Privacy policy

General part

Data protection at a glance

Article 12 of the General Data Protection Regulation requires us to inform you in a concise, transparent, intelligible and easily accessible form, using clear and plain language, about how we process your data. We want to make a sincere contribution to this and summarize our privacy policy as follows. The details can be found under the summary:

Target group

This privacy policy is aimed at all persons who visit our website. All personal designations refer to both male and female and diverse persons and language forms and are always to be understood with the addition “(m/f/d)”.

Person in charge

The person of charge within the meaning of Article 4(7) GDPR for the processing of personal data of visitors to this website is: Speakers Excellence Deutschland Holding GmbH, represented by the managing directors Gerd Kulhavy, Jana Kulhavy, Adlerstraße 41, 70199 Stuttgart, phone 0711 7585840, email: info@speakers-excellence.de. Where reference is made to “we” or “us”, this refers to the person in charge presented here.

Rights of visitors to the website

Visitors have several rights with regard to the personal data processed about them under the General Data Protection Regulation. In particular

• the right to information about the stored personal data,

• the right to rectification of inaccurate personal data stored,

• the right to erasure of personal data for which there is no legal basis for further storage

• legal basis,

• the right to restrict the processing of stored personal data,

• the right to data portability,

• the right to lodge a complaint with the data protection supervisory authority responsible for us. Insofar as the factual requirements of the respective claims are met and we can identify you, we will fulfill your claims promptly.

Processing operations involving automated decision-making (including profiling, where applicable)

(1) Insofar as we mention any tools and/or processing constellations used in the table above (“Data protection at a glance”) in the last line (“Processing operations involving automated decision-making, including profiling where applicable”), this means that we exceptionally carry out a special form of data processing for these tools/processing constellations. In this context, we would like to draw your attention to the following:

1. The special form of processing is so-called automated decision-making. These are decisions based solely on automated processing that have a legal or other significant effect on you (e.g. a decision to enter into a contract). Such processing also includes “profiling”, which is any form of automated processing of personal data consisting of the evaluation of personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, where this produces legal effects concerning the data subject or similarly significantly affects the data subject.

2. In general, such processing operations are prohibited (see Article 22(1) GDPR), although there are exceptions to this prohibition. If we invoke exceptions, we explain these in our data protection information for persons to whom we make contractual decisions, i.e. generally customers and/or suppliers. We refer to this declaration.

(2) Insofar as we do not list anything in the last line (“Processing operations involving automated decision-making, including profiling”) in the table above (“Data protection at a glance”), we do not use this technology on our website.

Data transfer to third parties outside the European Union

(1) It is possible that we may transfer and/or have personal data transferred to parties located outside the European Union or at least cannot rule this out (henceforth: third country body). In these cases, we must guarantee in accordance with Article 44 GDPR that this does not fall below the level of protection of the General Data Protection Regulation. As a precaution, we would like to point out that the third country body can be both a controller and a processor.

(2) If we refer to a so-called adequacy decision in the following declaration, this means that the third country body is located in a country, territory or specific sector for which the Commission has decided that it offers an adequate level of protection. This guarantee then follows from Article 45 GDPR.

(3) If we refer to the so-called standard contractual clauses in the following declaration, this means that the third country body accepts the so-called EU standard contractual clauses and has thus contractually undertaken to respect the level of protection of the General Data Protection Regulation. This guarantee then follows from Article 46(1) and (5) GDPR.

(4) If we refer in the following statement to the fact that you have consented to the transfer to the third country body, this means that you have been informed of all existing possible risks of such transfers, for which there is no adequacy decision or other guarantees, and have nevertheless consented to the data transfer. This guarantee then follows from Article 49(1)(a) GDPR. For reasons of transparency, we describe the corresponding risks in a separate section.

(5) We only provide this information as a precautionary measure. It shall only apply if we refer to it in the following declaration. It is also possible that we will not make use of this.

Special constellation: EU standard contractual clauses and third country bodies based in the USA

(1) In addition to the explanations under “Data transfer to bodies outside the European Union” - paragraph 3, we would like to draw your attention to a special constellation. In the case of transfers to third country bodies based in the USA, the possibility of invoking the EU standard contractual clauses is limited. If we therefore intend to invoke the EU standard contractual clauses in this context (or already do so), please note the following:

(2) We will only base the transfer of personal data to US third country bodies on the EU standard contractual clauses if we have first carried out a thorough review of the associated circumstances. In doing so, we first determine a risk level (type and in particular sensitivity of the data concerned, scope of data processing, purpose of data processing, susceptibility to misuse). We then check whether the contractual commitments of the US third country office and the technical and organizational measures taken there (e.g. processing of data exclusively in EU-based data centers, encryption technology) sufficiently minimize the risks identified in advance. We will only rely on the EU standard contractual clauses if we come to the conclusion that they also provide a sufficient guarantee in the case of a US third country office.

(3) We only provide this information as a precautionary measure. It only applies if we refer to it in the following declaration. It is also possible that we will not make use of this.

Special constellation: Consent to the transfer to third country bodies based in the USA, including the risk information

(1) In addition to the explanations under “Data transfer to bodies outside the European Union” - paragraph 4, we would like to draw your attention to a further special constellation. In the case of transfers to third country bodies based in the USA, the possibility of invoking the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask you for your consent to this transfer. However, before you give this consent, we ask you to take note of the following risks and consider them when deciding whether to give your consent:

(2) We would like to emphasize that a data transfer to the USA without the protection of an adequacy decision may entail considerable risks. In particular, the following risks should be noted:

1. There is no uniform data protection law in the USA, let alone one that is comparable to the data protection law applicable in the EU. This means that both US companies and government agencies have more opportunities to process your personal data, in particular for advertising, profiling and conducting (criminal) investigations. Our options for taking action against this are considerably restricted.

2. The US legislator has granted itself numerous rights of access to your personal data (see, for example, Section 702 of FISA or E.O. 12333 in conjunction with PPD-28), which are not compatible with our understanding of the law. In particular, there is no proportionality test comparable to that in the European Union prior to access.

3. Citizens of the European Union cannot expect effective legal protection in the USA.

4. As a rule, we will only ask you for such consent if we have come to the conclusion that the US third country office cannot successfully invoke EU standard contractual clauses.

(3) We only make this declaration as a precautionary measure. It shall only apply if we refer to it in the following declaration. It is also possible that we will not make use of this.

Special constellation: Consent to the transfer to third country bodies based in the Russian Federation, including the risk information

1) In addition to the explanations under “Data transfer to bodies outside the European Union” - paragraph 4, we would like to draw your attention to a further special constellation. In the case of transfers to third country bodies based in the Russian Federation, the possibility of invoking the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask you for your consent to this transfer. However, before you give this consent, we ask you to take note of the following risks and consider them when deciding whether to give your consent:

(2) We would like to emphasize that a data transfer to the Russian Federation without the protection of an adequacy decision may entail considerable risks. In particular, the following risks should be noted:

1. Although the legislator of the Russian Federation has ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (so-called European Data Protection Convention), there may be implementation deficits.

2. The legislator of the Russian Federation has granted itself and its investigative authorities access rights to your personal data that are at least not fully compatible with our understanding of the law. In particular, there is no proportionality check comparable to that in the European Union prior to access.

3. Citizens of the European Union cannot expect the same legal protection in the Russian Federation as in the EU.

4. As a rule, we will only ask you for such consent if we have come to the conclusion that the third country office in Russia cannot successfully invoke EU standard contractual clauses.

Special constellation: Consent to the transfer to third country bodies based in the Republic of India, including the risk information

(1) In addition to the explanations under “Data transfer to bodies outside the European Union” - paragraph 4, we would like to draw your attention to a further special constellation. In the case of transfers to third country bodies based in the Republic of India, the possibility of invoking the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask you for your consent to this transfer. However, before you give this consent, we ask you to take note of the following risks and consider them when deciding whether to give your consent:

(2) We would like to emphasize that a data transfer to the Republic of India without the protection of an adequacy decision may entail considerable risks. In particular, the following risks should be noted:

1. The Republic of India does have an IT law and ministerial guidelines on data protection law. However, they are not necessarily binding in the same way as the General Data Protection Regulation. In particular, there is no guarantee that data subjects who are not based in India will be able to make claims against companies under data protection law on the basis of the law and the guidelines in India.

2. The legislator of the Republic of India has granted itself numerous rights of access to your personal data that are not fully compatible with our understanding of the law.

3. As a rule, we will only ask you for such consent if we have come to the conclusion that the US third country office cannot successfully invoke EU standard contractual clauses.

(3) We only make this declaration as a precautionary measure. It shall only apply if we refer to it in the following declaration. It is also possible that we will not make use of this.

Note on the legal processing obligation

Only insofar as we refer to Article 6 paragraph 1 sentence 1 lit. c GDPR in the following data protection declaration is there a legal obligation to process data.

Processing operations that are necessary for the performance of contracts (primary legal basis Article 6 (1) sentence 1 lit. b GDPR).

General information on the purpose and legal basis of the processing operations described below.

(1) The purpose of the processing operations described below is the establishment, performance and termination of contracts and the defense against claims on your part that are directly or indirectly related to the respective contract.

(2) Insofar as the purpose of the processing is the establishment, performance or termination of contracts, the legal basis for the processing of your personal data is Article 6 (1) sentence 1 lit. b GDPR. According to this provision, the processing of your personal data is also permitted without your consent if it is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request.

(3) Insofar as the purpose of the processing is to defend against claims on your part that are directly or indirectly related to the respective contract, Article 6 (1) sentence 1 lit. b GDPR is also the legal basis in addition to Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest in this respect arises from our right to defend ourselves against claims on your part.

(4) Only if we process your data in your capacity as an applicant or current or former employee on this website is Article 88 GDPR in conjunction with § Section 26 (1) BDSG2018 is the legal basis. According to this provision, the processing of your personal employee data (including your applicant data) is also permitted without your consent if it is necessary for the performance of an employment contract to which you are a party or for the implementation of pre-contractual measures.

(5) Insofar as we refer to Article 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing, which in cases of justified objection leads to an end of the processing based on this. And insofar as we do not expressly refer to Article 6 paragraph 1 sentence 1 lit. c GDPR, there is no obligation to process.

General information on the storage period with regard to the data in the context of the processing operations described below

(1) We store the data for as long as this is necessary to establish, execute and, if necessary, terminate the contract and/or to defend ourselves against claims by you that are directly or indirectly related to the respective contract.

(2) If a contractual relationship is established between us, we also store the data until the expiry of our statutory retention periods. The legal basis for this is Article 6 paragraph 1 sentence 1 lit. c GDPR in conjunction with. § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be stored beyond the time at which the purpose is achieved. We may be obliged to do the following,

1. personal data relating to you that is derived from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 para. 2a HGB, consolidated financial statements, management reports and group management reports, opening balance sheets, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, trading books as well as the work instructions and other organizational documents necessary for their understanding, for ten years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with § 147 AO or in conjunction with § 147 AO). § Section 147 AO or in conjunction with. § SECTION 257 HGB),

Retain personal data resulting from commercial or business letters received, from the reproduction of the commercial or business letters received and from other documents that are relevant for taxation purposes for six years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 147 AO). § Section 147 AO or in conjunction with. § SECTION 257 HGB).

(3) If we process your data in your capacity as an applicant on this website, we will generally store the data until a final decision has been made on your application, and

1. In the event of rejection, for a further six months after the rejection, whereby the legal basis for the six-month storage is Article 6 (1) sentence 1 lit. f GDPR and our legitimate interest follows from the right to defend ourselves against complaints under the AGG (cf. Section 15 (4) AGG),2.

2. in the event that we ask you whether you wish to be included in our applicant pool and you say yes, until such time as you withdraw your consent, whereby the legal basis for this storage is your consent in accordance with Article 88 GDPR in conjunction with § 26 paragraph 2 BDSG2018 is.

3. In the cases of paragraph 3 numbers 1 and 2, we only reserve the right to storage, but this data protection declaration does not establish an obligation to retain data.

(4) Insofar as we refer to Article 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing, which in cases of justified objection leads to an end of the processing based on this. And insofar as we do not expressly refer to Article 6 (1) sentence 1 lit. c GDPR, there is no obligation to process.

Formulardesigner from Typeform

(1) We use the following provider to create and manage forms: Typeform SL, Carrer de Bac de Roda, 163, 08018 Barcelona (Spain), support@typeform.com. We have commissioned this provider to process your data in accordance with Article 28 GDPR. You can find the privacy policy of this provider here: https://admin.typeform.com/to/dwk6gt/.

(2) As a rule, we process all data on the content, manner and scope of your entries in the respective form. You can find more details on the type and manner of processing via this provider here: https://www.typeform.com/product/ and under the heading “Contact form” in this privacy policy.

Formulardesigner Gravity Forms

(1) We use the WordPress plugin Gravity Forms to create and manage forms. The developer of this plugin is Rocket Genius, Inc, 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500 (USA), which, as far as we can tell, does not have access to the data you enter in the form. You can find out more about how it works here: https://www.gravityforms.com/features/.

(2) As a rule, we process all data on the content, manner and scope of your entries in the respective form. You can also find out more about how we handle your data under the heading “Contact form” in this privacy policy.

ablefy

(1) We use the following provider here: ablefy GmbH, Kurfürstendamm 182, 10707 Berlin (Germany), which provides the “ablefy” tool we use. We would like to briefly describe this processing procedure: If you order access to our products, there is a possibility that you will land on a landing page at ablefy. We have commissioned this provider with the support in the area of the presentation of the landing page as well as with the establishment, execution (in particular the payment procedure) and termination of the contract for our products in accordance with Article 28 GDPR. The privacy policy of this provider can be found here: https://myablefy.com/privacy

(2) We generally process the following data from you: The data provided and required by you in the course of communication for the initiation, fulfillment and termination of the debt relationship, in particular also order and invoice data. You can find more information on the type and manner of processing at: https://support.ablefy.io/seller/s/?language=de and under the heading “Product purchase and/or booking of services” in this privacy policy.

DocuSign

(1) We use the following provider here: DocuSign, Inc., 221 Main St., Suite 1550, San Francisco, CA 94105 (USA), further contact option here: https://support.docusign.com/en/contactSupport, which provides the “DocuSign” tool we use. We would like to briefly describe this processing procedure: If you order access to our products, there is a possibility that we will obtain your signature via this signature service provider. We have commissioned this provider in accordance with Article 28 GDPR. You can find this provider's privacy policy here: https://www.docusign.com/company/privacypolicy. You can find additional information on data protection with this provider here: https://www.docusign.com/trust/privacy

(2) We generally process the following data from you: We use this provider to document your signature and the time at which the signature was issued. You can find more information on the type and manner of processing at: https://www.docusign.de/ and under the heading “Product purchase and/or booking of services” in this privacy policy.

(3) The fact that this provider is based outside the European Union does not prevent it from being commissioned. This is because the commissioning is additionally justified by Article 47 GDPR.

The Binding Corporate Rules required for this can currently be found here: https://www.docusign.com/trust/privacy/binding-corporate-rules.

Adobe Sign

(1) We use the following provider here: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24 (Ireland), further contact details here: https://www.adobe.com/de/about-adobe/impressum.html, which provides the “Adobe Sign” tool we use. We would like to briefly describe this processing procedure: If you order access to our products, there is a possibility that we will obtain your signature via this signature service provider. We have commissioned this provider in accordance with Article 28 GDPR. You can find this provider's privacy policy here: https://www.adobe.com/de/privacy.html You can find additional information on data protection with this provider here: https://www.adobe.com/de/privacy/policies-business/esign.html.

(2) We generally process the following data from you: We document your signature via this provider as well as the time at which the signature was issued. You can find more information on the type and manner of processing at: https://acrobat.adobe.com/de/de/sign.html and under the heading “Product purchase and/or booking of services” in this privacy policy.

(4) The provider has subcontracted Adobe Inc, San Francisco, 345 Park Avenue, San Jose, California 95110 (USA). This subcontracting does not prevent the subcontractor from processing the data outside the EU. This is because the processing of your personal data associated with your signature on this website will only take place if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

The use of PayPal

(1) We use the following provider here: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 (Luxembourg), e-mail: impressum@paypal.com, which provides us with the “PayPal” payment service. We would like to briefly describe this processing procedure: Before you use this payment service, you must create your own account with this provider. To do this, you provide the provider with the necessary data. If you subsequently meet service providers (i.e. us) who accept payment via this payment service, you authorize this provider to credit either the money you have paid into your account with this payment service or the money collected by this payment service from your bank account by direct debit to the respective service provider, i.e. us. This is done by redirecting you from our website to the provider's website, where you must identify yourself and authorize the payment using various security procedures. The provider will of course obtain information about your purchasing behavior. The provider therefore does not act here as our instruction-dependent processor, but as your payment service provider. You can find the privacy policy of this provider here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

(2) We generally process the following data from you: We document via this provider,

1. that you use it and,

2. that you pay, in what amount and at what time.

3. personal data and account information required to complete the transaction;

4. personal data that we need to resolve disputes and to investigate and prevent fraud; and

We receive the information on 2., 3. and 4. from the provider. You can find more information on the type and manner of processing at: https://www.paypal.com/de/home and under the heading “Product purchase and/or booking of services” in this privacy policy.

Immediate transfers ("Sofortüberweisungen")

(1) We use the following provider here: SOFORT GmbH, a company of the Klarna Group, based at Theresienhöhe 12, 80339 Munich (Germany), which provides us with the “sofortüberweisungen” payment service. We would like to briefly describe this processing procedure: If a payment transaction is pending on your part in our legal relationship, you will be redirected to the website of this provider, where you enter your access data required for online banking. This provider then checks whether your account covers the amount to be transferred (account coverage check) and whether any instant transfers have been successfully carried out from your account in the last 30 days. After a positive check, the provider transmits the transfer order you have approved to your bank in electronic form and informs the payee you have selected (i.e. us) that the transfer has been successfully completed. The provider therefore does not act as our instruction-dependent processor, but as your payment service provider. You can find the privacy policy of this provider here: https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de.

(2) In this context, we generally process the following data from you: We document via this provider,

1. that you use it and,

2. that you are paying, in what amount and at what time. This message only includes the data from the transfer form (name, account number, sort code, subject, transfer amount) as well as the date (with time) and the transaction identifier selected by us (e.g. order number). In the case of SEPA transfers and if, depending on your bank, BIC and IBAN are required to enter the transfer in your online banking account, the confirmation to us will also contain the BIC and IBAN.

In general, we can also obtain this data from our account statement. We receive the information on 2. from the provider. You can find more information on the type and manner of processing at: https://www.klarna.com/sofort/ and under the heading “Product purchase and/or booking of services” in this privacy policy.

Stripe

(1) We use the following provider: Stripe Payments Europe, Ltd. based in Ireland. Stripe Payments Europe, Ltd. is a subsidiary of Stripe, Inc. based in the USA. Stripe Payments Europe, Ltd. is subject to European data protection law. Information on data protection at Stripe can be found here: https://stripe.com/de/ssa Furthermore, we have attached great importance to the fact that Stripe Payments Europe, Ltd. meets the highest security standards and can at least demonstrate certification in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). According to our review, the provider meets these requirements. A description of Stripe's security measures can be found here: https://stripe.com/docs/security Proof of PCI-DSS certification can be found here: https://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe,%20inc We have also contractually bound Stripe in accordance with Article 28 GDPR.

(2) We generally process the following data from you: We document via this provider

1. that you use it and

2. that you pay, in what amount and at what time.

3. personal data and account information required to complete the transaction

4. personal data that we need to resolve disputes and to investigate and prevent fraud; and

We receive the information under 2., 3. and 4. from the provider. You can find more information on the type and manner of processing under the links above.

Digistore

(1) We use the following provider here: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim (Germany). We would like to briefly describe this processing procedure: When you order access to our products, you conclude a contract with Digistore24 GmbH (hereinafter referred to as the main contract). This is because this company, in its function as a reseller, provides you with the respective product, possibly for a fee. We then process the data that the provider makes available to us for the purpose of establishing, implementing and terminating this contract precisely for these purposes. The privacy policy of this provider can be found here: https://www.digistore24.com/page/privacy

(2) We generally process the following data from you: We document via this provider that you are using our product and for how long, and when you terminate the contractual relationship. We receive this information from the provider. You can find more information on the type and manner of processing at: https://www.digistore24.com/de/vendors and under the heading “Product purchase and/or booking of services” in this privacy policy.

GotoMeeting/GotoWebinar

(1) We use the following provider here: LogMeIn, Inc, 320 Summer Street, Boston, MA 02210 (USA). We would like to briefly describe this processing procedure: You can register for one of our webinars on our website or otherwise communicate with us via video conference. We carry out all the necessary steps associated with this, from the initiation, implementation and follow-up of the webinar, via this service provider, who receives your data for these purposes as soon as you register for the webinar via our website, but at the latest when you participate in the webinar. We process the data that the provider makes available to us for the purpose of establishing, implementing and terminating this contract precisely for these purposes. We have commissioned this provider in accordance with Article 28 GDPR. You can find this provider's privacy policy here: https://www.logmeininc.com/de/legal/privac. Further information on data protection with this provider can also be found here: https://www.logmeininc.com/de/gdpr/what-is-gdpr.

(2) We generally process the following data from you: We document via this provider all data that you disclose when you register for and participate in the respective webinar. You can find more information on the type and manner of processing at: https://www.gotomeeting.com/de-de/webinar/funktionen.

(3) The fact that this provider is based outside the European Union does not prevent it from being commissioned. This is because you can only participate in our webinar if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information.

Using Zoom

(1) We use the following provider here: Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113 (USA) further contact option here: https://support.zoom.us/hc/de. We would like to briefly describe this processing procedure: You can register for one of our webinars on our website or otherwise communicate with us via video conference. We carry out all the necessary steps associated with this, from the initiation, implementation and follow-up of the webinar, via this service provider, who receives your data for these purposes as soon as you register for the webinar via our website, but at the latest when you participate in the webinar. We process the data that the provider makes available to us for the purpose of establishing, implementing and terminating this contract precisely for these purposes. We have commissioned this provider in accordance with Article 28 GDPR. You can find the privacy policy of this provider here: https://zoom.us/de-de/privacy.html .

(2) We generally process the following data from you: We document via this provider all data that you disclose when you register for and participate in the respective webinar. You can find more information on the type and manner of processing at: https://zoom.us/webinar.

(3) The fact that the provider processes the data outside the EU does not preclude the commissioning.

This is because you can only participate in our webinar if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information.

Microsoft Teams

(1) We use the following provider here: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 (USA) further contact options here: https://support.microsoft.com/de-de. We would like to briefly describe this processing procedure: You can register for one of our webinars on our website or otherwise communicate with us via video conference. We carry out all the necessary steps associated with this, from the initiation, implementation and follow-up of the webinar, via this service provider, who receives your data for these purposes as soon as you register for the webinar via our website, but at the latest when you participate in the webinar. We process the data that the provider makes available to us for the purpose of establishing, implementing and terminating this contract precisely for these purposes. We have commissioned this provider in accordance with Article 28 GDPR. You can find this provider's privacy policy here: https://www.microsoft.com/de-de/privacy/privacystatement.

(2) We generally process the following data from you: We document via this provider all data that you disclose when you register for and participate in the respective webinar. You can find more information on the type and manner of processing at: https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/teams-for-home.

(3) The fact that this provider is based outside the European Union does not prevent it from being commissioned. This is because you can only participate in our webinar if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

ablefy

(1) We use the following provider: ablefy GmbH, Kurfürstendamm 182, 10707 Berlin (Germany). We would like to briefly describe this processing operation: Our website has been created with a landing page builder from the above-mentioned provider. A landing page is a website - often set up for a specific case - which is called up after a click on a search engine entry or an advertising medium (e.g. social media post) so that a contract can be established, executed and/or terminated there. A landing page builder is a provider that enables the creation of such a landing page using a modular system. The landing page builder is also commissioned with the processing of personal data (in particular collection via forms, storage and forwarding of collected data, processing of the contract) that is collected via this website. We have commissioned this provider with these activities in accordance with Article 28 GDPR. The privacy policy of this provider can be found here: https://myablefy.com/privacy

(2) We generally process the following data from you: Personal data that you disclose when visiting our website or communicating with our website (in particular via forms). In particular, data that serves to establish, execute and/or terminate a contract that you conclude via our website (such as order and payment details and your contact details). You can find more information on the type and manner of processing at: https://support.ablefy.io/seller/s/?language=de

Internal area

(1) We would like to briefly describe this processing operation: On our website, you have the option of registering to use an internal area, then logging in and finally logging out again. When you register for the internal area, we collect the data that you provide during the registration process. Within the internal area, we register your actions insofar as this is necessary for the provision of the contractual relationship pursued. When you deregister, we delete the data, provided there are no retention periods to the contrary.

(2) We generally process the following data from you: (1) the registration data entered by you, (2) the data about logins, (3) about actions that you carry out within the log-in area, (4) about the status for logging out.

Klick-Tipp (for the establishment, fulfillment and/or termination of contracts)

(1) We use the following provider here: KLICK-TIPP LIMITED, 15 Cambridge Court, 210 Shepherd's Bush Road, London W6 7NJ (United Kingdom). We would like to briefly describe this processing operation: On our website, you have the option of purchasing products from us and/or booking services from us. We control

1. the collection of your personal data when initiating the respective contract,

2. the communication with you required for the establishment, execution and/or termination of the contract (in particular by e-mail) and

3. the delivery of our products and/or services.

We have commissioned this provider with the necessary processing of your personal data in accordance with Article 28 (3) GDPR. You can find the privacy policy of this provider here: https://www.klicktipp.com/de/datenschutzerklarung/.

(2) We generally process the following data from you: (1) all contact and order data entered by you, (2) payment data if applicable, (3) data about the delivery and (4) data about the assertion of rights on your part and the reaction on our part. You can find more information on the type and manner of processing at: https://www.klick- tipp.com/manual. (3) The fact that this provider is based outside the European Union does not prevent it from being commissioned. Pursuant to Art. FINPROV 10A of the Brexit Agreement of December 31, 2021 (p. 468 et seq.), the UK is not considered a “third country” under Article 44 GDPR for a period of four months from January 1, 2021, i.e. initially and for the time being until May 1, 2021. However, even irrespective of the UK's third country status, the transfer of data there is justified because the provider has undertaken to comply with the EU standard contractual clauses (Article 46 GDPR).

The use of Salesforce

(1) We use the CRM tool Salesforce for the purposes of customer data management. The provider of this tool is Salesforce, Inc., which is represented in Germany by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. You can find more information on data protection at this company at: https://www.salesforce.com/gdpr/overview/.

(2) We have carefully selected this provider and commissioned it in accordance with Article 28 GDPR, whereby you can find the contractual document in accordance with Article 28 (3) GDPR here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/dataprocessin g- addendum.pdf. The fact that Salesforce, Inc. has its registered office outside the European Union does not prevent it from being commissioned. This is because in the event that your data is processed outside the USA, we rely on Article 47 GDPR in conjunction with Salesforce's Processor Binding Corporate Rules for the Processing of Personal Data, see https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce- Processor-BCR.pdf.

Zapier (for the establishment, fulfillment and/or termination of a contract)

(1) We use the following provider here: Zapier Inc, 548 Market St #62411, San Francisco, California 94104 (USA), which provides the “Zapir” tool we use. We would like to briefly describe this processing procedure: With Zapier, we can connect web apps so that customer and prospect data can be automatically exchanged between the various applications. The data is exchanged via Zapier, so that the data may also be processed there. We have commissioned this provider with the necessary processing of your personal data in accordance with Article 28 (3) GDPR. The privacy policy of this provider can be found here: https://zapier.com/privacy/.

(2) We generally process the following data from you: All data that we collect via tools that we use in connection with the establishment, execution and/or termination of contracts between us and have automatically linked via this provider. As a rule, this can be all data from the initiation of the contract (often your contact data), from the execution of the contract (often order and payment data) and from the termination of the contract (status of the end of the contract, status of discontinuation of services). You can find more information on the possible uses at: https://zapier.com/learn/getting-started-guide/what-is-zapier/.

(3) The fact that this provider is based outside the European Union does not prevent it from being commissioned. This is because we can only offer you contractual services for which we use Zapier if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Cloudflare

We use the Cloudflare service to protect our website from cyber attacks and to optimize security and performance. Please note the following:

Data processing

Cloudflare processes various data from our website visitors, including

• IP addresses

• Browser type and version

• operating system

• referrer URL

• Time of access

This processing is used to detect and defend against potential threats and to optimize performance.

Data storage and deletion

Cloudflare implements appropriate security measures to protect the processed data. The exact storage periods may vary, although Cloudflare states that it only stores data for as long as is necessary to provide its services.

Data location

Depending on the selected service level, data can be processed within the EU or globally. As far as possible, we endeavor to ensure data processing within the EU.

Security measures

Cloudflare has various security certifications, including ISO 27001, 27018 and 27701, and is listed as a qualified DDoS mitigation provider by the German Federal Office for Information Security.

Data protection compliance

Cloudflare is certified according to the EU-U.S. Data Privacy Framework. For possible data transfers to third countries, the standard contractual clauses provided by the EU Commission are used.

Legal basis and consent

The use of Cloudflare is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR (protection of our website). In certain cases, user consent may be required, in particular if personal data is transferred to third countries.

Order processing

We have concluded an order processing contract with Cloudflare in accordance with Art. 28 GDPR, which ensures that your data is processed in compliance with data protection regulations.

For detailed information on data processing by Cloudflare, please refer to their current privacy policy:  https://www.cloudflare.com/de-de/privacypolicy/

Use of a chatbot and processing of conversation data

Speakers Excellence uses a chatbot to process inquiries efficiently and provide a fast service. This chatbot is based on technology from OpenAI (ChatGPT) and Google Cloud. Your data is therefore also processed via these providers.

Technical processing and data transfer

• OpenAI (ChatGPT): The chatbot uses the technology of OpenAI, based in the USA. The data is generally processed on servers within the European Union (if available). In exceptional cases, data may be transferred to the USA. OpenAI processes the data in accordance with the EU Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

• Google Cloud: We use Google Cloud for data processing and storage. The servers are generally located within the EU and Google is committed to complying with the GDPR and the corresponding security measures.

Storage and deletion of data

• Chatbot conversations are generally stored for a period of 30 days and then automatically deleted if no further interaction is required.

• If the conversation results in a specific order or a continuing business relationship, the relevant data may be stored for a longer period in accordance with the statutory retention periods. In these cases, the data is stored on the basis of Art. 6 para. 1 lit. b GDPR (contract fulfillment) or Art. 6 para. 1 lit. f GDPR (legitimate interest in documenting the business relationship).

• After expiry of the respective storage period, the data will be deleted, provided there are no statutory retention obligations.

Your rights

You have the right to access, rectification, erasure, restriction of processing and data portability. You also have the right to object to the processing of your data. If you have any questions about the processing of your data or wish to assert your rights, please contact us using the contact details provided in this privacy policy.

Processing operations for which your consent is required (legal basis Article 6 (1) sentence 1 lit. a GDPR)

General information on the purpose and legal basis of the processing operations described below

(1) The purpose of the processing operations described below is described separately for each tool.

(2) The legal basis for the respective data processing is your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR. According to this provision, the processing of your personal data is permitted if you have given your consent to the processing of your personal data for one or more specific purposes.

General information on the storage period with regard to the data in the context of the processing operations described below

(1) We store the data until you withdraw your consent.

(2) If a contractual relationship is established between us following processing based on your consent, we may also store some of your data until the expiry of our statutory retention periods. The legal basis for this is Article 6 paragraph 1 sentence 1 lit. c GDPR in conjunction with. § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be stored beyond the time at which the purpose is achieved. We may be obliged to do the following,

1. to retain data relating to your person resulting from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) HGB, consolidated financial statements, management reports and group management reports, opening balance sheets, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, trading books as well as the work instructions and other organizational documents necessary for their understanding for ten years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. As a rule, the retention period begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR i.V.m. § Section 147 AO or in conjunction with. § SECTION 257 HGB),

2. retain personal data resulting from commercial or business letters received, from the reproduction of the commercial or business letters received and from other documents that are relevant for taxation purposes for six years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 147 AO). § Section 147 AO or in conjunction with. § SECTION 257 HGB).

Note for legal basis “Consent” (Germ. "Einwilligung")

(1) If we obtain your consent for processing, you have the right to withdraw this consent at any time with effect for the future. As a rule, this is possible by sending us an informal message (see “Controller” above).

(2) We would also like to point out that we process further of your personal data in the context of obtaining your consent. These are, on the one hand, identity features (such as your name, your e-mail address, your IP address) and, on the other hand, log data on consent (time of consent, status of consent, scope of consent). We base this data processing on Article 6 paragraph 1 sentence 1 lit. c GDPR in conjunction with Article 7 paragraph 1 GDPR. Article 7 paragraph 1 GDPR. The purpose is the need to prove that you have given your consent.

(3) We store the identity features and log data for consent until the end of the third calendar year following the year in which you withdraw your consent. The legal basis for this storage is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest arises from the fact that we must be able to prove within the relevant limitation period under civil law that you have consented and to what you have consented.

Further information on consent to the use of cookies with usercentrics

Above (i.e. in the section: “Processing operations for which your consent is required (legal basis Article 6 (1) sentence 1 lit. a GDPR) / Note on legal basis ‘Consent’ / paragraph 2) we have pointed out that we are obliged under Article 6 (1) sentence 1 lit. c GDPR to be able to prove at any time that you have given your consent for a particular processing of your personal data. In connection with the use of cookies, we use the tool usercentrics. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (privacy policy: https://usercentrics.com/de/datenschutzerklaerung/#toggleid-2). We use this tool to document your consent to cookie-based data processing on our website. In this context, we would like to point out that we process your personal data when obtaining your consent. These are, on the one hand, identity features and, on the other hand, log data for consent.

Data processing when using Google Analytics

(1) To analyze your user behavior on our website, we use the following service provider with its tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to briefly describe this processing procedure: The tool uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. The provider will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1.

(2) The purpose can be described as follows: We use this tool to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. You can find out more about how this provider processes data here: https://marketingplatform.google.com/intl/de/about/analytics/.

(3) We generally process the following data from you: This tool uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated in this way about your use of this website is usually transferred to a server of the provider in the USA and stored there. However, your IP address will be shortened beforehand by the provider within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there. The IP address transmitted by your browser when using this tool is not merged with other data by the provider. We also use this tool for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”. For your information, we would like to point out that we use this tool with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately.

(4) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using the Google Tag Manager

(1) To coordinate and carry out our analysis of your user behavior on our website and our advertising approach, we use the following service provider with its tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to briefly describe this processing procedure: This tool allows us to integrate various codes and services on our website in an organized and simplified manner. This tool implements the tags or triggers the integrated tags. When a tag is triggered, the provider may also process personal data. It cannot be ruled out that the provider may also transmit the data to a server in a third country. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1.

(2) The purpose can be described as follows: We use the tool to integrate various codes and services on our website in an orderly and simplified manner; this for the purposes of analyzing user behavior and, if necessary, for advertising purposes. You can find out more about how this provider processes data here: https://marketingplatform.google.com/intl/de/about/tag-manager/.

(3) As a rule, we process your data that we process in connection with Google analysis tools and Google advertising media. We refer to the other declarations in connection with processing in which the provider supports us.

(3) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Google Cloud services (single sign-on, calendar)

(1) For the creation of user accounts, login processes and access to calendar resources, we use the following service provider with its service described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to briefly describe this processing procedure: This tool allows us to enable users to register and log in via a Google account. In the case of expert accounts, we can also enter the corresponding appointments in previously approved calendars in the case of bookings. It cannot be ruled out that the provider will also transmit the data to a server in a third country. Authorizations for Google Cloud services can be revoked at any time in the privacy settings of the Google account. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1.

(2) The purpose can be described as follows: We use Google Cloud services to

• carry out the user registration and login process via a Google account of the user (single sign-on). An existing Google user account is required. In addition to a user ID, the name, email address and profile picture of the user can also be retrieved and saved.

• to write new appointments in Google Calendar in the event of a booking and to read existing appointments for more precise availability information.

(3) The use and transfer of information received from Google APIs through Expert Marketplace will be in accordance with the Google API Services User Data Policy, including the requirements for limited use.

(4) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Facebook

(1) We use the above-mentioned social media. Its provider is: Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA. If you are located outside the USA and/or Canada, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland is responsible. We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by this provider. If you visit our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. You can find the provider's privacy policy here: https://www.facebook.com/policy.php.

(2) Insofar as we can influence the data processing, its purpose is to present our company, to analyze your usage behavior in relation to the interaction with our company page maintained there and to communicate with you via this social network (possibly advertising).

(3) The categories of personal data that we process about you depend on the specific use of this social media, as described in paragraph 4.

(4) We maintain a company page on this social network and may analyze whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent you have given to this provider is decisive.

(5) In addition to our general statements on the legal basis, we would like to inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6 (1) sentence 1 lit. a GDPR, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6 (1) sentence 1 lit. F GDPR, according to which your data may be processed if it is necessary to safeguard our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in particular if the data subject is a child. We have a commercial interest in linking to our company pages, whereby you click on the links independently and voluntarily. Otherwise, the provider is responsible.

(6) If and to the extent that we analyze visitor interactions with our company page, we are jointly responsible with Facebook under data protection law; this is in accordance with Article 26 GDPR. If and insofar as we commission Facebook to process data for us beyond this, we are clients within the meaning of Article 28 GDPR. The fact that the data may be processed by the provider outside the European Union does not prevent the data processing operations. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). This is done vis-à-vis us insofar as we control the data processing. Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information). If the provider controls the processing (for example, if you visit the social network independently of an action on our website), there is already no transfer by us to the USA, so that we do not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship between us and the provider of the social network within the meaning of Article 26 GDPR.

(7) We would also like to point out the following:

• We have linked our company page with this provider on our website. If you click on this link (i.e. the link to our company page), you will be taken to our profile. With regard to this processing, we refer to our previous statements on visiting our company page with this provider.

• We use the Facebook pixel. This is an analysis tool that can be used to measure the effectiveness of advertising. It is generally used to understand and track people's actions on a website. The Facebook pixel is implemented on a website by placing the pixel code in the header of the website. If someone then visits the website and performs an action (e.g. completes a purchase), the Facebook pixel is triggered and the action is reported. In this way, you find out when a customer takes an action and can evaluate this. There is also the option of extended matching, which we also use and which is also covered by your consent. The Facebook pixel makes it possible to transmit customer data such as first name, surname, email address, etc. to Facebook and enrich it with existing tracking data. This makes it possible to collect data from non-Facebook users or to record users who are not logged in to Facebook while visiting a website. As a result, website visitors who deliberately prevent the storage of third-party cookies are tracked via Facebook. We have commissioned the provider in this respect in accordance with Article 28 GDPR. You can find more information on how this works and the associated data processing here: https://dede.facebook.com/business/help/742478679120153?id=1205376682832142

We use Facebook Ads.

• With the help of the advertising media of this tool (so-called Facebook Ads), we can draw attention to our attractive offers on Facebook. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. We are interested in showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

• These advertisements are delivered by the provider. If you access our website via an advertisement presented to you by this provider, the tool will store a cookie on your PC. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

• Due to the tool used, your browser automatically establishes a direct connection with the server of this provider. We have no influence on the scope and further use of the data collected through the use of this tool and therefore inform you according to our level of knowledge: By integrating the advertising material of this tool, the provider receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a service of this provider, the provider can assign the visit to your account. Even if you are not registered with this provider or have not logged in, it is possible that the provider will find out your IP address and save it.

• You can prevent participation in this tracking process in various ways:by setting your browser software accordingly, in particular by suppressing third-party cookies so that you do not receive any ads from third-party providers;by deactivating cookiesWe have commissioned the provider in this respect in accordance with Article 28 GDPR.You can find more information on how it works and the associated data processing here: https://de-de.facebook.com/business/ads

• We upload your data to Facebook Custom Audience, of course only after you have given your consent. This allows us to display interest-based advertising (“ads”) to users of our website when they visit the social network provided by the provider. For this purpose, we upload your contact details (usually your e-mail address) to this provider, who checks whether you are registered with them with these contact details. If not, you will not be included in our custom audience (a type of database that we maintain with this provider). If the answer is yes, you will be included in our Custom Audience. If you then visit the social network provided by this provider, we will have the opportunity to show you advertisements that are of interest to you. Further information on how this works and the associated data processing can be found here: https://dede.facebook.com/business/help/341425252616329?id=2469097953376494. We have commissioned the provider in this regard in accordance with Article 28 GDPR.

Data processing when using Instagram

(1) We use the above-mentioned social media. Its provider is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, impressum@support.instagram.com. We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by this provider. If you visit our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. You can find the provider's privacy policy here: https://help.instagram.com/519522125107875.

(2) Insofar as we can influence the data processing, its purpose is to present our company, to analyze your usage behavior in relation to the interaction with our company page maintained there and to communicate with you via this social network (possibly advertising).

(3) The categories of personal data that we process about you depend on the specific use of that social media, as described in paragraph 4.

(4) We maintain a company page on this social network and may analyze whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent you have given to this provider is decisive.

(5) In addition to our general statements on the legal basis, we would like to inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6 (1) sentence 1 lit. a GDPR, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6 paragraph 1 sentence 1 lit. f GDPR, according to which your data may be processed if it is necessary to safeguard our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in particular if the data subject is a child. We have a commercial interest in linking to our company pages, whereby you click on the links independently and voluntarily. Otherwise, the provider is responsible.

(6) If and insofar as we analyze visitor interactions with our company website, we are jointly responsible with this provider under data protection law; this in accordance with Article 26 GDPR. If and insofar as we commission this provider to process data for us beyond this, we are clients within the meaning of Article 28 GDPR. The data processing operations are also not prevented by the fact that the data may be processed by the provider outside the European Union; possibly in cooperation with Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). This is done vis-à-vis us, insofar as we control the data processing. Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information). If the provider controls the processing (for example, if you visit the social network independently of an action on our website), there is already no transfer by us to the USA, so that we do not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship between us and the provider of the social network within the meaning of Article 26 GDPR.

(7) We would also like to point out the following:

• We have linked our company page with this provider on our website. If you click on this link (i.e. the link to our company page), you will be taken to our profile. With regard to this processing, we refer to our previous comments on visiting our company page with this provider. We use Instagram Ads.

• With the help of the advertising material of this tool (so-called Instagram Ads), we can draw attention to our attractive offers in the social network of this provider. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

• These advertisements are delivered by the provider. If you access our website via an advertisement presented to you by this provider, the tool will store a cookie on your PC. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

• Due to the tool used, your browser automatically establishes a direct connection with the server of this provider. We have no influence on the scope and further use of the data collected through the use of this tool and therefore inform you according to our level of knowledge: By integrating the advertising material of this tool, the provider receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a service of this provider, the provider can assign the visit to your account. Even if you are not registered with this provider or have not logged in, it is possible that the provider will find out your IP address and save it.

• You can prevent participation in this tracking process in various ways:

  • by setting your browser software accordingly; in particular, suppressing third-party cookies means that you will not receive any ads from third-party providers;

  • by deactivating the cookiesieso

• You can find more information on how this works and the associated data processing here: https://business.instagram.com/advertising/.

Data processing for the use of LinkedIn

(1) We use the above-mentioned social medium. Its provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by this provider. If you visit our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. You can find the provider's privacy policy here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

(2) Insofar as we can influence the data processing, its purpose is to present our company, to analyze your usage behavior in relation to the interaction with our company page maintained there and to communicate with you via this social network (possibly advertising).

(3) The categories of personal data that we process about you depend on the specific use of this social medium, as described in paragraph 4.

(4) We maintain a company page on this social network and may analyze whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent you have given to this provider is decisive.

(5) In addition to our general statements on the legal basis, we would like to inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6 (1) sentence 1 lit. a GDPR, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6 paragraph 1 sentence 1 lit. f GDPR, according to which your data may be processed if it is necessary to safeguard our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in particular if the data subject is a child. We have a commercial interest in linking to our company pages, whereby you click on the links independently and voluntarily. Otherwise, the provider is responsible.

(6) If and insofar as we analyze visitor interactions with our company website, we are jointly responsible with this provider under data protection law; this in accordance with Article 26 GDPR. If and insofar as we commission this provider to process data for us beyond this, we are the client within the meaning of Article 28 GDPR. The fact that the data may be processed outside the European Union by the provider, possibly in cooperation with LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA, does not prevent the data processing operations. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). This is done vis-à-vis us insofar as we control the data processing. Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information). If the provider controls the processing (for example, if you visit the social network independently of an action on our website), there is already no transfer by us to the USA, so that we do not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship between us and the provider of the social network within the meaning of Article 26 GDPR.

(7) We would also like to point out the following:

• We have linked our company page with this provider on our website. If you click on this link (i.e. the link to our company page), you will be taken to our profile. With regard to this processing, we refer to our previous statements on visiting our company page with this provider.

We use LinkedIn Ads.

• With the help of the advertising material of this tool (so-called LinkedIn Ads), we can draw attention to our attractive offers in the social network of this provider. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. We are interested in showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

• These advertisements are delivered by the provider. If you access our website via an advertisement presented to you by this provider, the tool will store a cookie on your PC. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

• Due to the tool used, your browser automatically establishes a direct connection with the server of this provider. We have no influence on the scope and further use of the data collected through the use of this tool and therefore inform you according to our level of knowledge: By integrating the advertising material of this tool, the provider receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a service of this provider, the provider can assign the visit to your account. Even if you are not registered with this provider or have not logged in, it is possible that the provider will find out your IP address and save it.

• You can prevent participation in this tracking process in various ways:

by setting your browser software accordingly; in particular, suppressing third-party cookies means that you will not receive any ads from third-party providers;by deactivating the cookies

• You can find more information on how this works and the associated data processing here: https://business.linkedin.com/de-de/marketing-solutions/ads.

Data processing when using Xing

(1) We use the above-mentioned social medium. Its provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by this provider. If you visit our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. You can find the provider's privacy policy here: https://privacy.xing.com/de/datenschutzerklaerung. You can also find further information on data protection with this provider here: https://privacy.xing.com/de.

(2) Insofar as we can influence the data processing, its purpose is to present our company, to analyze your usage behavior in relation to the interaction with our company page maintained there and to communicate with you via this social network (possibly advertising).

(3) The categories of personal data that we process about you depend on the specific use of this social media, as described in paragraph 4.

(4) We maintain a company page on this social network and may analyze whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent you have given to this provider is decisive.

(5) In addition to our general statements on the legal basis, we would like to inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6 (1) sentence 1 lit. a GDPR, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6 paragraph 1 sentence 1 lit. f GDPR, according to which your data may be processed if it is necessary to safeguard our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in particular if the data subject is a child. We have a commercial interest in linking to our company pages, whereby you click on the links independently and voluntarily. Otherwise, the provider is responsible.

(6) If and insofar as we analyze visitor interactions with our company website, we are jointly responsible with this provider under data protection law; this in accordance with Article 26 GDPR.

(7) We would also like to point out the following:

We have linked our company page with this provider on our website. If you click on this link (i.e. the link to our company page), you will be taken to our profile. With regard to this processing, we refer to our previous statements on visiting our company page with this provider.

• We use Xing Ads.

• With the help of the advertising media of this tool (so-called Xing Ads), we can draw attention to our attractive offers in the social network of this provider. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. We are interested in showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

• These advertisements are delivered by the provider. If you access our website via an advertisement presented to you by this provider, the tool will store a cookie on your PC. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

• Due to the tool used, your browser automatically establishes a direct connection with the server of this provider. We have no influence on the scope and further use of the data collected through the use of this tool and therefore inform you according to our level of knowledge: By integrating the advertising material of this tool, the provider receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a service of this provider, the provider can assign the visit to your account. Even if you are not registered with this provider or have not logged in, it is possible that the provider will find out your IP address and save it.

You can prevent participation in this tracking process in various ways:

• by setting your browser software accordingly; in particular, suppressing third-party cookies means that you will not receive any ads from third-party providers;

• by deactivating the cookies

You can find more information on how this works and the associated data processing here: https://werben.xing.com/marketingloesungen/xing-ads/

Data processing when using Twitter

(1) We use the above-mentioned social medium. Its provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by this provider. If you visit our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. You can find the provider's privacy policy here: https://twitter.com/de/privacy.

(2) Insofar as we can influence the data processing, its purpose is to present our company, to analyze your usage behavior in relation to the interaction with our company page maintained there and to communicate with you via this social network (possibly advertising).

(3) The categories of personal data that we process about you depend on the specific use of this social media, as described in paragraph 4.

(4) We maintain a company page on this social network and may analyze whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent you have given to this provider is decisive.

(5) In addition to our general statements on the legal basis, we would like to inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6 (1) sentence 1 lit. a GDPR, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6 paragraph 1 sentence 1 lit. f GDPR, according to which your data may be processed if it is necessary to safeguard our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail, in particular if the data subject is a child. We have a commercial interest in linking to our company pages, whereby you click on the links independently and voluntarily. Otherwise, the provider is responsible.

(6) If and insofar as we analyze visitor interactions with our company website, we are jointly responsible with this provider under data protection law; this in accordance with Article 26 GDPR. If and insofar as we commission this provider to process data for us beyond this, we are clients within the meaning of Article 28 GDPR. The fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Twitter, Inc, 1355 Market Street #900, San Francisco, California 94103 USA, does not prevent the data processing operations. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). This is done vis-à-vis us insofar as we control the data processing. Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information). If the provider controls the processing (for example, if you visit the social network independently of an action on our website), there is already no transfer by us to the USA, so that we do not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship between us and the provider of the social network within the meaning of Article 26 GDPR.

(7) We would also like to point out the following:

• We have linked our company page with this provider on our website. If you click on this link (i.e. the link to our company page), you will be taken to our profile. With regard to this processing, we refer to our previous statements on visiting our company page with this provider.

• We use Twitter Ads.

• With the help of the advertising media of this tool (so-called Twitter Ads), we can draw attention to our attractive offers in the social network of this provider. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

• These advertisements are delivered by the provider. If you access our website via an advertisement presented to you by this provider, the tool will store a cookie on your PC. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

• Due to the tool used, your browser automatically establishes a direct connection with the server of this provider. We have no influence on the scope and further use of the data collected through the use of this tool and therefore inform you according to our level of knowledge: By integrating the advertising material of this tool, the provider receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a service of this provider, the provider can assign the visit to your account. Even if you are not registered with this provider or have not logged in, it is possible that the provider will find out your IP address and save it.

You can prevent participation in this tracking process in various ways:

• by setting your browser software accordingly; in particular, suppressing third-party cookies means that you will not receive any ads from third-party providers;

• by deactivating the cookies

• You can find more information on how this works and the associated data processing here: https://ads.twitter.com/onboarding/18ce555439h/welcome.

Data processing when using Google Ads

(1) We use the above-mentioned social media. Its provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. You can find the provider's privacy policy here: https://policies.google.com/privacy?fg=1.

(2) Insofar as we can influence the data processing, its purpose is to present our company, to analyze your usage behavior in relation to the interaction with our company page maintained there and to communicate with you via this social network (possibly advertising).

(3) These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of ads, Google receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

(4) You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly; in particular, suppressing third-party cookies will prevent you from receiving ads from third-party providers; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google. de/settings/ads, whereby this setting will be deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies; d) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

(5) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Google Remarketing

(1) We use the above-mentioned social media. Its provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. You can find the provider's privacy policy here: https://policies.google.com/privacy?fg=1.ung when using Google Remarketing.

(2) This is a procedure with which we would like to address you with advertising. Through this application, our advertisements can be displayed to you when you continue to use the Internet after visiting our website. This is done by means of cookies stored in your browser, which are used by the provider to record and evaluate your usage behavior when you visit various websites. In this way, the provider can determine your previous visit to our website. According to its own statements, this provider does not merge the data collected in the context of remarketing with your personal data, which may be stored by the provider. In particular, according to this provider, pseudonymization is used for remarketing. This takes place across all devices on which you are logged in with an account with this provider or were logged in for even a brief moment.

(3) These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the provider's server.

(4) You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular suppressing third-party cookies will prevent you from receiving ads from third-party providers; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies.

(5) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using YouTube (with own channel)

(1) We use the above-mentioned video platform or video portal on our website. Its provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will also be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. You can find the provider's privacy policy here: https://policies.google.com/privacy?fg=1.

(2) We would like to briefly describe this processing procedure: Plugins from the YouTube video portal are integrated on our website. Each time you access a page that offers one or more YouTube video clips, a direct connection is established between your browser and a YouTube server. These videos are all integrated in “extended data protection mode”. No data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 3 be transmitted. We have no influence on this data transfer. If you use a Google account and do not wish to be associated with your profile on YouTube, you must log out before activating the button.

(3) We generally process the following data from you: When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

(4) We also maintain a company page with this provider. If you interact with this company page, it is possible that the provider will process your data as described in paragraph 3.

(5) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Vimeo (with own channel)

(1) We use the above-mentioned video platform or video portal on our website. Its provider is Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. You can find the provider's privacy policy here: https://vimeo.com/privacy.

(2) We would like to briefly describe this processing procedure: Plugins from the video portal Vimeo are integrated on our website. Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA.

(3) We generally process the following data from you: Information about your visit and your IP address are stored there. Through interactions with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there. Vimeo also calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo's own tracking, to which we have no access.

(4) We also maintain a company page with this provider. If you interact with this company page, it is possible that the provider will process your data as described in paragraph 3.

(5) The fact that the data may be processed outside the European Union does not prevent the data processing operations. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Spotify

(1) We use the above-mentioned platform to publish podcast episodes (both video and audio) on our website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Further information on data protection at Spotify can be found at https://www.spotify.com/de/legal/privacy-policy.

(2) We would like to briefly describe this processing operation: Our website uses plugins from “Spotify”. You can find an overview of the Spotify plugins at: https://developer.spotify.com. We use Spotify by embedding individual audio files, albums or playlists from the platform on our website as an iFrame so that they can be played directly on our website as a stream.

(3) We generally process the following data from you: When you visit a subpage of our website on which a Spotify plugin is embedded, a connection to the Spotify servers is established and the plugin is displayed within our website. This tells Spotify which website you have visited. Your IP address may also be transmitted to Spotify. If you play an embedded audio file, an album or a playlist, this information will also be passed on to Spotify. If you are logged in as a Spotify user, Spotify will assign this data to your user account. If you do not want Spotify to be able to assign your visit to our website to your Spotify user account, please log out of your Spotify user account.

(4) We cannot rule out the possibility that the provider may transfer your data to a country outside the European Union. The provider writes in its privacy policy: “Personal data collected within the European Union and Switzerland may, for example, be transferred to and processed by third parties based in a country outside the European Union and Switzerland. In these cases, Spotify will ensure that the transfer of your personal data is in accordance with applicable data protection laws and, in particular, that appropriate contractual, technical and organizational measures, such as the standard contractual clauses approved by the EU Commission, are in place.” This does not prevent data processing operations. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using i-Tunes (Apple)

(1) We use the above-mentioned platform to publish podcast episodes (both video and audio) on our website. The provider is Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. Further information on data protection at Spotify can be found at https://www.apple.com/legal/privacy/de-ww/.

(2) We would like to briefly describe this processing operation: Our website uses plugins from Apple and i-Tunes. We use this by embedding individual audio files, albums or playlists from the platform on our website as an iFrame so that they can be played directly on our website as a stream.

(3) We generally process the following data from you: When you visit a subpage of our website on which such a plugin is embedded, a connection to the provider's servers is established and the plugin is displayed within our website. This tells the provider which website you have visited. Your IP address may also be transmitted to the provider. If you play an embedded audio file, an album or a playlist, this information is also passed on to the provider. If you are logged in as an i-Tunes user, the provider assigns this data to your user account. If you do not want the provider to be able to assign your visit to our pages to your user account, please log out of your user account.

(4) We cannot rule out the possibility that the provider may transfer your data to a country outside the European Union. This does not prevent the data processing operations. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Klick Tipp

(1) We use the above-mentioned marketing automation service provider. Its provider is KLICK-TIPP LIMITED, 15 Cambridge Court, 210 Shepherd's Bush Road, London W6 7NJ (United Kingdom).

(2) We would like to briefly describe this processing operation: We use Klick-Tipp to apply marketing measures to you that we have identified and described as such in this privacy policy. We have commissioned this provider with the processing of your personal data required in this respect in accordance with Article 28 (3) GDPR. The privacy policy of this provider can be found here: https://www.klicktipp. com/datenschutzerklärung.

(3) We generally process the following data from you: We process all data that we use for advertising purposes, as already described in this privacy policy. Furthermore, we use the so-called “tags” from Klick-Tipp in communication with you (e.g. to process the contract or for follow-up emails) and when delivering newsletters and webinars. A tag is a label for information with additional information, specifications or categories. When tagging, information is linked to suitable keywords, categories or other parameters defined by us in advance. You can find more information on tagging with Klick-Tipp at https://www.klick-tipp.com/handbuch/erste- schritte/tagstellen. It is important that we use and define these tags in such a way that Klick-Tipp follows our instructions here. Klick Tipp uses so-called SmartTags and manual tags. Smart tags are used when you register for something via a registration form (appointment, newsletter, webinar, etc.). In this case, you will automatically receive a tag with the name of the relevant registration form. Klick-Tipp also automatically sets the tags “email received”, “email opened”, “email clicked” and “email viewed in browser” for us. We define manual tags completely independently. For example, we can tag you with “Customer” or - even more specifically - with “Purchased product B” or “Viewed webinar up to this point”. Klick-Tipp collects some of the information that becomes the basis for tagging via additional tracking pixels. The tags are basically used to enable us to fulfill our obligations in the pre-contractual and contractual relationship. They also enable us to communicate with you automatically, which increases our availability and thus our service level. If we use the tags to send advertising, this is part of the legal basis asserted for this. We also use the tags to improve the advertising approach. If you do not wish to be analyzed by Klick-Tipp, you must therefore unsubscribe or object to the reason for our communication. We provide a corresponding link for this purpose in every message that is aimed at this. You can also unsubscribe from the newsletter or the webinar directly on the website.

(5) The fact that the data may be processed outside the European Union does not prevent the data processing operations. This is because pursuant to Art. FINPROV 10A of the Brexit Agreement of December 31, 2021 (p. 468 et seq.), the UK is not considered a “third country” under Article 44 GDPR for a period of four months from January 1, 2021, i.e. initially and for the time being until May 1, 2021. However, even irrespective of the UK's third country status, the transfer of data there is justified because the provider has undertaken to comply with the EU standard contractual clauses (Article 46 GDPR).

Data processing when using Salesforce

(1) We use the CRM tool Salesforce for marketing automation purposes. The provider of this tool is Salesforce, Inc., which is represented in Germany by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. You can find more information on data protection at this company at: https://www.salesforce.com/gdpr/overview/.

(2) We have carefully selected this provider and commissioned it in accordance with Article 28 GDPR, whereby you can find the contractual document in accordance with Article 28 (3) GDPR here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/dataprocessin g-addendum.pdf.

(3) The fact that Salesforce, Inc. has its registered office outside the European Union does not prevent it from being commissioned. This is because in the event that your data is processed outside the USA, we rely on Article 47 GDPR in conjunction with Salesforce's Processor Binding Corporate Rules for the Processing of Personal Data, cf. )https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce- Processor-BCR.pdf.

Zapier (for marketing automation)

(1) We use the following provider here: Zapier Inc, 548 Market St #62411, San Francisco, California 94104 (USA), which provides the “Zapir” tool we use. We would like to briefly describe this processing procedure: With Zapier, we can connect web apps so that customer and prospect data can be automatically exchanged between the various applications. The data is exchanged via Zapier, so that the data may also be processed there. We have commissioned this provider with the necessary processing of your personal data in accordance with Article 28 (3) GDPR. The privacy policy of this provider can be found here: https://zapier.com/privacy/.

(2) We generally process the following data from you: All data that we collect via tools that we use in connection with marketing automation. You can find more information on the possible uses at: https://zapier.com/learn/getting-started-guide/what-is-zapier/.

(3) The fact that this provider is based outside the European Union does not prevent it from being commissioned. This is because we can only offer you contractual services for which we use Zapier if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when using Google Maps

(1) We use the tool of the provider described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. We would like to briefly describe the processing procedure: This tool is intended to enable you to determine our location on our website using an interactive map and to determine the best route to us for you using the route planner function of this tool. You can find out more about this tool here: https://support.google.com/maps/answer/7576020?hl=de#null

(2) Data about the use of our website, your IP address and the address entered for route planning are transmitted to Google, whereby this takes place directly via the browser you are using, so that we have no further influence on this processing. Which data is transferred in detail also depends on whether you use our site as a logged-in user of a Google account. Details on data transmission and use can be found at: https://policies.google.com/privacy?hl=de

(3) The data processing operations are also not precluded by the fact that the data may be processed by the provider outside the European Union, possibly in cooperation with Google LLC. This is because your personal data will only be processed via this tool if you consent to the associated data transfer to the USA (see Article 49(1)(a) GDPR). Please be sure to read our risk information beforehand (see General section/special constellation: Consent to transfer to third country bodies based in the USA, including the risk information).

Data processing when sending a newsletter

(1) We may process your data in order to send you a newsletter. A newsletter is a regularly published electronic circular. To begin with, you provide us with the data that we request for newsletter registration. After completing the double opt-in procedure (see paragraph 2), we will use your data to contact you with advertising by means of a newsletter.

(2) We use the so-called double opt-in procedure to obtain your consent. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm your consent. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this processing is Article 6 paragraph 1 sentence 1 lit. c GDPR. According to this provision, we may process your data if this is necessary to fulfill a legal obligation to which we are subject. The legal obligation to which we are subject follows from Article 7(1) GDPR and Article 5(1) GDPR. According to these provisions, we are legally obliged to document the obtaining of consent. This is only possible if we collect your data for verification purposes. We store the data for as long as this is necessary for verification purposes. If you confirm your consent, the retention period only ends after you withdraw your consent plus the time until any civil law claims become time-barred, i.e. generally on December 31 of the 3rd calendar year following the year in which you withdrew your consent.

(3) We generally process the following data from you: The data that you provide to us to register for the newsletter and the data that we need in accordance with paragraph 2 to prove that you have given your consent (opt-in status data) and, if applicable, data to withdraw your consent.

Processing operations that are in our legitimate interest (legal basis Article 6 (1) sentence 1 lit. f GDPR)

General information on the purpose and legal basis of the processing operations described below

(1) The purpose of the processing operations described below is described separately for each tool. It is the decisive justification for our legitimate interest in the processing.

(2) The legal basis for the respective data processing is Article 6 (1) sentence 1 lit. f GDPR. According to this provision, the processing of your personal data is also permitted without your consent if it is necessary to safeguard our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms that require the protection of personal data do not prevail.

General information on the storage period with regard to the data in the context of the processing operations described below

(1) We store the data until our purpose no longer applies, which is always the case if you have raised a justified objection (see “Information on the right to object.”).

(2) If a contractual relationship is established between us following processing based on the legitimate interest, we will also store the data until the expiry of our statutory retention periods. The legal basis for this is Article 6 paragraph 1 sentence

• 1 lit. c GDPR in conjunction with. § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be stored beyond the time at which the purpose is achieved. For example, we may be obliged 1. to retain data about you that is derived from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 para. 2a HGB, consolidated financial statements, management reports and group management reports, opening balance sheets, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, trading books as well as the work instructions and other organizational documents necessary for their understanding, for ten years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with § 147 AO or i.m. § Section 147 AO or in conjunction with. § SECTION 257 HGB),

• 2. to retain personal data resulting from commercial or business letters received, from the reproduction of the commercial or business letters received and from other documents that are relevant for taxation purposes for six years, whereby the retention period generally begins at the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c GDPR in conjunction with Section 147 AO or in conjunction with Section 147 AO). § Section 147 AO or in conjunction with. § SECTION 257 HGB).

Note on the right to object

(1) Insofar as we base data processing in the following data protection declaration on Article 6 paragraph 1 sentence 1 lit. f GDPR, i.e. on a legitimate interest in the processing, you always have the right to object to the processing. As a rule, this is possible by sending us an informal message (see “Controller” above). If the objection is justified, we will cease processing.

(2) If the legitimate interest is based on the interest in direct marketing or advertising, your objection is always justified if you are identified.

Informational use of the website

(1) If you use our website purely for information purposes, i.e. if you do not register as a user or otherwise transmit information, we collect the following data from you: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its interface, language and version of the browser software. We receive this data via cookies and directly from your browser.

(2) The purpose of this processing is to provide our website and for statistical analysis.

Transient cookies

(1) We would like to briefly describe this processing procedure: We use so-called transient cookies on our website. These include session cookies in particular. These store a so-called session ID, with which various requests from the visitor's browser can be assigned to the joint session. This allows the visitor's computer to be recognized when the visitor returns to your website.

(2) The purpose, from which our legitimate interest also follows, can be described as follows: The cookies are used to display and use the website in a way that suits you.

(3) We generally process the following data from you: Session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Rights management

(1) You have certain rights vis-à-vis us (see General section, Rights of visitors to the website). If you assert rights against us, we process the associated contact, communication and transaction data.

(2) We process your data as follows:

1. we receive your request

2. we examine your request.

3. if justified, we will comply with your request. 4. we store the associated data.

(3) While the processing within the meaning of paragraph 2 numbers 1 to 3 is justified by Article 6 paragraph 1 sentence 1 lit. c GDPR (we are generally obliged to process your requests under the GDPR), the purpose of the storage (paragraph 2 number 4) is that we store the data in order to be able to defend ourselves later against claims on your part. This is also our legitimate interest. We store your data until the end of the third calendar year following your request/input (see Article 6 (1) sentence 1 lit. f GDPR in conjunction with Sections 193, 195 BGB).

External advice, if you assert claims

(1) You have certain rights vis-à-vis us (see General section, Rights of visitors to the website). If you assert rights against us, we will transfer your data to external consultants who we have either obliged to maintain confidentiality or who are obliged to maintain confidentiality under professional law.

(2) The purpose of the processing is for us to obtain expert advice in order to process your concerns in accordance with the law. This is in both our and your legitimate interest.

Data processing when using ProvenExpert

(1) We have integrated the ProvenExpert rating tool on this website to enable you to rate us and our services. This evaluation tool is operated by Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, privacy@provenexpert.com. You can currently find the privacy policy of this service provider at https://www.provenexpert.com/dede/datenschutzbestimmungen/. There you will find all further information on the processing of your data when submitting a rating.

(2) Insofar as we use this evaluation tool, a distinction must be made between three processing operations:

• a. First, we graphically display the logo of the rating tool on our website. As soon as you click on the logo, the information that you have visited our website and that you have clicked on the logo from there is transmitted to the provider of the evaluation tool.

• b. As soon as you submit a rating about us and our services on the rating tool provider's website, the provider of the rating tool processes your data for the purpose of displaying the rating and, if necessary, for other purposes about which this provider must inform you. (2) As part of the creation of reviews, the provider of Proven Expert stores your email address and the associated log file as inventory data. According to Proven Expert, the log file consists of the IP address assigned to the requesting computer by the Internet access provider for the session, as well as the name and version of the Internet browser you used to access our website. The storage of the inventory data is necessary for the provider of Proven Expert in order to prevent misuse (e.g. through multiple evaluations by users). You can also voluntarily provide further information (e.g. name and company), which will then also be stored by the provider.

• c. In the case of your rating, your name and e-mail address will be transmitted to the provider of the rating tool as well as the customer ID of the order process, if shared by you. The provider of the rating tool checks the transmitted rating and publishes it on our website.

(3) Instead of the “classic” registration or verification of the reviews you have submitted, you also have the option of doing this via a user account on a social network. The provider of Proven Expert will never receive the access data to your profile on a social network. Integrated into its service are: LinkedIn, the social network of LinkedIn Ireland, Gardner House, Wilton Place, Wilton Plaza, Dublin 2 Ireland (“LinkedIn”) and Google Plus, the social network of Google Inc, Mountain View, California, USA, and Xing, the social network of XING AG, Dammtorstraße 29 - 32, 20354 Hamburg, Germany (“Xing”). Furthermore, Facebook, the social network of Facebook Ireland Ltd, Hanover Reach, 5 - 7 Hanover Quay, Dublin 2 Ireland (“Facebook”), is integrated into the provider's service, although only reviews can be verified via this.

(4) The purpose of all three processing operations is that we give you the voluntary opportunity, which is irrelevant for the contract design, to evaluate us and our performance independently of our sphere of influence; in the case of processing operation lit. c, the purpose is added that your evaluation is to be verified by a concrete contractual relationship with us.

(5) The relevant legal basis for the processing operation is paragraph 2 litt.

• a. Article 6 (1) sentence 1 lit. f GDPR, whereby our legitimate interest follows from the fact that we give you the voluntary opportunity, which is irrelevant for the contract design, to evaluate us and our performance independently of our sphere of influence, see above for details of this legal basis.

• b. the legal basis that the provider of the evaluation tool specifies to you, as it is the controller in this respect and no longer us,

• c. the legal basis that the provider of the rating tool specifies to you, as it is the controller in this respect and no longer us.

For the processing in paragraph 3, the legal basis that the provider declares to you is decisive.

The use of the Amazon Partner Program

(1) We use affiliate marketing systems on our website, in our emails and in our other communication with you. Affiliate systems are internet-based sales methods in which a commercial provider (hereinafter: provider) remunerates its sales partners (hereinafter: affiliates) through commissions. The provider provides advertising material which the affiliate presents to third parties on its website and via other communication channels (hereinafter: affiliate link). If the third parties click on the affiliate links, they will be taken to the provider's website, whereby the information that they have reached it via the affiliate link is also transmitted. If a contract and/or transaction is concluded between the third party and the provider, the affiliate receives a commission.

(2) We use the affiliate system “Amazon Partner Program” and are therefore participants in the partner program of Amazon Europe S. à. r. l. and partners of the advertising program, which was designed to provide a medium for Internet sites by means of which advertising costs can be earned through the placement of advertisements and links to amazon.de. Our interest in the program is to show you advertisements that are of interest to you and to make our website more interesting for our users. In order to provide the advertisements, statistical information about you is collected and processed by our advertising partners. When you visit the website, Amazon receives the information that you have accessed the corresponding page of our website. For this purpose, Amazon uses web beacons to determine your requirements and may set a cookie on your computer. We have no influence on the data collected, nor are we aware of the full extent of the data collection and the storage period. If you are logged in to Amazon, your data can be assigned directly to your account there. If you do not wish your data to be associated with your Amazon profile, you must log out. It is possible that your data may be passed on to contractual partners of Amazon and authorities. We have no influence on the data collected, nor are we aware of the full extent of the data collection. The data is transferred to the USA and analyzed there. You can prevent the installation of cookies from the Amazon Partner Program in various ways: a) by setting your browser software accordingly; in particular, suppressing third-party cookies will prevent you from receiving ads from third-party providers; b) by deactivating interest-based ads on Amazon via the link http://www.amazon.de/gp/dra/info. Further information on the purpose and scope of data collection and its processing as well as further information on your rights in this regard and setting options to protect your privacy can also be found in addition to the above privacy policy at Amazon EU S.à.r.l, Amazon Services Europe S.à.r. l. and Amazon Media EU S.à.r. l., all three located at 5, Rue Plaetis, L-2338 Luxembourg; e-mail: ad- feedback@amazon.de.

(3) The legitimate interest required for this processing arises from the fact that affiliate commission may have to be calculated and paid out. This is a recognizable economic interest. Your interests are safeguarded by the fact that we make this process transparent and that you have the right to object if necessary. Insofar as this is based on so-called cookies, we refer to our explanations in the special section “Processing operations for which your consent is required”.

The use of the ablefy partner program

(1) We use affiliate marketing systems on our website, in our emails and in our other communication with you. Affiliate systems are internet-based sales methods in which a commercial provider (hereinafter: provider) remunerates its sales partners (hereinafter: affiliates) through commissions. The provider provides advertising material which the affiliate presents to third parties on its website and via other communication channels (hereinafter: affiliate link). If the third parties click on the affiliate links, they will be taken to the provider's website, whereby the information that they have reached it via the affiliate link is also transmitted. If a contract and/or transaction is concluded between the third party and the provider, the affiliate receives a commission.

(2) We use the “Ablefy Partner Program” and are thus participants in the partner program of ablefy GmbH, Kurfürstendamm 182, 10707 Berlin (https://myablefy.com/privacy), which was designed to provide a medium for websites by means of which advertising costs can be earned through the placement of advertisements and links to ablefy. With this program, we pursue the interest of showing you advertisements that are of interest to you and make our website more interesting for our users. In order to provide the advertisements, statistical information about you is collected and processed by our advertising partners. When you visit the website, ablefy receives the information that you have accessed the corresponding page of our website.

(3) The legitimate interest required for this processing arises from the fact that affiliate commission may have to be calculated and paid out. This is a recognizable economic interest. Your interests are safeguarded by the fact that we make this process transparent and that you have the right to object if necessary. Insofar as this is based on so-called cookies, we refer to our explanations in the special section “Processing operations for which your consent is required”.

Cookie Information