I ) Responsible Person:

Nikita Blizniuk

NikVanDamme Real Estate L.L.C

ABU HAIL BUILDING 13

OFFICE-G-L5, ABU HAIL

1649-0 Dubai,

UNITED ARAB EMIRATES

II ) Authorized Representatives:

Nikita Blizniuk

Email Address: nikita@nikvandamme.ae

III ) Relevant Legal Bases

III.I Relevant legal bases according to GDPR:

Below is an overview of the legal bases of the GDPR on which the processing of personal data by us is based. Please note that in addition to the GDPR regulations, national data protection provisions may also apply in your or our country of residence or domicile. If specific legal bases are relevant in individual cases, we will inform you about them in the privacy policy.

III.II Third country (outside the EU and Switzerland):

In the country of the responsible person’s domicile, in addition to or alongside the data protection regulations of the GDPR, the local data protection provisions also apply. These may include specific provisions that go beyond or deviate from the requirements of the GDPR. These include, among other things, provisions for the protection against misuse of personal data, regulations on rights of access and deletion, rights of objection, processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making including profiling.

1. Introduction

With this privacy policy, we would like to explain to you which types of personal data (hereinafter referred to as “data”) we process for what purposes and to what extent. This statement applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, in mobile apps, and in external online presences, such as our social media profiles (collectively referred to as “online offering”).

The terms used are intended to be gender-neutral.

2. Security Measures

We take all necessary measures to protect your data in accordance with legal requirements. We consider the current state of the art, the costs of implementation, the nature, scope, and purposes of processing, as well as the different risks to the rights and freedoms of the data subjects.

Our measures include in particular:

• Ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access and use of the data.
• Establishing procedures to ensure the rights of data subjects, to delete data, and to respond to data threats.
• Protecting personal data already during the development and selection of hardware, software, and procedures, in accordance with the principles of data protection and through privacy-friendly settings.

2.1. Securing Online Connections through TLS/SSL Encryption Technology (HTTPS)

To protect the data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers). This means that the data is secure and protected. You can identify a secured website by the HTTPS in the URL, indicating that your data is being transmitted securely and encrypted.

2.2. Transmission of Personal Data

While we process your personal data, it may be necessary to share or grant access to it to other entities, companies, or individuals. This may include, for example, IT service providers or providers of services and content integrated into our website. In such cases, we comply with legal requirements and enter into specific contracts to protect your data.

2.3. Data Transfer within the Organization

We may share or grant access to personal data to other companies within our corporate group. When we transfer data for administrative purposes, we do so based on our legitimate business interests or to fulfill our contractual obligations. We only do this if it is legally permitted or if you have consented.

2.4. International Data Transfers

2.4.1. Processing Data in Countries outside the EU or EEA

When we process data in a country outside the EU or EEA or transfer it to other individuals, companies, or entities in these countries, we comply with legal regulations.

• If the country has a recognized level of data protection (according to Art. 45 GDPR), we use this recognition as the basis for the data transfer.
• Otherwise, we transfer data only if the level of data protection is otherwise guaranteed, for example, through standard contractual clauses (Art. 46(2)(c) GDPR), your explicit consent, or because it is contractually or legally required (Art. 49(1) GDPR).

We will inform you of the specific reasons for data transfers to these countries. You can also find information on the website of the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de

2.4.2 EU-US Trans-Atlantic Data Privacy Framework

The European Commission recognized the level of data protection for certain US companies under the “Data Privacy Framework” (DPF) as safe on July 10, 2023. You can find the list of certified companies and further information on the website of the US Department of Commerce: https://www.dataprivacyframework.gov/ (in English). We will inform you which of our service providers are certified under this framework.

2.5. General Information on Data Storage and Deletion

We delete personal data that we process as soon as the underlying consents are revoked or there are no longer any legal grounds for processing. This happens when the original purpose of processing ceases to exist or the data is no longer needed. There are exceptions when legal obligations or special interests require data to be retained for a longer period.

This particularly concerns data that must be retained for commercial or tax law reasons or that are necessary for legal prosecution or the protection of the rights of other individuals. This data must be archived accordingly.

If there are multiple indications of the storage period or deletion deadlines for a piece of data, the longest deadline always applies.

If a deadline does not explicitly start on a specific date and lasts for at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. For ongoing contracts under which data is stored, the triggering event is the termination of the contract or the end of the contract.

Data that is no longer needed for the original purpose but is retained due to legal requirements or other reasons, we only process for these specific reasons.

3.  Further Information on Processing Procedures, Procedures, and Services

3.1. Retention and Deletion of Data

The following general deadlines for retention and archiving apply under German law:

• 10 years: Obligation to retain books and records, annual financial statements, inventories, management reports, opening balances, as well as the associated operating instructions and other organizational documents, booking documents, and invoices (§ 147 para. 3 in conjunction with para. 1 nos. 1, 4 and 4a AO, § 14b para. 1 UStG, § 257 para. 1 nos. 1 and 4, para. 4 HGB).
• 6 years: Obligation to retain other business documents, such as received commercial or business letters, copies of sent commercial or business letters, and other documents that are important for taxation, e.g., hourly wage sheets, operating cost sheets, calculation documents, price tags, and payroll documents, provided they are not already booking documents, as well as cash register tapes (§ 147 para. 3 in conjunction with para. 1 nos. 2, 3, 5 AO, § 257 para. 1 nos. 2 and 3, para. 4 HGB).
• 3 years: Data required to process possible warranty and compensation claims or similar contractual claims and rights, as well as related inquiries. This data is stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

4. Rights of Data Subjects

As a data subject, you have various rights under the GDPR, arising from Articles 15 to 21 of the GDPR:

• Right to Object: You can object to the processing of your data at any time for personal reasons if it is based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling. If your data is used for direct marketing, you can object at any time.
• Right to Withdraw Consent: You can withdraw your consent for the processing of your data at any time.
• Right to Access: You have the right to know whether we are processing your data and can request a copy of this data and further information about it.
• Right to Rectification: You can request the addition or correction of your data if it is incomplete or incorrect.
• Right to Erasure and Restriction of Processing: You can request the immediate deletion of your data or alternatively, restrict processing if certain legal conditions are met.
• Right to Data Portability: You have the right to receive your data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller.
• Right to Lodge a Complaint with a Supervisory Authority: If you believe that the processing of your data violates the GDPR, you can lodge a complaint with a supervisory authority. This can be done in the Member State of your habitual residence, your place of work, or the place of the alleged violation. Further information can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

5. Definitions

Here you will find an overview of the terms used in this privacy policy. Where they are legally defined, the legal definitions apply. The following explanations are provided for your better understanding.

5.1. Business Services.

We process data of our contractual and business partners, such as customers and prospects (collectively “contractual partners”), within the framework of contractual and comparable relationships, as well as associated measures and communication with them, for example, to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the provision of agreed services, the fulfillment of update obligations, and the rectification of defects. In addition, we use the data to safeguard our rights and to fulfill administrative and organizational tasks as well as to ensure corporate management.

We also process the data on the basis of our legitimate interests to ensure proper business management and to take security measures to protect contractual partners and our business operations from misuse and threats (e.g., integration of telecommunications and transport services, subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). We disclose contractual partners’ data to third parties within the framework of legal requirements if this is necessary for the purposes mentioned above or to fulfill legal obligations. We inform contractual partners about other processing purposes, such as marketing, in this privacy policy.

We inform contractual partners about the data required for the purposes mentioned above at the time of data collection, for example, in online forms, through specific markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiry of the statutory warranty periods, generally after four years, unless they need to be retained for longer periods for legal reasons (e.g., usually ten years for tax purposes). Data disclosed to us by the contractual partner as part of an order will be deleted in accordance with the specifications upon completion of the order.

5.2. Processed Data Types

Inventory data (e.g., name, address, contact information, customer number); payment data (e.g., bank details, invoices, payment history); contact details (e.g., postal and email addresses, telephone numbers); contract data (e.g., subject matter of the contract, duration, customer category).

• Data Subjects: Service recipients and clients; prospects; business and contractual partners.
• Purposes of Processing: Fulfillment of contractual services and obligations; communication; office and organizational processes; business procedures.
• Retention and Deletion: In accordance with the information provided in the section “General Information on Data Storage and Deletion.”
• Legal Bases: Contractual performance and pre-contractual inquiries (Art. 6(1) S. 1 lit. b) GDPR); legal obligation (Art. 6(1) S. 1 lit. c) GDPR); legitimate interests (Art. 6(1) S. 1 lit. f) GDPR).

5.3. Further Information on Processing Procedures, Procedures, and Services:

• Agency Services: Within the scope of our contracts, we offer various services such as consulting, campaign planning, software and design development, implementation of campaigns and processes, server administration, data analysis, and training. These services are based on contracts and pre-contractual inquiries.
• Business Processes and Procedures: Personal data of customers, clients, clients, patients, business partners, and others are processed within the framework of contracts and pre-contractual measures. This processing supports business processes such as customer management, sales, payment processing, accounting, and project management. The data helps fulfill contractual obligations and optimize internal processes.
• Processed Data Types: We process various types of data, including inventory data (such as name and contact information), contact details, content data, usage data, meta and communication data, as well as log data.
• Data Subjects: The processed data concerns service recipients, clients, prospects, communication partners, business and contractual partners, third parties, users, and employees.
• Purposes of Processing: Data processing serves the provision of contractual services, the organization of business processes, communication, marketing, sales promotion, public relations, credit checks, financial and payment management, as well as IT infrastructure.
• Retention and Deletion: Data is treated in accordance with our information on data storage and deletion.
• Legal Bases: Processing is based on contractual performance, legitimate interests, and legal obligations.

5.4. What data is processed?

We process personal data (e.g., name, address, contact details), communication data (e.g., email address, telephone number), usage data (e.g., visited pages, duration of visit), technical data (e.g., IP address, device type), and metadata (e.g., information about other data).

5.5. Who is affected by the data processing?

Data processing concerns customers and business partners, prospects and contacts, employees and applicants, as well as website visitors and users.

5.6. Why are your data processed?

We process your data to fulfill contracts and optimize processes (e.g., customer management, accounting), offer our products and services, safeguard our rights and obligations (e.g., assertion of claims), and operate and maintain our IT systems.

5.7. How long will your data be stored?

Your data will be stored for as long as necessary for the respective purpose. After that, your data will be deleted.

5.8. On what legal basis are your data processed?

We process your data on the basis of contracts, laws, and our legitimate interests.

Examples of the processing of your data:

• Accounting: Creating and auditing invoices, managing open items, processing payments
• Marketing: Conducting market analyses, determining target audiences, planning advertising campaigns
• Web hosting: Provision of our website and online services

Further information:

Data processing is carried out in accordance with data protection laws. Data subjects have rights regarding their data (e.g., information, deletion).

5.8.1. Provision of the online offering

We use storage space, computing power, and software from an external provider to provide our website and online services. This allows us to make our content available to you quickly and reliably while ensuring the security and stability of our systems.

5.8.2. Access data and log files

When you visit our website, certain information is stored in so-called log files. This information includes, among other things, the IP address of your device, the pages accessed, and the time of access. The log files are used to ensure the security and stability of our website.

5.8.3. Email sending and hosting

We also use our web host for sending, receiving, and storing emails. This includes processing the addresses of senders and recipients as well as the contents of emails. The data is also used to detect spam. We would like to point out that emails are generally not encrypted when sent over the internet. Therefore, we cannot assume any responsibility for the security of emails during transmission.

5.8.4. ALL-INKL

ALL-INKL is a company that provides storage space and computing power for our website and online services. This enables us to deliver our content to you quickly and reliably while ensuring the security and stability of our systems.

5.8.5. WordPress.com

WordPress.com is a company that provides hosting and software for our website. With WordPress.com, we can easily create and manage our website.

Further information:

ALL-INKL: www.all-inkl.com

WordPress.com: www.wordpress.com

6. Cookies

6.1. What are cookies?

Cookies are small files that are stored on your computer or smartphone when you visit our website. They allow us to recognize you and save your settings, such as your login status, the contents of your shopping cart, or the pages you have visited.

6.2. What types of cookies do we use?

We use various types of cookies that serve different functions:

• Technical cookies: These cookies are necessary to ensure the basic functions of our website, such as navigation or using the shopping cart.
• Functional cookies: These cookies improve the usability of our website by saving your language settings or preferred products, for example.
• Performance cookies: These cookies collect information about how you use our website, such as which pages you visit most often. This information helps us improve our website and tailor it to your needs.
• Marketing cookies: These cookies are used to display personalized advertising tailored to your interests.

6.3. Do we need your consent?

For the use of some cookies, we need your consent. This applies especially to cookies used for advertising purposes or to analyze your usage behavior.

6.4. How can you manage cookies?

You can change your cookie settings at any time in your browser. There, you can specify which cookies should be stored and which should not.

You have the right to access your personal data that we have collected from you. You can review, update, correct, or delete this data.

6.5. Google Analytics:

You can prevent Google Analytics from collecting your data by installing an add-on for your browser. This add-on is available at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only disables data collection by Google Analytics

6.6. How to delete Cookies:

You can manage cookies in your browser. Cookies are small files that are stored on your computer or smartphone when you visit a website. They allow the website to remember you and save your settings, such as your login status, the contents of your shopping cart, or the pages you have visited.

Most browsers allow you to delete, block, or manage cookies. Instructions for deleting, blocking, or managing cookies can be found in your browser’s help section.

Links to guides for various browsers:

• Chrome: https://support.google.com/accounts/answer/61416?hl=en&co=GENIE.Platform%3DDesktop
• Safari: https://support.apple.com/en-us/105082
• Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Internet Explorer: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
• Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d

7. Blogs and Publishing Media

We utilize blogs or comparable means of online communication and publication (hereinafter referred to as “publishing medium”). The data of readers is processed for the purposes of the publishing medium only to the extent necessary for its representation and communication between authors and readers or for security reasons. Moreover, we refer to the information regarding the processing of visitors to our publishing medium within the scope of this privacy policy.

• Processed Data Types: Master data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses, or phone numbers); Content data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as authorship details or creation time); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.
• Storage and Deletion: Deletion according to the information in the section “General Information on Data Storage and Deletion.”
• Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

8. Contact and Inquiry Management:

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and within the scope of existing user and business relationships, the information of the requesting individuals is processed to the extent necessary to respond to the contact inquiries and any requested measures.

• Processed Data Types: Master data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses, or phone numbers); Content data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as authorship details or creation time); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Communication partners.
• Purposes of Processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.
• Storage and Deletion: Deletion according to the information in the section “General Information on Data Storage and Deletion.”
• Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

8.1. Further Notes on Processing Processes, Procedures, and Services:

• Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data transmitted to us to respond to and process the respective request. This typically includes information such as name, contact information, and possibly other details provided to us that are necessary for appropriate processing. We only use this data for the specified purpose of contacting and communication;
• Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

8.2. Communication via Messenger:

For the purpose of communication, we use messenger services and therefore ask you to observe the following information regarding the functionality of the messenger, encryption, the use of communication metadata, and your options for objection. You can also contact us through alternative means, such as via phone or email. Please use the contact options provided to you or those indicated within our online offering. In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that communication content (i.e., the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages is not visible, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the encryption of message content. However, we also inform our communication partners that while messenger providers cannot view the content, they can ascertain whether and when communication partners are communicating with us, as well as technical information about the communication partners’ devices and, depending on their device settings, location information (metadata) may be processed.

Notes on Legal Basis: If we request permission from communication partners before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not request consent and, for example, communication partners contact us on their own initiative, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, based on our legitimate interests in fast and efficient communication and meeting the needs of our communication partners regarding communication via messenger. Furthermore, we would like to inform you that we do not transmit the contact details provided to us to messengers without your consent. Revocation, Objection, and Deletion: You can revoke your consent at any time or request the deletion of your data. Processed Data Types: Contact data (e.g., postal and email addresses or – This text area needs to be unlocked with a premium license.

Content data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as authorship 

• Data Subjects: Communication partners.

• Purposes of Processing: Communication.

• Storage and Deletion: Deletion according to the information in the section “General Information on Data Storage and Deletion.”

• Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

8.3. Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) exclusively with the consent of the recipients or based on a legal basis. If the contents of the newsletter are mentioned as part of a newsletter registration, these contents are decisive for the consent of the users.

Usually, providing your email address is sufficient for newsletter registration. However, to offer you a personalized service, we may ask for your name for personal address in the newsletter or for further information if necessary for the purpose of the newsletter.

8.3.1. Deletion and Restriction of Processing

We can store deregistered email addresses for up to three years based on our legitimate interests before deleting them to prove previously given consent. The processing of this data is restricted to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist. The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider with the dispatch of emails, this is based on our legitimate interests in an efficient and secure dispatch system.

8.3.2. Content

Information and news about Dubai, Dubai’s real estate market. Information on new construction projects, information on new offers.

8.3.3. Processed Data Types:

Master data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). • Data Subjects: Communication partners; Users (e.g., website visitors, users of online services). • Purposes of Processing: Direct marketing (e.g., via email or postal); Provision of contractual services and fulfillment of contractual obligations. • Storage and Deletion: 3 years – Contractual claims (AT) (Data necessary to consider potential warranty and damages claims or similar contractual claims and rights and to process related inquiries, based on past business experience and customary industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).); 10 years – Contractual claims (CH) (Data necessary to consider potential damages claims or similar contractual claims and rights and to process related inquiries, based on past business experience and customary industry practices, are stored for the period of the statutory limitation period of ten years, unless a shorter period of 5 years is applicable in certain cases (Art. 127, 130 OR)). • Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). • Objection Option (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or can use one of the contact options provided above, preferably email. Further Notes on Processing Processes, Procedures, and Services: • Prerequisite for the use of free services: Consent to the sending of mailings can be made a prerequisite for the use of free services (e.g., access to certain content or participation in specific actions). If users want to take advantage of the free service without subscribing to the newsletter, we ask them to contact us.

Web Analysis, Monitoring, and Optimization Web analysis (also referred to as “audience measurement”) is used to evaluate the visitor traffic of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of audience analysis, we can, for example, determine the times at which our online offering or its features or content are most frequently used, or invite for reuse. Likewise, we can track which areas require optimization. In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components. Unless otherwise stated below, profiles, i.e., data summarized for a usage process, may be created for these purposes, and information may be stored in a browser or on an end device and then read. The information collected includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data with us or with the providers of the services we use, the processing of location data is also possible. In addition, the IP addresses of the users are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of the users (such as email addresses or names) are stored as part of web analysis, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures. Legal Basis Notes: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Processed Data Types: Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

• Affected Individuals: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Audience measurement (e.g., access statistics, identification of recurring visitors); Profiles with user-related information (creation of user profiles).
• Storage and Deletion: Deletion according to the information in the section “General Information on Data Storage and Deletion”; Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for a period of two years.).
• Security Measures: IP masking (pseudonymization of the IP address).
• Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Methods, and Services:

• Jetpack (WordPress Stats): Jetpack provides analysis functions for WordPress software; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Social Media Presence: We maintain online presences within social networks and process user data in this context to communicate with active users or provide information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, as enforcement of user rights could be made more difficult, for example.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage behavior and resulting user interests can be used to create user profiles. These profiles may in turn be used to display advertisements within and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are usually stored on users’ computers, in which usage behavior and user interests are stored. In addition, data can also be stored in the usage profiles regardless of the devices used by the users (especially if they are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing methods and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Also, in the case of information requests and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the latter have access to user data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

• Processed Data Types: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as authorship information or time of creation); Usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features). • Affected Individuals: Users (e.g., website visitors, users of online services). • Purposes of Processing: Communication; Feedback (e.g., collecting feedback via online forms); Public relations. • Storage and Deletion: Deletion according to the information in the section “General Information on Data Storage and Deletion”. • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Methods, and Services: • Instagram: Social network, allows sharing of photos and videos, commenting and favoriting posts, messaging, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. • Facebook Pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook collects and uses information to provide analysis services, so-called “Page Insights”, for page operators to gain insights into how people interact with their pages and associated content. We have entered into a special agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to Facebook). The rights of users (especially to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which includes the transfer of data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/.

LinkedIn: Social Network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of data from visitors, which are used for the purpose of creating “Page Insights” (statistics) of our LinkedIn profiles.

This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices used by users (such as IP addresses, operating systems, browser types, language settings, cookie data), and information from the users’ profiles, such as job function, country, industry, hierarchical level, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum (the ‘Addendum’)”, https://legal.linkedin.com/pages-joint-controller-addendum), which in particular regulates the security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to LinkedIn). The rights of users (especially the rights to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection of data by and the transmission to Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of Ireland Unlimited Company, especially regarding the transmission of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Opt-Out Option: https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions as well as content We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter uniformly referred to as “third-party providers”). This may include, for example, graphics, videos, or maps (hereinafter uniformly referred to as “content”).

The integration always presupposes that the third-party providers of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content or functions. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online offering, but may also be linked to such information from other sources.

Legal basis notes: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta-, communication, and process data (e.g., IP addresses, time information, identification numbers, persons involved); Master data (e.g., full name, address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as information on authorship or time of creation). • Data subjects: Users (e.g., website visitors, users of online services). • Purposes of processing: Provision of our online offering and user-friendliness. • Storage and deletion: Deletion according to information in the section “General information on data storage and deletion”; Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years.). • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures, and services: • Google Fonts (provision on our own server): Provision of font files for user-friendly presentation of our online offering; Service provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); • YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertising: https://myadcenter.google.com/personalizationoff.