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, emailing, provision and support of IT systems, customer and order management, accounting and billing, marketing activities or file and disk destruction. A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, your house bank, tax consultancy/auditing firm or the tax authorities. Further recipients may result from the following information.

Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country shall only take place if appropriate safeguards pursuant to Article 46 of the GDPR are in place or if one of the conditions of Article 49 of the GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for transfers of personal data to third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at theaddress given under Contact.

If you consent to the transfer of personal data to third countries, the transfer is made on the legal basis of Art. 49 para. 1 lit. a GDPR.

If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence of this. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR.

These processing operations are based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information as to whether and, if so, to what extent we are processing personal data relating to you or not.
• You have the right to demand that we correct your data in accordance with Art. 16 GDPR.
• You have the right to demand that we delete your personal data in accordance with Art. 17 GDPR and § 35 BDSG.
• You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
• You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
• If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
• If you are of the opinion that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

In accordance with Article 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Article 6 para. 1 lit. e) or f) of the GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing pursuant to Article 21 para. 2 and 3 of the GDPR.

You can reach our data protection officer at the following contact details:

Herting Oberbeck
Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para 1 lit. f GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after seven days at the latest, unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 para. 2 of the GDPR unless you provide additional information that enables you to be identified in order to exercise your rights set out in these articles.

Our website contains contact forms that you can use to send us messages. The transfer of your data is encrypted (recognisable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your request.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. We process the data on the basis of our legitimate interest in initiating and carrying out contractual relationships with our customers and in contacting persons making enquiries.

You have the option of applying via our website in the Careers section. For this purpose, we collect personal data from you, including in particular your name, CV, letter of application and other content provided by you. For the selection of our applications, we use the service provider Greenhouse, Greenhouse Software, Inc. (USA), which is solely bound by instructions for us in accordance with the legal requirements for order processing.

If you send us your application via a job portal, your application documents are transferred to Greenhouse via the JOIN service of JOIN Solutions GmbH (Germany, EU). JOIN also acts on our behalf in accordance with the legal requirements for data processing on behalf. Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company.

All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to six months after the end of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

The legal basis for data processing is Section 26 para. 1 sent. 1 BDSG in conjunction with Article 6 para. 1 lit. b GDPR.

If we retain your applicant data for longer than six months and you have expressly consented to this,
we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7 para. 3 GDPR. Such a withdrawal does not affect the lawfulness of the processing that was carried out on the basis of the consent until the withdrawal.

We offer the possibility to register for our newsletter on our website. After registration, we will inform you regularly about the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and name on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect, for example via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation.

When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

We also analyze the reading behavior and opening rates of our newsletter. We evaluate the data generated during the delivery and retrieval of our emails in aggregated and anonymized form (delivery rate, opening rate, click rates, unsubscribe rate, bounce rate, visits, completions) in order to measure the use and success of the emails. The legal basis for the analysis of our newsletter is Art. 6 para. 1 lit. f GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the above-mentioned contact channels.

On the other hand, we also evaluate the data generated when you retrieve and use these e-mails (time of opening, hyperlinks clicked on, documents downloaded) as well as movement data on downstream websites on a personal basis in connection with your e-mail address in order to send you individualized information in the future on this basis as well, which take your interests and needs into account in the best possible way. We use the anonymous and personal data collected to provide you with personalized content and individualized information in our promotional e-mails and downstream websites. The legal basis for data processing in the context of e-mails is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future, for example via the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels.

For the administration of the subscriptions, the dispatch of the newsletter and the analysis, we use the service HubSpot, of HubSpot Germany GmbH (Germany, EU). Your email address is therefore transmitted by us to the service provider. We also cannot exclude the possibility that the service provider may also process personal data in third countries. If you do not want your data to be processed by this service provider, you should not register for the newsletter or unsubscribe from it. Please note the information in the section "Data transfer to third countries".

You can register for various webinars on our website. For this purpose, it is necessary to provide your personal data. The data is collected via an input mask on our website. All data fields marked as mandatory are required for participation in the webinar. Failure to provide this data will result in us being unable to consider you for participation in the webinar. The provision of further data is voluntary.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. We process your personal data based on our legitimate interest in the proper implementation of the webinars. The personal data is used to provide you with the recording of the webinar and, if applicable, further interesting content following the webinar.

The webinar will take place via Zoom. Zoom Video Communications, Inc. (USA) processes your personal registration and usage data on our behalf. Please note the information in the section "Data transfer to third countries". Further information on data processing by Zoom can be found at: https://explore.zoom.us/de/privacy/.

We use cookies and similar technologies ("cookies") on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser you are using and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies in principle or for specific cases through your browser settings.

The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special functions and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 para. 1 Telecommunications and Telemedia Data Protection Act (“TTDSG”) and, where applicable, Article 6 para lit. a GDPR. Information on the purposes, providers, technologies used, data stored and the storage period of individual cookies can be found in the cookie settings, which you can access at any time in the footer of our website.

This website uses the consent management tool Borlabs of Borlabs GmbH (Germany, EU) to control cookies and the processing of personal data. The consent banner enables users of our website to give their consent to certain data processing procedures or to revoke their consent. By confirming the "I accept" button or by saving individual
cookie settings, you consent to the use of the associated cookies.

The legal basis under data protection law is your consent within the meaning of Art. 6 para 1 lit. a GDPR. In addition, the banner helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration.

Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).

You can revoke your consent for cookies at any time via the Consent Management Tool, which can be accessed in the footer of our website.

a) Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Ireland, EU) on our website. Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website is processed.

Some of this data is information that is stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information that is already stored in your end device only takes place with your consent.

Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the use of the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 para. 1 lit. a GDPR. You can revoke this consent via our Consent Management Tool at any time with effect for the future.

The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's sub-processors maintain facilities. Please refer to the information in the section "Data transfer to third countries".

We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google's privacy policy at: www.google.com/policies/technologies/ads/.

We use the Google Analytics 4 variant, which allows us to track interaction data from different devices and from different sessions. This allows us to put individual user actions in context and analyze long-term relationships.

The data is stored for a period of 14 months and then automatically deleted. The deletion of data whose storage period has expired takes place automatically once a month.

a) Cloudflare
We use the Cloudflare service of Cloudflare Inc. (USA) on our website to display content. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Cloudflare. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Please note that this may result in functional restrictions on the website.

The processing of your data is based on Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the optimization and economic operation of our website.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". For further information on data protection at Cloudflare, please refer to Cloudflare's privacy policy at
https://www.cloudflare.com/privacypolicy/.

b) Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Ireland, EU) in our website contact forms. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google Ireland. Google Ireland also collects further data, e.g. about your browser and your click behavior. For security reasons, we use the service to check whether form entries are made by a natural person. In this way, automated access attempts and attacks can be detected and prevented. We are legally obliged to take appropriate technical and economic measures to ensure the security of our website.

Your data is processed based on Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 32 GDPR and § 19 para. 4 TTDSG.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Google can be found in Google's privacy policy at https://www.google.com/policies/privacy.

When you use our platform as a customer, we process your data that you provide to us as part of the service provision as described below.

In order to make use of our offer as a customer and to be able to use certain functions of the website, registration via the website is required. The required information can be seen in the registration input
mask. The provision of the information marked as mandatory is mandatory in order for you to be able to make use of our offer. The data provided will be processed for the purpose of providing the service and processing the contract.

You have the option of registering on our platform using single sign-on. For this purpose, we use the WorkOS service of WorkOS, Inc (USA). If you decide to register using single sign-on, WorkOS processes the personal data required for registration. The retraced customer, i.e. the company for which you are working, can determine which personal data should be required for registration and login.

The processing is based on the legal basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to establish and fulfil our service contract with our clients.

When using our platform, general information that your browser transmits to our server is stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 Art. 1 lit. f GDPR. This processing serves the technical administration, provision and security of the platform. The stored data will be deleted after one year unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 para. 2 of the GDPR unless you provide additional information that enables you to be identified in order to exercise your rights set out in these articles.

We use cookies and similar technologies ("cookies") on our platform. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies in principle or for specific cases through your browser settings.

The use of cookies is partly technically necessary for the operation of our platform and thus permissible without the consent of the user. In addition, we may use cookies to offer special functions and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 para. 1Telecommunications and Telemedia Data Protection Act (“TTDSG”) and, where applicable, Article 6 para. 1 lit. a GDPR.

a) Datadog
We use the DataDog service on our platform, a service of DataDog, Inc (USA). With the help of DataDog, we can monitor and analyse user behaviour on our platform. For this purpose, DataDog analyses the server log files generated on the platform. These contain, among other things, your IP address and information on user behavior. The log files are kept for a period of 90 days and then deleted.

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to monitor and analyze user behavior on our platform in order to continuously improve our product.

When using the service, a transfer of your data to the USA cannot be ruled out. Please also note the information in the section "Data transfer to third countries". Further information on data processing by DataDog can be found here: https://www.datadoghq.com/legal/privacy/.

a) Chat
We use the chat tool Intercom from the provider Intercom Inc (USA) on our platform. If you send us enquiries via chat, your details from the chat process, including the contact data you provided there, are stored with us for the purpose of processing the enquiry and in the event of follow-up questions. Our chat function stores the IP addresses with the location of the users who compose messages.

The legal basis for the use of this service is Art. 6 para. 1 lit. f GDPR. Alternatively, you can send us a message at any time via our contact email address. The use of the chat tool is therefore purely voluntary.

When using the service, a transfer of your data to the USA cannot be ruled out. Please also note the information in the section "Data transfer to third countries".

b) imgix CDN
We use the imgix service of Zebrafish Labs Inc. (USA) on our platform for the uniform display of images. When you call up a page, your browser loads the required images into its browser cache in order to display the images correctly. For this purpose, the browser you use must establish a connection to the servers of Zebrafish Labs Inc. This enables Zebrafish to know that our website has been accessed via your IP address.

Your data is processed on the basis of Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the optimization and economic operation of our platform. When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Zebrafish can be found in the Zebrafish data protection information at https://imgix.com/privacy.

c) Cloudflare
We use the Cloudflare service of Cloudflare Inc. (USA) on our platform to display content. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Cloudflare. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Please note that this may result in functional restrictions on the website.

The processing of your data is based on Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the optimization and economic operation of our website. When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". For further information on data protection at Cloudflare, please refer to Cloudflare's data protection information at https://www.cloudflare.com/privacypolicy/.

d) Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Ireland, EU) within our platform. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google Ireland. Google Ireland also collects further data, e.g. about your browser and your click behavior. For security reasons, we use the service to check whether form entries are made by a natural person. In this way, automated access attempts and attacks can be detected and prevented. We are legally obliged to take appropriate technical and economic measures to ensure the security of our platform.

Your data is processed based on Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 32 GDPR and § 19 para. 4 TTDSG. When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Google can be found in Google's privacy policy at https://www.google.com/policies/privacy.

We inform our customers of important changes and innovations to our platform by e-mail. This information serves the sole purpose of being able to guarantee the contractually owed service. The legal basis for sending these emails is Art. 6 para. 1 lit. f GDPR. The information is necessary for the performance of the contract.

We also analyze the reading behaviour and opening rates of these emails. The legal basis for the analysis of these emails is Art. 6 para. 1 lit. f GDPR and the processing serves our legitimate interest to know whether our customers have received the information. You can object to the analysis at any time by contacting one of the above-mentioned contact channels.

We use the service Simple Email Service (SES) of Amazon Web Services EMEA SARL (Luxembourg/EU) to manage subscribers, send and analyze these emails. When using the service, a transfer of your data to the USA cannot be ruled out. Please also note the information in the section "Data transfer to third countries".

In the context of the provision of services, it is also necessary for us to handle personal data as a processor within the meaning of Article 4 No. 8 of the GDPR, for which the client acts as a controller within the meaning of Article 4 No. 7 of the GDPR. An agreement on commissioned processing pursuant to Art. 28 GDPR specifies the rights and obligations of the parties under data protection law in connection with the contractor's handling of client data for the provision of services. We make this agreement available to our clients in the course of registration in our General Terms and Conditions. These can be accessed at any time on our website.

We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms :

• Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter "Meta".
• Instagram of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter "Meta".
• LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter "LinkedIn".
• XING of NEW WORK SE, (Germany, EU), hereinafter "XING".

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile in use also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.

When you visit our social media site, through which we present our company or individual products from our range, certain information about you is processed. The operators of the social media
platforms are solely responsible for this processing of personal data. Further information on the
processing of personal data can be found in their data protection declarations, which we link to
below:

• Meta Privacy Policy
  Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found here;
• LinkedIn Privacy Policy
• XING Privacy Policy

The operators of the social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, which help us gain insights into the types of actions that people take on our page (so-called "page insights"). These page insights are created on the basis of certain information about individuals who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 para. lit. f GDPR.

We cannot attribute the information obtained via page insights to individual user profiles interacting with our pages. We have entered into joint controller processing agreements with the operators of the social media platforms which set out the allocation of data protection obligations between us and the operators. For details about the processing of personal data to create page insights and the agreement entered into between us and the operators, please see the following links:

• Meta Personal Data Processing
• LinkedIn Personal Data Processing
• XING Personal Data Processing

You also have the option of asserting your rights against the operators. You can find more information
on this under the following links:

• Meta (Facebook): Asserting Your Rights
• LinkedIn: Asserting Your Rights
• XING Asserting Your Rights

We have agreed with Meta and LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message sent to us. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest to get in contact with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR).

If you send us a message via the contact email provided, we will process the data submitted for the purpose of responding to your enquiry. We process this data on the basis of our legitimate interest in contacting enquirers.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR.

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master, contract and payment data provided to us as well as contact and communication data of our contact persons at commercial customers and business partners.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the establishment and implementation of our service contracts.

We also process customer and interested party data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR and serves our interest in further developing our offer and informing you specifically about our offers.

Further data processing may take place if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR).

We may use the email address you provide at registration to contact you about our own similar products and services.

The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 7 para. 3 Act Against Unfair Competition. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to: