Privacy Policy

1. An overviewof data protection General information

The following information will provide youwith an easy to navigate overview of what will happen with your personal datawhen you visit this website. The term “personal data” comprises all data thatcan be used to personally identify you. For detailed information about thesubject matter of data protection, please consult our Data ProtectionDeclaration, which we have included beneath this copy.

Data recordingon this website
Who is the responsible party forthe recording of data on this website (i.e., the “controller”)?

The data on this website is processed by theoperator of the website, whose contact information is available under section“Information about the responsible party (referred to as the “controller” inthe GDPR)” in this Privacy Policy.

How do werecord your data?

We collect your data as a result of yoursharing of your data with us. This may, for instance be information you enterinto our contact form.

Other data shall be recorded by our ITsystems automatically or after you consent to its recording during your websitevisit. This data comprises primarily technical information (e.g., web browser,operating system, or time the site was accessed). This information is recordedautomatically when you access this website.

What are the purposeswe use your data for?

A portion of the information is generated toguarantee the error free provision of the website. Other data may be used toanalyze your user patterns. If contracts can be concluded or initiated via thewebsite, the transmitted data will also be processed for contract offers,orders or other order enquiries.

What rights doyou have as far as your information is concerned?

You have the right to receive informationabout the source, recipients, and purposes of your archived personal data atany time without having to pay a fee for such disclosures. You also have theright to demand that your data are rectified or eradicated. If you haveconsented to data processing, you have the option to revoke this consent at anytime, which shall affect all future data processing. Moreover, you have theright to demand that the processing of your data be restricted under certaincircumstances. Furthermore, you have the right to log a complaint with thecompetent supervising agency.

Please do not hesitate to contact us at anytime if you have questions about this or any other data protection relatedissues.

2. Hosting andContent Delivery Networks (CDN)

We are hosting the content of our website atthe following provider:

Webflow

The provider is the Webflow, Inc., 398 11thStreet, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as“Webflow”). When you visit our website, Webflow records various logfiles,including your IP address.

Webflow is a tool for the creation andhosting of websites. Webflow stores cookies or other recognition technologiesthat are required for the depiction of the site, for the provision of certainwebsite functions and to guarantee its security (necessary cookies).

For details, please consult the data privacypolicy of Webflow: https://webflow.com/legal/eu-privacy-policy.

We use Webflow on the basis of Art.6(1)(f)GDPR. We have a legitimate interest in ensuring that our website is depicted asreliable as possible. If appropriate consent has been obtained, the processingis carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 165 (3) TelecommunicationsAct 2021 (TKG 2021), insofar the consent includes the storage of cookies or theaccess to information in the user’s end device (e.g., device fingerprinting)within the meaning of the TKG 2021. This consent can be revoked at any time.

The transfer of data to the United States isbased on the standard contract clauses of the EU Commission. For details,please go to:
https://webflow.com/legal/eu-privacy-policy.

The company is certified in accordance withthe “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between theEuropean Union and the US, which is intended to ensure compliance with Europeandata protection standards for data processing in the US. Every companycertified under the DPF is obliged to comply with these data protectionstandards. For more information, please contact the provider under thefollowing link:
https://www.dataprivacyframework.gov/participant/6365.

Data processing

We have concluded a data processingagreement (DPA) for the use of the above-mentioned service. This is a contractmandated by data privacy laws that guarantees that they process personal dataof our website visitors only based on our instructions and in compliance withthe GDPR.

Cloudflare

We use the “Cloudflare” service provided byCloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafterreferred to as “Cloudflare”).

Cloudflare offers a content delivery networkwith DNS that is available worldwide. As a result, the information transferthat occurs between your browser and our website is technically routed viaCloudflare’s network. This enables Cloudflare to analyze data transactionsbetween your browser and our website and to work as a filter between ourservers and potentially malicious data traffic from the Internet. In thiscontext, Cloudflare may also use cookies or other technologies deployed torecognize Internet users, which shall, however, only be used for the hereindescribed purpose.

The use of Cloudflare is based on ourlegitimate interest in a provision of our website offerings that is as errorfree and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details andfurther information on security and data protection at Cloudflare can be foundhere:
https://www.cloudflare.com/privacypolicy/.

Data processing

3. Generalinformation and mandatory information Data protection

The operators of this website and its pagestake the protection of your personal data very seriously. Hence, we handle yourpersonal data as confidential information and in compliance with the statutorydata protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety ofpersonal information will be collected. Personal data comprises data that canbe used to personally identify you. This Data Protection Declaration explainswhich data we collect as well as the purposes we use this data for. It alsoexplains how, and for which purpose the information is collected.

We herewith advise you that the transmissionof data via the Internet (i.e., through e-mail communications) may be prone tosecurity gaps. It is not possible to completely protect data againstthird-party access.

Informationabout the responsible party (referred to as the “controller” in the GDPR)

The data processing controller on thiswebsite is:

pinyya GmbH

Lindenweg 24

2333 Leopoldsdorf

Austria

Phone: 0677 63 41 75 00

E-mail: office@pinyya.com

Storageduration

Unless a more specific storage period hasbeen specified in this privacy policy, your personal data will remain with usuntil the purpose for which it was collected no longer applies. If you assert ajustified request for deletion or revoke your consent to data processing, yourdata will be deleted, unless we have other legally permissible reasons forstoring your personal data (e.g., tax or commercial law retention periods); inthe latter case, the deletion will take place after these reasons cease toapply.

Generalinformation on the legal basis for the data processing on this website

If you have consented to data processing, weprocess your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a)GDPR, if special categories of data are processed according to Art. 9 (1)DSGVO. In the case of explicit consent to the transfer of personal data tothird countries, the data processing is also based on Art. 49 (1)(a) GDPR. Ifyou have consented to the storage of cookies or to the access to information inyour end device (e.g., via device fingerprinting), the data processing isadditionally based on § 165 (3) Telecommunications Act 2021 (TKG 2021). Theconsent can be revoked at any time. If your data is required for thefulfillment of a contract or for the implementation of pre-contractualmeasures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore,if your data is required for the fulfillment of a legal obligation, we processit on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may becarried out on the basis of our legitimate interest according to Art. 6(1)(f)GDPR. Information on the relevant legal basis in each individual case isprovided in the following paragraphs of this privacy policy.

Information onthe data transfer to third-party countries that are not secure under dataprotection law and the transfer to US companies that are not DPF-certified

We use, among other technologies, tools fromcompanies located in third-party countries that are not safe under dataprotection law, as well as US tools whose providers are not certified under theEU-US Data Privacy Framework (DPF). If these tools are enabled, your personaldata may be transferred to and processed in these countries. We would like youto note that no level of data protection comparable to that in the EU can beguaranteed in third countries that are insecure in terms of data protectionlaw.

We would like to point out that the US, as asecure third-party country, generally has a level of data protection comparableto that of the EU. Data transfer to the US is therefore permitted if therecipient is certified under the “EU-US Data Privacy Framework” (DPF) or hasappropriate additional assurances. Information on transfers to third-partycountries, including the data recipients, can be found in this Privacy Policy.

Recipients ofpersonal data

In the scope of our business activities, wecooperate with various external parties. In some cases, this also requires thetransfer of personal data to these external parties. We only disclose personaldata to external parties if this is required as part of the fulfillment of acontract, if we are legally obligated to do so (e.g., disclosure of data to taxauthorities), if we have a legitimate interest in the disclosure pursuant toArt. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of thisdata. When using processors, we only disclose personal data of our customers onthe basis of a valid contract on data processing. In the case of jointprocessing, a joint processing agreement is concluded.

Revocation ofyour consent to the processing of data

A wide range of data processing transactionsare possible only subject to your express consent. You can also revoke at anytime any consent you have already given us. This shall be without prejudice tothe lawfulness of any data collection that occurred prior to your revocation.

Right to objectto the collection of data in special cases; right to object to directadvertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THEBASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TOTHE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUESITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TODETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASECONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NOLONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TOPRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA,THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THEPROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS(OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED INORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THEPROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISINGAT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATEDWITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILLSUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTIONPURSUANT TO ART. 21(2) GDPR).

Right to log acomplaint with the competent supervisory agency

In the event of violations of the GDPR, datasubjects are entitled to log a complaint with a supervisory agency, inparticular in the member state where they usually maintain their domicile,place of work or at the place where the alleged violation occurred. The rightto log a complaint is in effect regardless of any other administrative or courtproceedings available as legal recourses.

Right to dataportability

You have the right to have data that weprocess automatically on the basis of your consent or in fulfillment of acontract handed over to you or to a third party in a common, machine-readableformat. If you should demand the direct transfer of the data to anothercontroller, this will be done only if it is technically feasible.

Information about,rectification and eradication of data

Within the scope of the applicable statutoryprovisions, you have the right to demand information about your archivedpersonal data, their source and recipients as well as the purpose of theprocessing of your data at any time. You may also have a right to have yourdata rectified or eradicated. If you have questions about this subject matteror any other questions about personal data, please do not hesitate to contactus at any time.

Right to demandprocessing restrictions

You have the right to demand the impositionof restrictions as far as the processing of your personal data is concerned. Todo so, you may contact us at any time. The right to demand restriction ofprocessing applies in the following cases:

In the event that you should dispute thecorrectness of your data archived by us, we will usually need some time toverify this claim. During the time that this investigation is ongoing, you havethe right to demand that we restrict the processing of your personal data.
If the processing of yourpersonal data was/is conducted in an unlawful manner, you have the option todemand the restriction of the processing of your data instead of demanding theeradication of this data.
If we do not need your personaldata any longer and you need it to exercise, defend or claim legalentitlements, you have the right to demand the restriction of the processing ofyour personal data instead of its eradication.

If you have raised an objection pursuant toArt. 21(1) GDPR, your rights and our rights will have to be weighed againsteach other. As long as it has not been determined whose interests prevail, youhave the right to demand a restriction of the processing of your personal data.

If you have restricted the processing ofyour personal data, these data – with the exception of their archiving – may beprocessed only subject to your consent or to claim, exercise or defend legalentitlements or to
protect the rights of othernatural persons or legal entities or for important public interest reasonscited by the European Union or a member state of the EU.

SSL and/or TLSencryption

For security reasons and to protect thetransmission of confidential content, such as purchase orders or inquiries yousubmit to us as the website operator, this website uses either an SSL or a TLSencryption program. You can recognize an encrypted connection by checkingwhether the address line of the browser switches from “http://” to“https://” and also by the appearance of the lockicon in the browser line.

If the SSL or TLS encryption is activated,data you transmit to us cannot be read by third parties.

Rejection ofunsolicited e-mails

We herewith object to the use of contactinformation published in conjunction with the mandatory information to beprovided in our Site Notice to send us promotional and information materialthat we have not expressly requested. The operators of this website and itspages reserve the express right to take legal action in the event of theunsolicited sending of promotional information, for instance via SPAM messages.

4. Recording ofdata on this website Cookies

Our websites and pages use what the industryrefers to as “cookies.” Cookies are small data packages that do not cause anydamage to your device. They are either stored temporarily for the duration of asession (session cookies) or they are permanently archived on your device(permanent cookies). Session cookies are automatically deleted once youterminate your visit. Permanent cookies remain archived on your device untilyou actively delete them, or they are automatically eradicated by your webbrowser.

Cookies can be issued by us (first-partycookies) or by third-party companies (so-called third-party cookies).Third-party cookies enable the integration of certain services of third-partycompanies into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Manycookies are technically essential since certain website functions would notwork in the absence of these cookies (e.g., the shopping cart function or thedisplay of videos). Other cookies may be used to analyze user behavior or forpromotional purposes.

Cookies, which are required for theperformance of electronic communication transactions, for the provision ofcertain functions you want to use (e.g., for the shopping cart function) orthose that are necessary for the optimization (required cookies) of the website(e.g., cookies that provide measurable insights into the web audience), shallbe stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis iscited. The operator of the website has a legitimate interest in the storage ofrequired cookies to ensure the technically error-free and optimized provisionof the operator’s services. If your consent to the storage of the cookies andsimilar recognition technologies has been requested, the processing occursexclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021)); this consent may be revoked at anytime.

You have the option to set up your browserin such a manner that you will be notified any time cookies are placed and topermit the acceptance of cookies only in specific cases. You may also excludethe acceptance of cookies in certain cases or in general or activate thedelete-function for the automatic eradication of cookies when the browsercloses. If cookies are deactivated, the functions of this website may belimited.

Which cookies and services are used on thiswebsite can be found in this privacy policy.

CookieYes

Our website uses CookieYes to obtain yourconsent to the storage of certain cookies on your device or to use certaintechnologies and document them in a privacy-compliant manner. The provider ofthis technology is CookieYesLimited of 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW,United Kingdom (hereinafter “CookieYes”).

When you enter our website, a connection toCookieYes's servers is established to obtain your consent and other statementsregarding cookie use. CookieYes then stores a cookie in your browser in orderto be able to assign the consents granted to you or their revocation. In thisprocess, the IP address (anonymized), the user agent of the browser andoperating system, as well as the URL from which the consent was granted, areprocessed and integrated into CookieYes. The data collected in this way isstored until you request us to delete it, delete the CookieYes cookie yourselfor the purpose for storing the data no longer applies. Mandatory statutoryretention obligations remain unaffected.

We use CookieYes to obtain the consentrequired by law for the use of cookies from site visitors. The legal basis forthis is Art. 6(1)(1)(c) GDPR.

Data processing

Server logfiles

The provider of this website and its pagesautomatically collects and stores information in so-called server log files,which your browser communicates to us automatically. The information comprises:

· The type and version of browser used

· The used operating system

· Referrer URL

· The hostname of the accessing computer

· The time of the server inquiry

· The IP address

This data is not merged with other datasources.

This data is recorded on the basis of Art.6(1)(f) GDPR. The operator of the website has a legitimate interest in thetechnically error free depiction and the optimization of the operator’swebsite. In order to achieve this, server log files must be recorded.

Contact form

If you submit inquiries to us via ourcontact form, the information provided in the contact form as well as anycontact information provided therein will be stored by us in order to handleyour inquiry and in the event that we have further questions. We will not sharethis information without your consent.

The processing of these data is based onArt. 6(1)(b) GDPR, if your request is related to the execution of a contract orif it is necessary to carry out pre-contractual measures. In all other casesthe processing is based on our legitimate interest in the effective processingof the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art.6(1)(a) GDPR) if this has been requested; the consent can be revoked at anytime.

The information you have entered into thecontact form shall remain with us until you ask us to eradicate the data,revoke your consent to the archiving of data or if the purpose for which theinformation is being archived no longer exists (e.g., after we have concludedour response to your inquiry). This shall be without prejudice to any mandatorylegal provisions, in particular retention periods.

Request bye-mail, telephone, or fax

If you contact us by e-mail, telephone orfax, your request, including all resulting personal data (name, request) willbe stored and processed by us for the purpose of processing your request. We donot pass these data on without your consent.

These data are processed on the basis ofArt. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contractor is required for the performance of pre-contractual measures. In all othercases, the data are processed on the basis of our legitimate interest in theeffective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on thebasis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consentcan be revoked at any time.

The data sent by you to us via contactrequests remain with us until you request us to delete, revoke your consent tothe storage or the purpose for the data storage lapses (e.g. after completionof your request). Mandatory statutory provisions - in particular statutoryretention periods - remain unaffected.

Brevo Chat

To process user requests via chat, we useBrevo Chat (hereinafter: “Brevo Chat”). The provider is Sendinblue GmbH,Köpenicker Straße 126, 10179 Berlin, Germany.

When using Brevo Chat, cookies, and otherrecognition technologies (e.g., IDs) are used. This enables us to recognize youon your next visit and to assign your previous chat history to you.

Messages that are sent to us remain with usuntil you request us to delete them or the purpose for storing the data nolonger applies (e.g., after we have completed processing your request).Mandatory legal provisions - in particular legal retention periods - remainunaffected.

The use of Brevo Chat is based on Art. 6(1)(f) GDPR. We have a legitimate interest in processing your requests asquickly, reliably, and efficiently as possible. Insofar as a correspondingconsent has been requested, the processing is carried out exclusively on thebasis of Art. 6 (1)(a) GDPR and § 165 (3) Telecommunications Act 2021 (TKG2021), insofar as the consent includes the storage of cookies or access toinformation in the user's terminal device (e.g., for device fingerprinting)within the meaning of the TKG 2021. The consent can be revoked at any time.

For more information, please refer toBrevo’s Data Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/.

Data processing

Brevo CRM

We use Brevo CRM on this website. Provideris is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany(hereinafter “Brevo CRM”).

Brevo CRM enables us, in particular, tomanage existing and potential customers and customer contacts and to organizesales and communication processes. Using the CRM system also enables us toanalyze and optimize our customer-related processes. The customer data isstored on Brevo CRM's servers.

The use of Brevo CRM is based on Art.6(1)(f) GDPR. The website operator has a legitimate interest the most efficientcustomer management and customer communication. If appropriate consent has beenobtained, the processing is carried out exclusively on the basis of Art.6(1)(a) GDPR and § 165 (3) Telecommunications Act 2021 (TKG 2021), insofar theconsent includes the storage of cookies or the access to information in theuser’s end device (e.g., device fingerprinting) within the meaning of the TKG2021. This consent can be revoked at any time.

The data transfer to third countries outsidethe European Union is based on the standard contractual clauses of the EUCommission.

Details can be found in the Brevo CRMprivacy policy: https://www.brevo.com/de/legal/privacypolicy/.

Data processing

We have concluded a data processing agreement (DPA) for the use of theabove-mentioned service. This is a contract mandated by data privacy laws thatguarantees that they process personal data of our websitevisitors only based on our instructions and in compliance with the GDPR.

5. Analysistools and advertising Google Tag Manager

We use the Google Tag Manager. The provideris Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allowsus to integrate tracking or statistical tools and other technologies on ourwebsite. The Google Tag Manager itself does not create any user profiles, doesnot store cookies, and does not carry out any independent analyses. It onlymanages and runs the tools integrated via it. However, the Google Tag Managerdoes collect your IP address, which may also be transferred to Google’s parentcompany in the United States.

The Google Tag Manager is used on the basis ofArt. 6(1)(f) GDPR. The website operator has a legitimate interest in the quickand uncomplicated integration and administration of various tools on hiswebsite. If appropriate consent has been obtained, the processing is carriedout exclusively on the basis of Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021), insofar the consent includes thestorage of cookies or the access to information in the user’s end device (e.g.,device fingerprinting) within the meaning of the TKG 2021. This consent can berevoked at any time.

GoogleAnalytics

This website uses functions of the webanalysis service Google Analytics. The provider of this service is Google IrelandLimited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the websiteoperator to analyze the behavior patterns of website visitors. To that end, thewebsite operator receives a variety of user data, such as pages accessed, timespent on the page, the utilized operating system and the user’s origin. Thisdata is summarized in a user-ID and assigned to the respective end device ofthe website visitor.

Furthermore, Google Analytics allows us torecord your mouse and scroll movements and clicks, among other things. GoogleAnalytics uses various modeling approaches to augment the collected data setsand uses machine learning technologies in data analysis.

Google Analytics uses technologies that makethe recognition of the user for the purpose of analyzing the user behaviorpatterns (e.g., cookies or device fingerprinting). The website use informationrecorded by Google is, as a rule transferred to a Google server in the UnitedStates, where it is stored.

The use of these services occurs on thebasis of your consent pursuant to Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details can befound here: https://business.safety.google/adscontrollerterms/sccs/.

IPanonymization

Google Analytics IP anonymization is active.As a result, your IP address will be abbreviated by Google within the member statesof the European Union or in other states that have ratified the Convention onthe European Economic Area prior to its transmission to the United States. Thefull IP address will be transmitted to one of Google’s servers in the UnitedStates and abbreviated there only in exceptional cases. On behalf of theoperator of this website, Google shall use this information to analyze your useof this website to generate reports on website activities and to render otherservices to the operator of this website that are related to the use of thewebsite and the Internet. The IP address transmitted in conjunction with GoogleAnalytics from your browser shall not be merged with other data in Google’spossession.

Browser plug-in

You can prevent the recording and processingof your data by Google by downloading and installing the browser pluginavailable under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling ofuser data by Google Analytics, please consult Google’s Data Privacy Declarationat:
https://support.google.com/analytics/answer/6004245?hl=en.

Contract dataprocessing

We have executed a contract data processingagreement with Google and are implementing the stringent provisions of the Austriandata protection agency to the fullest when using Google Analytics.

MicrosoftAdvertising

The website operator uses MicrosoftAdvertising. Microsoft Advertising is an online advertising program ofMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising enables us to displayadvertisements in the Bing search engine or on third-party websites when theuser enters certain search terms into Bing (keyword targeting). Furthermore,targeted advertisements can be displayed based on the user data available atMicrosoft (e.g., location data and interests) (target group targeting). As thewebsite operator, we can evaluate this data quantitatively by analyzing, forexample, which search terms led to the display of our advertisements and how manyadvertisements led to the corresponding clicks.

We use universal event tracking (UET) fromMicrosoft Advertising on this site. Pseudonymized data is collected to trackthe actions you take on our websites after you have clicked on an advertisementof Microsoft Advertising. UET collects your IP address (anonymized), deviceidentifiers, information about device and browser settings, Microsoft Click ID(stored in cookie), time spent on the website, which areas of the website wereaccessed, which advertisement brought you to the website and which keyword youclicked on.

The use of this service is based on yourconsent in accordance with Art. 6 (1)(a) GDPR and § 165 (3) TelecommunicationsAct 2021 (TKG 2021). Consent can be revoked at any time.

Data transfer to the US is based on thestandard contractual clauses of the EU Commission. You can find details here:
https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

Data processing

Hotjar

This website utilizes Hotjar. The provideris Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, StJulians STJ 1000, Malta, Europe (website:
https://www.hotjar.com).

Hotjar is a tool used to analyze your userpatterns on this website. Hotjar allows us to for instance record your mouseand scroll movements as well as your click. During this process, Hotjar alsohas the capability to determine how long your cursor remained in a certainposition. Based on this information, Hotjar compiles so-called Heatmaps, thatmake possible to determine which parts of the website the website visitorreviews with preference.

We are also able to determine how long youhave stayed on a page of this website and when you left. We can also determineat which point you suspended making entries into a contact form (so-calledconversion funnels).

Furthermore, Hotjar can be deployed toobtain direct feedback from website visitors. This function aims at theimprovement of the website offerings of the website operator.

Hotjar uses technologies that make itpossible to recognize the user for the purpose of analyzing the user patterns(e.g., cookies or the deployment of device fingerprinting).

If your approval (consent) has been obtainedthe use of the abovementioned service shall occur on the basis of Art. 6(1)(a)GDPR and § 165 Telecommunications Act 2021 (TKG 2021)). Such consent may berevoked at any time. If your consent was not obtained, the use of the servicewill occur on the basis of Art. 6(1)(f) GDPR; the website operator has alegitimate interest in the analysis of user patterns to optimize both, the webpresentation and the operator’s advertising activities.

Deactivation ofHotjar

If you would like to deactivate therecording of data by Hotjar, please click on the link below and follow theinstructions provided under the link:
https://www.hotjar.com/policies/do-not-track/.

Please keep in mind that you will have toseparately deactivate Hotjar for every browser and every device.

For more detailed information about Hotjarand the data to be recorded, please consult the Data Privacy Declaration ofHotjar under the following link:

https://www.hotjar.com/privacy.

Data processing

Google Ads

The website operator uses Google Ads. GoogleAds is an online promotional program of Google Ireland Limited (“Google”),Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in theGoogle search engine or on third-party websites, if the user enters certainsearch terms into Google (keyword targeting). It is also possible to placetargeted ads based on the user data Google has in its possession (e.g.,location data and interests; target group targeting). As the website operator,we can analyze these data quantitatively, for instance by analyzing whichsearch terms resulted in the display of our ads and how many ads led torespective clicks.

The use of these services occurs on thebasis of your consent pursuant to Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details can befound here:
https://policies.google.com/privacy/frameworks andhttps://business.safety.google/controllerterms/.

Google AdsRemarketing

This website uses the functions of GoogleAds Remarketing. The provider of these solutions is Google Ireland Limited(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assignpeople who interact with our online offering to specific target groups in orderto subsequently display interest-based advertising to them in the Googleadvertising network (remarketing or retargeting).

Moreover, it is possible to link theadvertising target groups generated with Google Ads Remarketing to deviceencompassing functions of Google. This makes it possible to displayinterest-based customized advertising messages, depending on your prior usageand browsing patterns on a device (e.g., cell phone) in a manner tailored toyou as well as on any of your devices (e.g., tablet or PC).

If you have a Google account, you have theoption to object to personalized advertising under the following link:
https://adssettings.google.com/anonymous?hl=de.

The use of these services occurs on thebasis of your consent pursuant to Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

For further information and the pertinentdata protection regulations, please consult the Data Privacy Policies of Googleat:
https://policies.google.com/technologies/ads?hl=en.

GoogleConversion-Tracking

This website uses Google ConversionTracking. The provider of this service is Google Ireland Limited (“Google”),Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google ConversionTracking, we are in a position to recognize whether the user has completedcertain actions. For instance, we can analyze the how frequently which buttonson our website have been clicked and which products are reviewed or purchasedwith particular frequency. The purpose of this information is to compileconversion statistics. We learn how many users have clicked on our ads andwhich actions they have completed. We do not receive any information that wouldallow us to personally identify the users. Google as such uses cookies orcomparable recognition technologies for identification purposes.

The use of these services occurs on thebasis of your consent pursuant to Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

For more information about Google ConversionTracking, please review Google’s data protection policy at:

https://policies.google.com/privacy?hl=en

Meta Pixel(formerly Facebook Pixel)

To measure conversion rates, this websiteuses the visitor activity pixel of Meta. The provider of this service is MetaPlatforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Accordingto Meta’s statement the collected data will be transferred to the USA and otherthird-party countries too.

This tool allows the tracking of pagevisitors after they have been linked to the website of the provider afterclicking on a Meta ad. This makes it possible to analyze the effectiveness ofMeta ads for statistical and market research purposes and to optimize futureadvertising campaigns.

For us as the operators of this website, thecollected data is anonymous. We are not in a position to arrive at anyconclusions as to the identity of users. However, Meta archives the informationand processes it, so that it is possible to make a connection to the respectiveuser profile on Facebook or Instagram and Meta is in a position to use the datafor its own promotional purposes in compliance with the Meta Data Usage Policy( https://www.facebook.com/about/privacy/).This enables Meta to display ads on Facebook or Instagram and other advertisingchannels. We as the operator of this website have no control over the use ofsuch data.

The use of these services occurs on thebasis of your consent pursuant to Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

Insofar as personal data is collected on ourwebsite with the help of the tool described here and forwarded to Meta, we andMeta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour,Dublin 2, Ireland are jointly responsible for this data processing (Art. 26DSGVO). The joint responsibility is limited exclusively to the collection ofthe data and its forwarding to Meta. The processing by Meta that takes placeafter the onward transfer is not part of the joint responsibility. Theobligations incumbent on us have been jointly set out in a joint processingagreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum.According to this agreement, we are responsible for providing the privacyinformation when using the Meta tool and for the privacy-secure implementationof the tool on our website. Meta is responsible for the data security of Metaproducts. You can assert data subject rights (e.g., requests for information)regarding data processed by Facebook or Instagram directly with Meta. If youassert the data subject rights with us, we are obliged to forward them to Meta.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details can befound here: https://www.facebook.com/legal/EU_data_transfer_addendum andhttps://de-de.facebook.com/help/566994660333381.

In Meta’s Data Privacy Policies, you will findadditional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.

You also have the option to deactivate theremarketing function “Custom Audiences” in the ad settings section under
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. Todo this, you first have to log into Facebook.

If you do not have a Facebook or Instagramaccount, you can deactivate any user-based advertising by Meta on the websiteof the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Meta ConversionAPI

We have integrated the Meta Conversion APIinto this website. The provider of this service is Meta Platforms IrelandLimited, 4 Grand Canal Square, Dublin 2, Ireland. However, based on theinformation provided by Meta, the recorded data is also transmitted to theUnited States and other Non-EU and Non- EEZ countries.

Meta Conversion API enables us to record theinteractions of our website visitors with our website and to share thisinformation with Meta to improve the promotional performance with Facebook andInstagram.

To do this, in particular the time youaccessed the site, the website you accessed, your IP address and your useragent, as well as, if applicable, other specific data (e.g., purchasedproducts, value of the shopping cart and currency) are tracked. For a completeoverview of the tracked data, please visit: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service occurs on the basisof your consent pursuant to Art. 6 Sect. 1 lit. a GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

If personal data is collected on our websitewith the assistance of the tool described herein and if it is shared with Meta,we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand CanalHarbour, Dublin 2, Ireland shall be jointly responsible for the processing ofyour data, i.e., we are the data controllers (Art. 26 GDPR). This sharedresponsibility is limited exclusively to the recording of your data and itssharing with Meta. The processing that occurs after the data has been sharedwith Meta is not part of this shared responsibility. The obligations we shareresponsibility for have been documented in an agreement on joint processing.The concrete wording of this agreement can be found at: https://www.facebook.com/legal/controller_addendum.According to this agreement, we are responsible for the provision of the dataprotection information when using the Meta tool and for the data protection lawcompliant secure implementation of the tool on our website. Meta is liable forthe data security of Meta products. You may request information on your rightsas a data subject (e.g., request for information) related to the data processedby Facebook or Instagram directly from Meta. If you claim any data subjectrights with us, we are required to forward your request to Meta.

The transfer of data to the United States isbased on the standard contract clauses of the EU commission. For details pleasevisit:
https://www.facebook.com/legal/EU_data_transfer_addendum andhttps://de-de.facebook.com/help/566994660333381.

In Meta’s data privacy policy, you will findadditional information pertaining to the protection of your privacy:
https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketingfunction ‘Custom Audiences’ in the settings for adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. Todo this, you must be logged in to Facebook.

If you do not have a Facebook account withFacebook or Instagram, you can deactivate usage-based advertising from Meta onthe website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Data processing

Meta CustomAudiences

We use Meta Custom Audiences. The providerof this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin2, Ireland.

Whenever you visit or use our website andapps, utilize our portfolio (e.g., participation in sweepstakes), transfer datato us or interact with the Facebook or Instagram content of our company, werecord related personal data. In the event that you have given us your consentto the use of Meta Custom Audiences, we will share these data with Meta to putMeta in a position to send you compatible ads. These data may also be used todefined target audiences (Lookalike Audiences).

Meta processes these data as our contractprocessor. For details, please consult the user agreement of Meta: https://www.facebook.com/legal/terms/customaudience.

The use of these services occurs on thebasis of your consent pursuant to Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021). You may revoke your consent at anytime.

The transfer of date to the USA is based onthe standard contract clauses of the EU Commission. For details please see:
https://www.facebook.com/legal/terms/customaudience andhttps://www.facebook.com/legal/terms/dataprocessing.

TikTok Pixel

We have integrated TikTok pixel on this website.The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02T380, Ireland (hereinafter TikTok).

Withthe help of TikTok Pixel, we can display interest-based advertisements onTikTok to website visitors who have viewed our offers (TikTok Ads). At the sametime, TikTok Pixel allows us to determine how effective our advertising is onTikTok. This allows us to evaluate the effectiveness of the TikTok Ads forstatistical and market research purposes and to optimize them for future advertisingefforts. For this purpose, various usage data are processed, such as IPaddress, page views, time spent, operating system used and origin of the user,information about the ad on which a person clicked on TikTok or an event thatwas triggered (timestamp). This data is summarized in a user ID and assigned tothe respective end device of the website visitor.

The use of this tool is based on Art.6(1)(a) GDPR and § 165 (3) Telecommunications Act 2021 (TKG 2021). This consentcan be revoked at any time.

Data transfer to third-party countries isbased on the standard contractual clauses of the EU Commission. Details can befound here:
https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE andhttps://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Data processing

LinkedInInsight Tag

This website uses the Insight tag fromLinkedIn. This service is provided by LinkedIn Ireland Unlimited Company,Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processingby LinkedIn Insight tag

We use the LinkedIn Insight tag to obtaininformation about visitors to our website. Once a website visitor is registeredwith LinkedIn, we can analyze the key occupational data (e.g., career level,company size, country, location, industry, job title) of our website visitorsto help us better target our site to the relevant audience. We can also useLinkedIn Insight tags to measure whether visitors to our websites make apurchase or perform other actions (conversion measurement). Conversionmeasurement can also be carried out across devices (e.g. from PC to tablet).LinkedIn Insight Tag also features a retargeting function that allows us todisplay targeted advertising to visitors to our website outside of the website.According to LinkedIn, no identification of the advertising addressee takesplace.

LinkedIn itself also collects log files(URL, referrer URL, IP address, device and browser characteristics and time ofaccess). The IP addresses are shortened or (if they are used to reach LinkedInmembers across devices) hashed (pseudonymized). The direct identifiers ofLinkedIn members are deleted by LinkedIn after seven days. The remainingpseudonymized data will then be deleted within 180 days.

The data collected by LinkedIn cannot beassigned by us as a website operator to specific individuals. LinkedIn willstore the personal data collected from website visitors on its servers in theUSA and use it for its own promotional activities. For details, please seeLinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

If your approval (consent) has been obtainedthe use of the abovementioned service shall occur on the basis of Art. 6(1)(a)GDPR and § 165 Telecommunications Act 2021 (TKG 2021). Such consent may berevoked at any time. If your consent was not obtained, the use of the servicewill occur on the basis of Art. 6(1)(f) GDPR; the website operator has alegitimate interest in effective advertising promotions that include theutilization of social media.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details can befound here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.

Objection tothe use of LinkedIn Insight Tag

You can object to LinkedIn’s analysis ofuser behavior and targeted advertising at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In addition, LinkedIn members can controlthe use of their personal information for promotional purposes in the accountsettings. To prevent LinkedIn from linking information collected on our site toyour LinkedIn account, you must log out of your LinkedIn account before youvisit our site.

Data processing

Pinterest-Tag

We have integrated Pinterest-Tag into thiswebsite. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor,Fenian Street, Dublin 2, Ireland.

The purpose of Pinterest-Tag is to recordcertain actions you perform on our website. Subsequently, the data can be usedto display promotions to you that meet your interests on our website or onanother Pinterest-Tag website.

For this purpose, Pinterest-Tag records,among other things, a Tag ID, your location, and the referrer URL. Furthermore,action specific data, such as the order value, ordered quantity, order number,the category of the purchased item and video views may be recorded.

Pinterest-Tag uses technologies that makethe recognition of the user across sites possible, so that the user patternscan be analyzed (e.g., cookies or device fingerprinting).

If your approval (consent) has been obtainedthe use of the abovementioned service shall occur on the basis of Art. 6(1)(a)GDPR and § 165 Telecommunications Act 2021 (TKG 2021). Such consent may berevoked at any time. If your consent was not obtained, the use of the servicewill occur on the basis of Art. 6(1)(f) GDPR; the website operator has alegitimate interest in ensuring the maximum effectiveness of the operator’smarketing activities.

Pinterest is an enterprise that doesbusiness around the globe, so that data may also be transmitted into the UnitedStates. Based on Pinterest’s statements, this data transmission is based on thestandard contractual clauses of the EU Commissions. For details please visit:
https://policy.pinterest.com/de/privacy-policy.

For more Pinterest-Tag information pleasevisit: https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

Data processing

6. Newsletter Newsletter data

If you would like to receive the newsletteroffered on the website, we require an e-mail address from you as well asinformation that allows us to verify that you are the owner of the e-mailaddress provided and that you agree to receive the newsletter. Further data isnot collected or only on a voluntary basis. For the handling of the newsletter,we use newsletter service providers, which are described below.

Brevo

This website uses Brevo for the sending ofnewsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179Berlin, Germany.

Brevo services can, among other things, beused to organize and analyze the sending of newsletters. The data you enter forthe purpose of subscribing to the newsletter are archived on servers ofSendinblue GmbH in Germany.

Data analysisby Brevo

Brevo enables us to analyze our newslettercampaigns. For instance, it allows us to see whether a newsletter message hasbeen opened and, if so, which links may have been clicked. This enables us todetermine, which links drew an extraordinary number of clicks.

Moreover, we are also able to see whetheronce the e-mail was opened or a link was clicked, any previously definedactions were taken (conversion rate). This allows us to determine whether youhave made a purchase after clicking on the newsletter.

Brevo also enables us to divide thesubscribers to our newsletter into various categories (i.e., to “cluster”recipients). For instance, newsletter recipients can be categorized based onage, gender, or place of residence. This enables us to tailor our newslettermore effectively to the needs of the respective target groups.

If you do not want to permit an analysis byBrevo, you must unsubscribe from the newsletter. We provide a link for you todo this in every newsletter message. Moreover, you can also unsubscribe fromthe newsletter right on the website.

For detailed information on the functions ofBrevo please follow this link: https://www.brevo.com/de/newsletter-software/.

Legal basis

The data is processed based on your consent(Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time byunsubscribing from the newsletter. This shall be without prejudice to thelawfulness of any data processing transactions that have taken place prior toyour revocation.

Storage period

The data deposited with us for the purposeof subscribing to the newsletter will be stored by us until you unsubscribefrom the newsletter or the newsletter service provider and deleted from thenewsletter distribution list after you unsubscribe from the newsletter. Datastored for other purposes with us remain unaffected.

After you unsubscribe from the newsletterdistribution list, your e-mail address may be stored by us or the newsletterservice provider in a blacklist, if such action is necessary to prevent futuremailings. The data from the blacklist is used only for this purpose and notmerged with other data. This serves both your interest and our interest incomplying with the legal requirements when sending newsletters (legitimateinterest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklistis indefinite. You may object to the storage if your interests outweigh ourlegitimate interest.

For more details, please consult the DataProtection Regulations of Brevo at: https://www.brevo.com/de/datenschutz-uebersicht/ andhttps://www.brevo.com/de/legal/privacypolicy/.

Data processing

We have concluded a data processingagreement (DPA) for the use of the above-mentioned service. This is a contract mandatedby data privacy laws that guarantees that they process personal data of ourwebsite visitors only based on our instructions and in compliance with theGDPR.

7. Plug-ins and Tools
‍

YouTube with expanded dataprotection integration

This website integrates videos from theYouTube website. The operator of the website is Google Ireland Limited(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites onwhich YouTube is integrated, a connection to the YouTube servers isestablished. This tells the YouTube server which of our pages you have visited.If you are logged into your YouTube account, you enable YouTube to assign yoursurfing behavior directly to your personal profile. You can prevent this bylogging out of your YouTube account.

We use YouTube in extended data protectionmode. According to YouTube, videos that are played in extended data protectionmode are not used to personalize browsing on YouTube. Ads that are played inextended data protection mode are also not personalized. No cookies are set inextended data protection mode. Instead, so-called local storage elements arestored in the user's browser, which contain personal data similar to cookiesand can be used for recognition. Details on the extended data protection modecan be found here:

https://support.google.com/youtube/answer/171780.
After activating a YouTube video,further data processing operations may be triggered over which we have

no influence.

The use of YouTube is based on our interestin presenting our online content in an appealing manner. Pursuant to Art.6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has beenobtained, the processing is carried out exclusively on the basis of Art.6(1)(a) GDPR and § 165 (3) Telecommunications Act 2021 (TKG 2021), insofar theconsent includes the storage of cookies or the access to information in theuser’s end device (e.g., device fingerprinting) within the meaning of the TKG2021. This consent can be revoked at any time.

For more information on how YouTube handlesuser data, please consult the YouTube Data Privacy Policy under:
https://policies.google.com/privacy?hl=en.

Vimeo WithoutTracking (Do-Not-Track)

This website uses plugins of the Vimeo videoportal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York10011, USA.

Whenever you visit one of our pagesfeaturing Vimeo videos, a connection with the servers of Vimeo is established.In conjunction with this, the Vimeo server receives information about which ofour sites you have visited. Vimeo also receives your IP address. However, wehave set up Vimeo in such a way that Vimeo cannot track your user activitiesand does not place any cookies.

We use Vimeo to make our online presentationattractive for you. This is a legitimate interest on our part pursuant to Art.6(1)(f) GDPR. If a respective declaration of consent was requested (e.g.concerning the storage of cookies), processing shall occur exclusively on thebasis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission and, according toVimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.

For more information on the handling of userdata, please consult Vimeo’s data privacy policy at:

https://vimeo.com/privacy

Google Fonts(local embedding)

This website uses so-called Google Fontsprovided by Google to ensure the uniform use of fonts on this site. TheseGoogle fonts are locally installed so that a connection to Google’s serverswill not be established in conjunction with this application.

For more information on Google Fonts, pleasefollow this link: https://developers.google.com/fonts/faq andconsult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Adobe Fonts

In order to ensure the uniform depiction ofcertain fonts, this website uses fonts called Adobe Fonts provided by AdobeSystems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access pages of this website, yourbrowser will automatically load the required fonts directly from the Adobe siteto be able to display them correctly on your device. As a result, your browserwill establish a connection with Adobe’s servers in the United States. Hence,Adobe learns that your IP address was used to access this website. According tothe information provided by Adobe, no cookies will be stored in conjunctionwith the provision of the fonts.

Data are stored and analyzed on the basis ofArt. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniformpresentation of the font on the operator’s website. If appropriate consent hasbeen obtained, the processing is carried out exclusively on the basis of Art.6(1)(a) GDPR and § 165 (3) Telecommunications Act 2021 (TKG 2021), insofar theconsent includes the storage of cookies or the access to information in theuser’s end device (e.g., device fingerprinting) within the meaning of the TKG2021. This consent can be revoked at any time.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details can befound here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information about Adobe Fonts,please read the policies under: https://www.adobe.com/privacy/policies/adobe-fonts.html.

Adobe’s Data Privacy Declaration may bereviewed under: https://www.adobe.com/privacy/policy.html.

The company is certified in accordance withthe “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between theEuropean Union and the US, which is intended to ensure compliance with Europeandata protection standards for data processing in the US. Every companycertified under the DPF is obliged to comply with these data protectionstandards. For more information, please contact the provider under thefollowing link: https://www.dataprivacyframework.gov/participant/5660.

GooglereCAPTCHA

We use “Google reCAPTCHA” (hereinafterreferred to as “reCAPTCHA”) on this website. The provider is Google IrelandLimited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determinewhether data entered on this website (e.g., information entered into a contactform) is being provided by a human user or by an automated program. Todetermine this, reCAPTCHA analyzes the behavior of the website visitors basedon a variety of parameters. This analysis is triggered automatically as soon asthe website visitor enters the site. For this analysis, reCAPTCHA evaluates avariety of data (e.g., IP address, time the website visitor spent on the siteor cursor movements initiated by the user). The data tracked during such analysesare forwarded to Google.

reCAPTCHA analyses run entirely in thebackground. Website visitors are not alerted that an analysis is underway.

Data are stored and analyzed on the basis ofArt. 6(1)(f) GDPR. The website operator has a legitimate interest in theprotection of the operator’s websites against abusive automated spying andagainst SPAM. If appropriate consent has been obtained, the processing iscarried out exclusively on the basis of Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021), insofar the consent includes thestorage of cookies or the access to information in the user’s end device (e.g.,device fingerprinting) within the meaning of the TKG 2021. This consent can berevoked at any time.

For more information about Google reCAPTCHAplease refer to the Google Data Privacy Declaration and Terms Of Use under thefollowing links:
https://policies.google.com/privacy?hl=en and
https://policies.google.com/terms?hl=en.

Zendesk

We deploy the CRM system Zendesk to processuser inquiries. The provider is Zendesk, Inc., 1019 Market Street in SanFrancisco, CA 94103 USA.

We use Zendesk to be able to respond to yourinquiries promptly and efficiently. This constitutes a legitimate interest asdefined in Art. 6(1)(f) GDPR.

In order to be able to submit inquiries, youmust provide your e-mail address and name.

The messages addressed to us remain with usuntil you request deletion, or the data storage purpose no longer applies (e.g.after completed processing of your request). Mandatory statutory provisions, inparticular retention periods, remain unaffected.

Zendesk has Binding Corporate Rules (BCR)which have been approved by the Irish Data Protection Authority. These arebinding corporate rules that legitimize the transfer of data within the companyto third countries outside the EU and EEA. Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.

If you should not want to agree to theprocessing of your inquiries by us via Zendesk, you have the alternative optionto communicate with us via e-mail, telephone, or fax.

For more information, please consultZendesk’s Data Privacy Declaration at: https://www.zendesk.com/company/customers-partners/privacy-policy/.

Data processing

Zapier

We use Zapier. The provider is Zapier Inc,Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter “Zapier”).

Zapier allows us to link and synchronizevarious functionalities, databases, and tools. In this way, it is possible, forexample, to automatically play out content that we publish on our website onour social media channels or to export content from marketing and analysistools. Depending on the functionality, Zapier may also collect various personaldata in the process.

The use of Zapier is based on Art. 6(1)(f)GDPR. We have a legitimate interest on the most effective integration of thetools used. If appropriate consent has been obtained, the processing is carriedout exclusively on the basis of Art. 6(1)(a) GDPR and § 165 (3)Telecommunications Act 2021 (TKG 2021), insofar the consent includes thestorage of cookies or the access to information in the user’s end device (e.g.,device fingerprinting) within the meaning of the TKG 2021. This consent can berevoked at any time.

Data transfer to the USA is based on thestandard contractual clauses of the EU Commission. You can find details here:
https://zapier.com/tos.

Data processing

Make.com

This website uses Make.com, a cloud-basedautomation platform from Celonis SE, Theresienstraße 6, 80333 Munich(hereinafter “Make.com”).

Make.com is used to create and executeautomated workflows (“scenarios”) between different online services. During theuse of Make.com, personal data may be processed. This includes, for example,names, email addresses, IP addresses, telephone numbers, address data, contentsfrom emails or forms, API calls as well as access and authentication data thatare processed as part of the workflows.

The use of Make.com is based on Art. 6 (1)(f) of the GDPR. The website operator has a legitimate interest in theefficient automation of business processes. If the appropriate consent has beenobtained, the processing is carried out based exclusively on Art. 6 (1) (a) ofthe GDPR and § 165 (3) Telecommunications Act 2021 (TKG 2021), insofar as theconsent includes the storage of cookies or access to information on the enddevice of the user (e.g. Device Fingerprinting) within the meaning of the TKG2021. The consent can be revoked at any time.

Further details can be found in Make.com’sprivacy policy: https://www.make.com/en/privacy-notice aswell as https://www.make.com/en/privacy-and-gdpr.

Data processing

We have concluded a data processingagreement (DPA) for the use of the above-mentioned service. This is a contract mandatedby data privacy laws that guarantees that they process personal data of ourwebsite visitors only based on our instructions and in compliance with theGDPR.

8. Online-basedAudio and Video Conferences (Conference tools) Data processing

We use online conference tools, among otherthings, for communication with our customers. The tools we use are listed indetail below. If you communicate with us by video or audio conference using theInternet, your personal data will be collected and processed by the provider ofthe respective conference tool and by us. The conferencing tools collect allinformation that you provide/access to use the tools (email address and/or yourphone number). Furthermore, the conference tools process the duration of the conference,start and end (time) of participation in the conference, number of participantsand other “context information” related to the communication process(metadata).

Furthermore, the provider of the toolprocesses all the technical data required for the processing of the onlinecommunication. This includes, in particular, IP addresses, MAC addresses,device IDs, device type, operating system type and version, client version,camera type, microphone or loudspeaker and the type of connection.

Should content be exchanged, uploaded, orotherwise made available within the tool, it is also stored on the servers ofthe tool provider. Such content includes, but is not limited to, cloudrecordings, chat/ instant messages, voicemail uploaded photos and videos, files,whiteboards, and other information shared while using the service.

Please note that we do not have completeinfluence on the data processing procedures of the tools used. Ourpossibilities are largely determined by the corporate policy of the respectiveprovider. Further information on data processing by the conference tools can befound in the data protection declarations of the tools used, and which we havelisted below this text.

Purpose andlegal bases

The conference tools are used to communicatewith prospective or existing contractual partners or to offer certain servicesto our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools servesto generally simplify and accelerate communication with us or our company(legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consenthas been requested, the tools in question will be used on the basis of thisconsent; the consent may be revoked at any time with effect from that date.

Duration ofstorage

Data collected directly by us via the videoand conference tools will be deleted from our systems immediately after yourequest us to delete it, revoke your consent to storage, or the reason forstoring the data no longer applies. Stored cookies remain on your end device untilyou delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the duration ofstorage of your data that is stored by the operators of the conference toolsfor their own purposes. For details, please directly contact the operators ofthe conference tools.

Conferencetools used

We employ the following conference tools:

Zoom

We use Zoom. The provider of this service isZoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose,CA 95113, USA. For details on data processing, please refer to Zoom’s privacypolicy: https://www.zoom.com/de/trust/privacy/privacy-statement/.

Data transmission to the US is based on theStandard Contractual Clauses (SCC) of the European Commission. Details can befound here: https://www.zoom.com/de/trust/privacy/privacy-statement/.

Data processing

Microsoft Teams

We use Microsoft Teams. The provider is theMicrosoft Ireland Operations Limited, One Microsoft Place, South CountyBusiness Park, Leopardstown, Dublin 18, Ireland. For details on dataprocessing, please refer to the Microsoft Teams privacy policy:
https://privacy.microsoft.com/en-us/privacystatement.

https://www.dataprivacyframework.gov/participant/6474.

Data processing

Google Meet

We use Google Meet. The provider is GoogleIreland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details ondata processing, please see the Google privacy policy: https://policies.google.com/privacy?hl=en.

Data processing

9. CustomServices Handling applicant data

We offer website visitors the opportunity tosubmit job applications to us (e.g., via e-mail, via postal services on bysubmitting the online job application form). Below, we will brief you on thescope, purpose and use of the personal data collected from you in conjunction withthe application process. We assure you that the collection, processing, and useof your data will occur in compliance with the applicable data privacy rightsand all other statutory provisions and that your data will always be treated asstrictly confidential.

Scope andpurpose of the collection of data

If you submit a job application to us, wewill process any affiliated personal data (e.g., contact and communicationsdata, application documents, notes taken during job interviews, etc.), if theyare required to make a decision concerning the establishment or an employmentrelationship. The legal grounds for the aforementioned are § 11 DSG accordingto Austrian Law, Art. 6(1)(b) GDPR (General Contract Negotiations) and –provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke anyconsent given at any time. Within our company, your personal data will only beshared with individuals who are involved in the processing of your jobapplication.

If your job application should result in yourrecruitment, the data you have submitted will be archived on the grounds of §11 DSG and Art. 6(1)(b) GDPR for the purpose of implementing the employmentrelationship in our data processing system.

Data ArchivingPeriod

If we are unable to make you a job offer oryou reject a job offer or withdraw your application, we reserve the right toretain the data you have submitted on the basis of our legitimate interests(Art. 6(1)(f) GDPR) for up to 6 months from the end of the applicationprocedure (rejection or withdrawal of the application). Afterwards the datawill be deleted, and the physical application documents will be destroyed. Thestorage serves in particular as evidence in the event of a legal dispute. If itis evident that the data will be required after the expiry of the 6-monthperiod (e.g., due to an impending or pending legal dispute), deletion will onlytake place when the purpose for further storage no longer applies.

Longer storage may also take place if youhave given your agreement (Article 6(1)(a) GDPR) or if statutory data retentionrequirements preclude the deletion.

Admission tothe applicant pool

If we do not make you a job offer, you maybe able to join our applicant pool. In case of admission, all documents andinformation from the application will be transferred to the applicant pool inorder to contact you in case of suitable vacancies.

Admission to the applicant pool is basedexclusively on your express agreement (Art. 6(1)(a) GDPR). The submissionagreement is voluntary and has no relation to the ongoing applicationprocedure. The affected person can revoke his agreement at any time. Inthis case, the data from the applicant pool will be irrevocably deleted,provided there are no legal reasons for storage.

The data from the applicant pool will beirrevocably deleted no later than two years after consent has been granted.

‍

Privacy Policy

1. An overviewof data protection General information

2. Hosting andContent Delivery Networks (CDN)

3. Generalinformation and mandatory information Data protection

4. Recording ofdata on this website Cookies

5. Analysistools and advertising Google Tag Manager

6. Newsletter Newsletter data

7. Plug-ins and Tools‍

8. Online-basedAudio and Video Conferences (Conference tools) Data processing

9. CustomServices Handling applicant data

7. Plug-ins and Tools
‍