Privacy Policy

Use of Cookies

Cookies are small text files, or other memory notes, that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content or used functions of an online offer. Cookies can also be used for different purposes, for example, for the functionality, security and comfort of online offers as well as the creation of analyses of visitor flows.

Cookie usage on our website: Our website only uses technically necessary cookies. We do not use marketing cookies, analytics cookies, or social media tracking. Consent is not required for technically necessary cookies.

Notices on the legal basis for data protection: The legal basis on which we process the users' personal data using cookies depends on whether we ask users for their consent. If users consent, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies is processed based on our legitimate interests (e.g., in a business operation of our online offer and improvement of its usability) or if this occurs within the scope of fulfilling our contractual obligations if the use of cookies is necessary to fulfill our contractual obligations. We explain for what purposes the cookies are processed by us in these Privacy Policies or in the context of our consent and processing processes.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).

• Permanent cookies: Permanent cookies remain stored even after the end device has been closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. The data collected with the help of cookies can also be used for reach measurement. If we do not provide users with explicit information on the type and storage duration of cookies (e.g., in the context of obtaining consent), users should assume that cookies are permanent, and the storage duration can be up to two years.

General notes on revocation and objection (opt-out): Users can revoke consents given by them at any time and also object to the processing in accordance with the statutory provisions in Art. 21 GDPR. Users can also declare their objection via the settings of their browser, for example, by deactivating the use of cookies (whereby this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.

Business services

We process data from our contractual and business partners, e.g., customers and interested parties (collectively referred to as "Contractual Partners") in the context of contractual and comparable legal relationships as well as the associated measures and in the context of communication with the Contractual Partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedy warranties and other performance disruptions. In addition, we process the data to protect our rights and for the purposes of administrative tasks and corporate organization associated with these obligations. In addition, we process the data based on our legitimate interests in a proper and economical business management as well as security measures to protect our Contractual Partners and our business operations from misuse, threat to their data, secrets, information, and rights (e.g., involving telecommunication, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with the applicable law, we only pass on the data of Contractual Partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. About other forms of processing, e.g., for marketing purposes, the Contractual Partners are informed within these Privacy Policies.

We inform the Contractual Partners about which data is required for the aforementioned purposes before or in the context of data collection, e.g., in online forms, through special identification (e.g., colors) or symbols (e.g., asterisks, etc.), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it needs to be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant to tax law as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions required for understanding these documents, and other organizational documents and booking documents, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins with the end of the calendar year in which the last entry in the book was made, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, furthermore, the record was made, or the other documents were created.

Insofar as we use third-party providers or platforms for the provision of our services, the conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between the users and the providers.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Customers; Interested parties; Business and Contractual Partners; Clients.

• Purposes of Processing: Providing contractual services and customer service; Security measures; Contact inquiries and communication; Office and organizational procedures; Administration and response to inquiries.

• Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Customer account: Contractual Partners can create an account within our online offer (e.g., customer or user account, briefly "Customer Account"). If the registration of a customer account is necessary, Contractual Partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. In the context of registration as well as subsequent logins and uses of the customer account, we store the IP addresses of the customers together with the access times to prove registration and prevent any misuse of the customer account. If customers have canceled their customer account, the data concerning the customer account will be deleted, subject to retention for legal reasons. It is the responsibility of the customers to secure their data after the customer account has been terminated; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• Online Courses and Online Training: We process the data of participants in our online courses and online training (collectively referred to as "Participants") to be able to provide our course and training services to them. The data processed here, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. The data generally includes information about the courses and services utilized and, to the extent part of our service offering, the participants' personal specifications and results. Processing forms also include performance evaluation and evaluation of our services and those of the course and training organizers; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• Legal advice: We process the data of our clients as well as interested parties and other clients or business partners (collectively referred to as "Clients") to provide them with our contractual or pre-contractual services, especially advisory services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship. If the clients consent, it is necessary for our contract fulfillment, legally (e.g., according to the information obligations of the anti-money laundering regulations), or for the protection of vital interests, occur under consideration of the clients' protection interests based on our legitimate interests in efficient and safe practice of our activity, we disclose or transmit the clients' data respecting the professional regulations to third parties or agents, such as authorities, courts, or in the IT, office, or similar services; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• Offering software and platform services: We process the data of our users, registered and potential test users (collectively referred to as "Users") to provide them with our contractual services and based on legitimate interests, to ensure the security of our offering and further develop it. The necessary information is marked as such in the context of the order, purchase, or similar contract conclusion and includes the information required for service provision and billing, as well as contact information for any necessary follow-up discussions; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• Events and activities: We process the data of participants of the events, activities, and similar activities we offer or host (collectively referred to as "Participants" and "Events") to enable them to participate in the events and take advantage of the services or actions associated with participation. If we process health-related data, religious, political, or other special categories of data in this context, this takes place in the public domain (e.g., for thematically oriented events) or for health, safety, or with the participants' consent. The necessary information is marked as such in the context of the order, purchase, or similar contract conclusion and includes the information required for service provision and billing, as well as contact information for any necessary follow-up discussions. Insofar as we have access to information of end customers, employees, or other persons, we process this in compliance with legal and contractual requirements; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Use of online platforms for offering and distribution purposes

We offer our services on online platforms operated by other service providers. In this context, the privacy policies of the respective platforms apply in addition to our Privacy Policies. This is especially true concerning the payment process and the procedures for reach measurement and interest-based marketing used on the platforms.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Customers.

• Purposes of Processing: Providing contractual services and customer service; Marketing.

• Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Providers and Services Used in Business Operations

In our business operations, we respect legal regulations by using additional services, platforms, interfaces, or plug-ins provided by third parties (briefly referred to as "Services"). Their use is based on our interest in a proper, lawful, and economic management of our business operations and our internal organization.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., contract subject, term, customer category).

• Affected Persons: Customers; Interested parties; Users (e.g., website visitors, users of online services); Business and Contractual Partners.

• Purposes of Processing: Providing contractual services and customer service; Office and organizational procedures.

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Lexoffice: Online software for invoicing, accounting, banking, and tax filing with document storage; Service provider: Haufe Service Center GmbH, Munzinger Straße 9, 79111 Freiburg, Germany; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.lexoffice.de; Privacy Policy: https://www.lexoffice.de/datenschutz; Data Processing Agreement: https://www.lexoffice.de/auftragsverarbeitung.

• Timely: Time tracking; Service provider: Memory AS, Karvesvingen 5, 0579 Oslo, Norway; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://timelyapp.com; Privacy Policy: https://timelyapp.com/privacy-policy; Data Processing Agreement: https://www.timely.com/data-processing-agreement.

• Linear: Project management tool for planning, organizing, and tracking workflows, tasks, and projects; Service provider: Linear Orbit, Inc., 2261 Market Street #4990, San Francisco, CA 94114, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://linear.app; Privacy Policy: https://linear.app/privacy; Data Processing Agreement: https://linear.app/dpa; Basis for third-country transfers: EU Commission's Standard Contractual Clauses.

• DocuSign: Digital signatures and signing procedures for documents; Service provider: DocuSign, Inc., 221 Main Street Suite 1000 San Francisco, CA 94105, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.docusign.com; Privacy Policy: https://www.docusign.com/company/privacy-policy; Further information: Processing as a processor and controller is based on approved binding internal data protection rules that ensure a data protection level complying with the requirements of the GDPR (English: "Binding Corporate Rules", Art. 47 GDPR): https://www.docusign.com/trust/privacy/binding-corporate-rules.

Payment Procedures

Within the context of contracts and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer efficient and secure payment options to the affected individuals and use additional service providers alongside banks and credit institutions (collectively, "Payment Service Providers").

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contractual, totals, and recipient-related information. The information is required to carry out the transactions. The entered data is, however, only processed and stored by the payment service providers. This means that we do not receive any account or credit card information, but only information with confirmation or negative notification of the payment. In some circumstances, the payment service providers pass the data on to credit bureaus. This transmission is intended for identity and credit checks. For this, we refer to the terms and conditions and the privacy policies of the payment service providers.

For the payment transactions, the terms and conditions and the privacy policies of the respective payment service providers apply, which are available within the respective websites or transaction applications. We also refer to these for further information and assertion of revocation rights, information, and other rights of affected persons.

• Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., contract subject, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Customers; Interested parties.

• Purposes of Processing: Providing contractual services and customer service.

• Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further notes on processing processes, procedures, and services:

• PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

• Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://stripe.com; Privacy Policy: https://stripe.com/de/privacy.

Provision of Online Offer and Web Hosting

We process the users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Processed data types: Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses); Content data (e.g., entries in online forms).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Content Delivery Network (CDN).

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as "Web host"); Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files." The server log files may contain the address and name of the accessed websites and files, date and time of retrieval, transmitted data volumes, notification of successful retrieval, browser type with version, the user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files can be used for security purposes, for example, to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks) and ensure the server's utilization and stability; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidence purposes are excluded from deletion until the respective incident is finally clarified.

• Email sending and hosting: The web hosting services we use include the sending, receiving, and storage of emails. For these purposes, the recipients and senders' addresses and other information regarding the email sending (e.g., the involved providers) as well as the respective emails' content are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not encrypted. Emails are usually encrypted during transport, but not on the servers from which they are sent or received unless a so-called end-to-end encryption procedure is used. We cannot, therefore, assume responsibility for the emails' transmission path between the sender and the reception on our server; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Content-Delivery-Network: We use a "Content-Delivery-Network" (CDN). A CDN is a service that allows content of an online offer, especially large media files such as graphics or program scripts, to be delivered faster and more securely using regionally distributed and internet-connected servers; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Cloudflare: Content-Delivery-Network (CDN) service that enables faster and more secure delivery of online offer content, especially large media files such as graphics or program scripts, using regionally distributed and internet-connected servers; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy; Data Processing Agreement: https://www.cloudflare.com/cloudflare-customer-dpa; Standard Contractual Clauses (Ensuring data protection level when processing in third countries): https://www.cloudflare.com/cloudflare-customer-scc.

• Framer: Web hosting; Service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

Registration, Login, and User Account

Users can create a user account. In the context of registration, the users are informed about the required mandatory information and processed for the provision of the user account based on contractual performance obligations. The processed data includes login information (username, password, and an email address) in particular.

In the context of using our registration and login functions and the user account, we store the IP address and the respective user action's time. The storage is based on our legitimate interests and the user's protection against misuse and unauthorized use. In principle, this data is not disclosed to third parties unless required to pursue our claims or there is a legal obligation.

The users can be informed by email about processes relevant to their user account, such as technical changes.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Providing contractual services and customer service; Security measures; Administration and response to inquiries; Provision of our online offer and user-friendliness.

• Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Registration with real names: Due to the nature of our community, we ask users to use our offer only using real names, meaning the use of pseudonyms is not permitted; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• Deletion of data after termination: If users have terminated their user account, their data is deleted regarding the user account, subject to legal permission, obligation, or users' consent; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• No retention obligation for data: Users are responsible for securing their data in the event of termination before the contract termination. We are entitled to irretrievably delete all data stored by the user during the contract period; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

• Framer: Web hosting; Service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter referred to as "Publication Medium"). The readers' data is processed for the purposes of the Publication Medium only to the extent necessary for its display and the communication between authors and readers or for security reasons. Otherwise, we refer to the information on processing the visitors of our Publication Medium in the context of these Privacy Policies.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Providing contractual services and customer service; Feedback (e.g., collecting feedback via an online form); Provision of our online offer and user-friendliness; Security measures; Administration and response to inquiries.

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Comments and Posts: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is for our security in case someone leaves illegal content (insults, prohibited political propaganda, etc.) in comments and posts. In this case, we may be held liable for the comment or post and are, therefore, interested in the author’s identity. Furthermore, we reserve the right to process the users' details for spam detection purposes based on our legitimate interests. On the same legal basis, we reserve the right, in the case of surveys, to store the users' IP addresses for their duration and to use cookies to prevent multiple votes. The personal information shared in comments and posts, any contact and website information, as well as the content, will be stored by us until the users object; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Framer: Web hosting; Service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, phone, or social media) and within existing user and business relationships, we process the information of the inquiring persons to the extent it is necessary to respond to the contact inquiries and any requested measures.

• Processed data types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Communication partners.

• Purposes of Processing: Contact inquiries and communication; Administration and response to inquiries; Feedback (e.g., collecting feedback via an online form); Provision of our online offer and user-friendliness.

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Deletion of data: Contact inquiries are deleted after 3 years unless a client relationship develops. For clients, the statutory retention periods under BRAO apply.

Further notes on processing processes, procedures, and services:

• Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the communicated request; Legal grounds: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Video Conferences, Online Meetings, Webinars, and Screen-Sharing

We use platforms and applications of other providers (hereinafter referred to as "Conference Platforms") for conducting video and audio conferences, webinars, and other types of video and audio meetings (collectively referred to as "Conference") for short. We select the conference platforms and their services based on legal requirements.

Data processed by conference platforms: In the context of participating in a Conference, the conference platforms process the personal data of the participants listed below. The scope of processing depends on which data is required as part of a specific Conference (e.g., providing access data or real names) and which optional information is provided by the participants. In addition to processing for conducting the Conference, the participants’ data may also be processed by the conference platforms for security or service optimization purposes. The data processed includes personal information (first name, last name), contact information (email address, phone number), access data (access codes or passwords), profile pictures, information about professional position/function, the IP address of the internet connection, information about the participants' end devices, their operating system, the browser, and its technical and language settings, information about the content communication processes, i.e., entries in chats as well as audio and video data, as well as the use of other available functions (e.g., surveys). The communications' content shall be encrypted to the extent technically available by the conference providers. If the participants are registered as users on the conference platforms, further data may be processed in accordance with the respective conference provider's agreement.

Logging and recording: If text entries, attendance results (e.g., of surveys), and video or audio recordings are being logged, participants will be informed transparently beforehand and asked for their consent if required.

Participation in the conference: Please observe the details of the processing of your data through the conference platforms' privacy policies and choose the optimal security and privacy settings for you within the settings of the conference platforms. Moreover, for the duration of a video conference, ensure data and personal protection in the background of your recording (e.g., with notices to roommates, locking doors, and using, if technically possible, the function to blur the background). Links to conference rooms and access data must not be disclosed to unauthorized third parties.

Legal basis notes: If, in addition to the conference platforms, we also process users' data and ask them for their consent to use the conference platforms or specific functions (e.g., consent to record conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing conversation results, etc.). Otherwise, users' data will be processed based on our legitimate interests in efficient and secure communication with our communication partners.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Communication partners; Users (e.g., website visitors, users of online services); Depicted persons.

• Purposes of Processing: Providing contractual services and customer service; Contact inquiries and communication; Office and organizational procedures.

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Microsoft Teams: Messenger and conference software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-365; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Standard Contractual Clauses (Ensuring data protection level when processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

• Zoom: Conference and communication software; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.zoom.us; Privacy Policy: https://explore.zoom.us/de/privacy; Data Processing Agreement: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf; Third country transfers basis: Data Privacy Framework (DPF) https://www.dataprivacyframework.gov.

• Cal.com: Online appointment scheduling and management; Service provider: Cal.com, Inc., 2261 Market St Ste 4382, San Francisco, CA 94114, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://cal.com/de; Privacy Policy: https://cal.com/de/privacy; Data Processing Agreement: https://cal.com/privacy#data-processing-agreement; Third country transfers basis: EU Commission's Standard Contractual Clauses.

Application Procedures

The application procedure requires applicants to provide us with the data necessary for their assessment and selection. The necessary information is derived from the job description or, in the case of online forms, from the details provided therein.

In general, the required information includes personal information, such as the name, address, a contact possibility, as well as evidence of the necessary qualifications for a job. On request, we will also be happy to inform you of which details are required.

If provided, applicants can submit their applications to us using an online form. The data will be transmitted to us up to date with the technology and encrypted. Applicants can also send us their applications via email. However, please note that emails on the Internet are generally not sent encrypted. Emails are typically encrypted during transmission but not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of the application between sending and receiving it on our server.

For the purposes of applicant search, submission of applications, and selection of applicants, we may use applicant management or recruitment software and platforms and services of third-party providers while complying with legal provisions.

Applicants can feel free to contact us about how to submit the application or send the application to us by mail.

Processing of special data categories: If special data categories of personal data pursuant to Art. 9 para. 1 GDPR (e.g., health data, such as disability or ethnic origin) are requested during the application procedure so that the responsible party or the concerned person can exercise their rights and fulfill their respective obligations under labor law and social security and social protection law, their processing takes place according to Art. 9 para. 2 letter b. GDPR, in the case of vital interest protection of the applicants or other persons, protection of their consent or based on our legitimate interests at the efficient and secure exercise of our activity. Otherwise, their processing takes place on the basis of Art. 9 para. 2 letter a. GDPR if the special data categories' provision is based on voluntary consent.

Deletion of data: The data provided by the applicants may be further processed by us for employment purposes in the event of a successful application. Otherwise, if the application for a job offer is not successful, candidates' data will be deleted. Candidates' data will also be deleted if an application is withdrawn, to which they are entitled at any time. Deletion is subject to candidates' justified withdrawal, at the latest after six months, so that we can answer any follow-up questions regarding the application and meet our proof obligations under the equal treatment provisions. Invoices for any travel expense reimbursement are archived in accordance with tax regulations.

Inclusion in an applicant pool: Inclusion in an applicant pool, if offered, is based on consent. Candidates are informed that their consent to be included in the talent pool is voluntary, does not affect the ongoing application process, and can be withdrawn at any time for the future without giving reasons.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Applicant data (e.g., personal information, postal, and contact addresses, documents associated with the application, and the information contained therein, such as covering letter, CV, certificates, or additional voluntarily shared information by candidates regarding a specific job or their qualifications).

• Affected Persons: Applicants.

• Purposes of Processing: Application procedure (establishment and potential future conduct and possible termination of the employment relationship).

• Legal grounds: Application procedure as a pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) GDPR).

Cloud Services

We use software services accessible via the Internet and executed on the servers of their providers (so-called "cloud services," also referred to as "Software as a Service") for storing and managing content (e.g., document storage and management, sharing documents, content, and information with specified recipients or publishing content and information).

In this context, personal data may be processed and stored on the providers' servers insofar as they are a part of communication processes with us or are otherwise processed as presented within these Privacy Policies. These data may include particularly personal data and contact data of users, process data, contracts, other processes, and their content. The providers of the cloud services also process usage data and metadata used for security purposes and service optimization.

If we provide forms, documents, or other content for other users or publicly accessible websites using cloud services, the providers can also store cookies on users' devices to perform web analysis or remember user preferences (e.g., media control settings).

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Customers; Employees (e.g., employees, applicants, former employees); Interested parties; Communication partners.

• Purposes of Processing: Office and organizational procedures; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)).

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://microsoft.com/de-de; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Data Processing Agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA; Standard Contractual Clauses (Ensuring data protection level when processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "Newsletter") only with the recipients' consent or based on legal permission. If the newsletter contents are specifically described in the context of an application for the newsletter, they are decisive for the users’ consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient if you provide your email address and name for personal addressing in the newsletter. However, we may ask you for further information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter takes place in a double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that nobody can register with someone else's email address. The newsletter registrations are logged to prove the registration process according to legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Likewise, the changes to your data stored with the dispatch service provider are logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove previously given consent. The processing of this data is limited to the purpose of possibly defending against claims. An individual deletion request is possible at any time, provided the previous existence of consent is confirmed at the same time. We reserve the right to store the email address solely for this purpose in a block list (a so-called "Blocklist") in the case of duties to consider objections permanently.

The registration process's logging is based on our legitimate interests for proof of its proper flow. Suppose we assign a service provider to send emails. In that case, this is done based on our legitimate interests in an efficient and secure dispatch system.

Contents: We inform you about contractual law topics and about us, our services, products, promotions, and offers.

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta-/communication data (e.g., device information, IP addresses); Usage data (e.g., websites visited, interest in content, access times).

• Affected Persons: Communication partners.

• Purposes of Processing: Direct Marketing (e.g., via email or post).

• Legal grounds: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

• Opt-out possibility: You can cancel our newsletter reception at any time, i.e., withdraw your consents, or object to further reception. A link to cancel the newsletter is available at the end of each newsletter. Alternatively, you can use one of the above contact options, preferably email, for this purpose.

Further notes on processing processes, procedures, and services:

• Measurement of opening and click rates: The newsletters contain a so-called "web-beacon," i.e., a pixel-sized file that is retrieved from our server, or, if we use a dispatch service provider, from its server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially gathered. This information is used for the technical improvement of our newsletter based on the technical data or target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or access times. This analysis includes determining whether the newsletters are opened and when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations serve us to recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users. The measurement of opening rates and click rates and storing measurement results in users' profiles and their further processing occur based on a user's consent. Unfortunately, a separate withdrawal of the success measurement is not possible; the entire newsletter subscription must be canceled, or an objection must be raised. In this case, the stored profile information will be deleted; Legal grounds: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

• Loops: Email services; Service provider: Astrodon, Inc., Beaverton, 9450 SW Gemini Dr, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://loops.so; Privacy Policy: https://loops.so/privacy; Data Processing Agreement: https://loops.so/dpa; Third country transfers basis: EU Commission's Standard Contractual Clauses.

Promotional Communication via Email, Mail, or Phone

We process personal data for advertising communication purposes, which can be carried out according to legal requirements via various channels, such as email, mail, or phone.

The recipients have the right to revoke consent given at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorization for contact or mailing for up to three years after the year of revocation or objection ends, based on our legitimate interests. The processing of this data is limited to the purpose of possibly defending against claims. Based on the legitimate interest in considering the users' withdrawal or objection permanently, we also store the data required to prevent further contact (e.g., depending on the communication channel, the email address, phone number, or name).

• Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).

• Affected Persons: Communication partners.

• Purposes of Processing: Direct marketing (e.g., via email or post).

• Legal grounds: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") serves to evaluate our online offer. We can recognize, for example, the extent to which our online offering is used. Similarly, we can identify which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Among other things, the visited webpage(s) (Page URL), the websites through which visitors access our online offer (HTTP Referrer), the browser used, the computer system used, the device type, and information on the country, region, and city from which retrieval is made are recorded.

• Processed data types: Usage data (e.g., websites visited); Meta-/communication data (e.g., browser).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Reach measurement (e.g., access statistics).

• Security measures: See the following information about the service provider.

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• plausible.io: Reach measurement and web analytics; no use of cookies or similar persistent online identifiers, recognition of returning visitors is done using a pseudonymous identifier, which is deleted after one day; otherwise, no personal data is stored (https://plausible.io/data-policy); no data is transferred to third parties; processing takes place on the server of plausible.io based on an order processing contract; Service provider: Plausible Insights Oü, Västriku tn 2, 50403, Tartu, Estonia; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://plausible.io/; Privacy Policy: https://plausible.io/privacy; Data Processing Agreement: https://plausible.io/dpa.

• Framer Analytics: Integrated web analytics functions of our website platform. Framer Analytics operates completely anonymized and GDPR-compliant without cookies or persistent identifiers. Data processing is carried out exclusively on EU servers. Captured are: page views, visitor numbers, referral sources, device types (anonymized). Unique Visitors are measured with a 1-day window, after that automatic anonymization takes place; Service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

• Ahrefs Webmaster Tools: SEO and website analysis tool for monitoring website performance in search engines. Captured data includes: search engine rankings, backlinks, technical SEO data, crawling information. Personal data is only processed during active use of the tool, not during normal website visits; Service provider: Ahrefs Pte Ltd., 16 Raffles Quay, #33-03 Hong Leong Building, Singapore 048581; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://ahrefs.com; Privacy Policy: https://ahrefs.com/privacy; Third country transfers basis: EU Commission's Standard Contractual Clauses.

Presences in Social Networks (Social Media)

We have online presences within social networks and process users' data to communicate with active users there or to offer information about us.

We point out that data of users can be processed outside the European Union. This may result in risks for the users since enforcing their rights could be more difficult this way.

Furthermore, users' data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user behavior and resulting interests. The user profiles can be used to display advertisements inside and outside the networks that presumably reflect users' interests. For these purposes, cookies are regularly stored on the users' devices, in which the user behavior and interests of the users are stored. In addition, the usage profiles may also store data independent of the users’ devices used (especially if users are members of the respective platforms and logged in).

For a detailed presentation of the respective processing forms and the objection possibilities (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

Also, in the case of requests for information and the assertion of user rights, we point out that they are best asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. However, should you need help, you can contact us.

• Processed data types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

• Affected Persons: Users (e.g., website visitors, users of online services).

• Purposes of Processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form); Marketing.

• Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further notes on processing processes, procedures, and services:

• LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Ensuring data protection level when processing in third countries): https://legal.linkedin.com/dpa; Opt-out possibility: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

• XING: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.xing.com; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

• Vimeo: Social network and video platform; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy.

• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Opt-out possibility: https://adssettings.google.com/authenticated.