Data Privacy Policy and Consents

Data Privacy Policy

Status: June 2023

We, ENVIRIA Energy Holding GmbH (hereinafter jointly referred to as the "Company", "Responsible Party", "we" or "us") take the protection of your personal data seriously and would like to inform you at this point about data protection in our company. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "DS-GVO") in order to ensure the protection of personal data of a processing data subject (we address you as a data subject hereinafter also with "Customer", "User", "you" or "Data Subject").

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (see Articles 13 and 14 DS-GVO). This privacy policy (hereinafter: "Privacy Policy") explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Our data protection declaration has a modular structure. It consists of a general part for any processing of personal data and processing situations that come into play each time a website is called up (A. General information) and a special part, the content of which relates in each case only to the processing situation specified there with designation of the respective offer or product, in particular the visit to this website as detailed here (B. Data collection when visiting this Website).

A. General Informaion

(1) Definitions

This privacy policy is based on the following definitions:

● "Personal Data" (Art. 4 No. 1 DS-GVO) means any information relating to an identified or identifiable natural person ("Data Subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information regarding his or her physical, physiological, genetic, mental, economic, cultural or social characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or sound recordings may also contain personal data).

● "Processing" (Art. 4 No. 2 DS-GVO) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. acquisition), recording, organization, classification, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended use on which data processing was originally based.

● "Controller" (Art. 4 No. 7 DS-GVO) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

● "Third Party" (Art. 4 No. 10 DS-GVO) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data; this also includes other group-affiliated legal entities.

● "Processor" (Art. 4 No. 8 DS-GVO) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.

● "Consent" (Art. 4 No. 11 DS-GVO) of the data subject means any freely given, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data.

(2) Name and address of the Controller

The controller within the meaning of Art. 4 No. 7 DS-GVO is:

ENVIRIA Energy Holding GmbH

Niddastrasse 35

60329 Frankfurt am Main

Germany

+49 800 500 00 25

datenschutz@enviria.energy

https://enviria.energy

For further information on our company, please refer to the imprint on our website.

(3) Contact details of the Data Protection Officer

The data protection officer of the responsible party is:

Data Protect Plus UG (haftungsbeschränkt).

Hermannstr. 6

60318 Frankfurt am Main

Germany

+49 89 7400 45840

www.dataprotectplus.de

(4) Legal basis for data processing

By law, any processing of personal data is in principle prohibited and only permitted if the data processing falls under one of the following justifications:

● Art. 6 (1) p. 1 lit. a DS-GVO ("Consent"): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous confirming action that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;

● Art. 6 para. 1 p. 1 lit. b DS-GVO: If the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject;

● Art. 6 para. 1 p. 1 lit. c DS-GVO: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);

● Art. 6 (1) p. 1 lit. d DS-GVO: If the processing is necessary to protect the vital interests of the data subject or another natural person;

● Art. 6 (1) p. 1 lit. e DS-GVO: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or

● Art. 6 (1) p. 1 lit. f DS-GVO ("Legitimate Interests"): If the processing is necessary to protect legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject override (in particular if the data subject is a minor).

For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.

(5) Data erasure and storage period

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or the legal basis for the storage no longer applies, unless there are commercial or tax law retention obligations. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply. This means that the data will be deleted from the point in time when there are no longer any legal obligations to retain the data, unless you have expressly consented to its further use.

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

In principle, your data will only be stored on servers in the EU, subject to any transfer that may take place in accordance with the regulations in A.(9) and A.(10).

(6) Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. For this purpose, please contact us under the data specified in A.(2).

(7) Technical and organizational measures

We take technical and organizational measures to ensure that the security and protection requirements of the GDPR are met and that personal data are protected against loss, destruction, manipulation or access by unauthorized persons. The measures shall be adapted to the current state of the art in each case.

(8) Cooperation with processors

As is the case with any company, we also use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). These are only active according to our instructions and have been contractually obligated iSv Art. 28 DS-GVO to comply with data protection regulations.

If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing data processing agreements.

(9) Transfer of personal data to third parties; basis for justification

The following categories of recipients, which are usually processors (see A.(8)), may receive access to your personal data:

· Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO, insofar as it does not involve contract processors;

· State agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. c DS-GVO;

· Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f DS-GVO.

We use the following third-party services:

● Asana, Inc.,633 Folsom Street, San Francisco, CA 94107 (hereinafter: "Asana").

● Amazon Web Services (AWS), Inc., 410 Terry Avenue North, Seattle WA 98109, United States (hereinafter: "AWS").

● Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxem-bourg (hereinafter: "Amazon EU").

● Automattic Inc, 60 29th Street #343, San Francisco, CA 94110-4929, USA (hereinafter: "Wordpress").

● Calendly, LLC, 271 17th Street NW, Atlanta (hereinafter: "Calendly").

Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz, Österreich (hereinafter: „Storyblok“).● Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter: "Google EU").

● LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ire-land (hereinafter: "LinkedIn").

● Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (hereinafter: "Meta EU").

● Microsoft Corporation, One Microsoft Way, Reymond, WA, 98052-6399, USA (hereinafter: "Microsoft").

● Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (hereinafter: "Pipedrive").

● NextRoll, Inc, 1050 Page St, San Francisco, CA, USA (hereinafter: "AdRoll").

● Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (na-follow: "Twitter").

● XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter: "Xing").

● Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA („Vimeo“).

It is possible that the registered office of a third-party provider is located in a third country, i.e., a country in which the GDPR has no direct legal effect. In this case, the transfer of data will only take place in accordance with the strict requirements, which are set out in more detail under A.(10).

In addition, we will only disclose your personal data to third parties if you have given your express consent in accordance with Art. 6 (1) p. 1 lit. a DS-GVO.

(10) General information on the legal basis for data processing on this website.

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a DS-GVO or Art. 9 (2) lit. a DS-GVO, if special categories of data are processed according to Art. 9 (1) DS-GVO. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) a DS-GVO. If you have consented to the storage of cookies and / or to the access to information of your terminal device (e.g. via device fingerprinting), the data processing is additionally based on Section 25 (1) TTDSG. The respective consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DS-GVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 (1) lit. c DS-GVO. Furthermore, data processing may be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f DS-GVO. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

(11) Prerequisites for the transfer of personal data to the USA and other third countries.

In the course of our business relationships, your personal data may be transferred or disclosed to third parties. In particular, we use, among other things, tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on servers of US companies for monitoring purposes. We have no influence on these processing activities.

Any processing of personal data in a third country may only take place if the special requirements of Art. 44 et seq. DS-GVO are fulfilled. This includes in particular the conclusion of standard data protection clauses (hereinafter: "EU-SCC") with the subcontractor. For this purpose, the Contractor shall use the "Processor to Processor" module and conduct a so-called "Transfer Impact Assessment" (hereinafter: "TIA"). We shall inform you in the following about the respective details of the transfer .

(12) No automated decision making (including profiling).

We do not intend to use any personal data collected from you for any automated decision making process (including profiling).

(13) No obligation to provide personal data.

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are generally under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the data required for this purpose. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.

(14) Legal obligation to transmit certain data

We may, under certain circumstances, be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 (1) p. 1 lit. c DS-GVO).

(15) Your Rights

You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A.(2). As a data subject, you have the right:

● to request information about your data processed by us in accordance with Art. 15 DS-GVO. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

● in accordance with Art. 16 DS-GVO, to demand the correction of incorrect or the completion of your data stored by us without delay;

● In accordance with Art. 17 DS-GVO, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;

● in accordance with Art. 18 DS-GVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you or the processing is unlawful; If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. If you have lodged an objection pursuant to Art. 21 (1) DS-GVO, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State;

● in accordance with Art. 20 DS-GVO, you have the right to request that data which we process automatically on the basis of your consent or in fulfillment of a contract be handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible;

● in accordance with Art. 21 DS-GVO, the right to object to processing at any time, insofar as the processing is based on Art. 6 (1) p. 1 lit. e or lit. f DS-GVO. This also applies to profiling based on these provisions. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct advertising, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling more protective reasons on the basis of which we will continue the processing. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DS-GVO);

● in accordance with Art. 7 (3) DS-GVO, to OPPOSE your consent given once (also before the applicability of the DS-GVO, i.e. before 25.5.2018) - i.e. your voluntary will, made understandable in an informed manner and unambiguously by a declaration or other unambiguous confirming act, that you agree to the processing of the personal data concerned for one or more specific purposes - at any time vis-à-vis us, if you have given such consent. Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation, and

● ● to complain to a data protection supervisory authority in accordance with Art. 77 DS-GVO in the event of violations of the DS-GVO in connection with the processing of your personal data, for example to the data protection supervisory authority responsible for us: The Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, phone: 0611- 1408 0, e-mail: poststelle@datenschutz.hessen.de homepage: https://www.datenschutz-hessen.de.

● The right of appeal exists regardless any other administrative or judicial measures

(16) Changes to the Privacy Policy

In the context of the further development of data protection law as well as technological or organizational changes, our Privacy Policy is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of changes in particular on our German website at https://enviria.energy/datenschutz. This Privacy Policy is valid as of June 2023.

B. Data collection when visiting this Website

(1) Explanation of the function

You can obtain information about our company and the services we offer in particular at https://enviria.energy together with the associated sub-pages (hereinafter collectively referred to as the "website"). When you visit our Website, personal data may be processed.

(2) Processed personal data

Your personal data will - depending on the type of cookie - be collected automatically or after your consent when you visit the Website by our IT systems. During the informational use of our website, a so-called protocol data record (so-called server log files) is stored temporarily and anonymously on our web server (hereinafter: "protocol data"). This consists of:

· Information about the browser type and version used.

· The operating system of the user

· The user's Internet service provider

· Referer URL (the previously visited page)

· Name of the requesting provider

· The IP address of the user

· Date and time of access

· Transmitted data volumes

· Web pages from which the user's system accesses our website

· Web pages that are accessed by the user's system via our website.

This data is stored in the log files of our system. This data is not merged with other data sources.

(3) Purpose and legal basis of the processing

The processing of log data is processed by us for the following purposes in order to:

● ensure a smooth connection setup of the website,

● error-free provision of the website,

● optimize the content of our website for you, and

● ensure system security and stability.

These points are in your and our legitimate interest. In addition, we may also use this data to comply with our legal obligations to cooperate with law enforcement authorities. In no case do we use the collected data for the purpose of drawing conclusions about your person. Accordingly, the legal basis for data processing is Article 6 (1) lit. f DS-GVO. The log files are stored for as long as they are needed to display the website...

Other personal data may be used to analyze your user behavior. However, this requires your express consent, otherwise the personal data cannot be used for analysis and advertising purposes. This consent can be revoked by you at any time for the future. The legal basis for the processing of personal data for the aforementioned purpose is therefore Art. 6 para. 1 lit.a DS-GVO.

(4) Duration of data processing

Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases stated in the context of the processing purposes apply accordingly. With regard to the use and storage period of data, please refer to the information provided under A.(5).

Third parties engaged by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective data processing agreement.

For more details on the storage period of personal data, please refer to A.(5).

(5) Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

(6) SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

(7) Hosting of the Website and Content Delivery

We host the content of the website with AWS. When you visit our website, AWS collects various log files including your IP addresses. All data collected during a visit to our website is processed and stored on the servers of AWS. Further information on data protection from AWS. under the following website:

https://aws.amazon.com/de/compliance/data-privacy/The use of AWS is based on Art. 6 para. 1 lit. f DS-GVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies and/or access to information in the user's terminal device (e.g. for device fingerprinting) as defined by the TTDSG. This consent can be revoked at any time.

Data Processing Agreement

We have concluded an data processing agreement (hereinafter: "DPA") for the use of the above-mentioned service with AWS. This is a contract required by data protection law, which ensures that the latter only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DS-GVO.

(b) Amazon CloudFront CDN

We in turn use the content delivery network Amazon CloudFront CDN to host the website. The provider is Amazon EU.

Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via the Content Delivery Network. This allows us to increase the global accessibility and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f DS-GVO).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

More information about Amazon CloudFront CDN can be found here:

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

(8) Use of analysis tools, cookies and plugins and other third-party tools on our Website.

When visiting this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs, cookies, pixels and plug-ins.

Detailed information on these individual analysis programs, cookies, pixels and plug-ins can be found in the following explanations of the privacy policy:

(a) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies. Cookies are small data packets and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

Cookies can originate from us (so-called first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies on our website (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. consent via the cookie banner) (so-called technically necessary cookies). Other cookies may be used to evaluate user behavior or for advertising purposes (so-called statistics cookies or marketing cookies).

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

The use of the statistics and marketing cookies is for the purpose of improving the quality of our website and its content. Through the statistics and marketing cookies, we learn how the website is used and can thus constantly optimize our offer.

The legal basis for setting and storing technically necessary cookies on your terminal device is Art.6 para. 1 lit. f DS-GVO. The website operator has a legitimate interest in storing technically necessary cookies for the technically error-free and optimized provision of its website services. The use of statistics cookies and/or marketing cookies, on the other hand, requires your express consent in accordance with Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG. The setting and storage of statistics cookies and marketing cookies is based exclusively on this consent (Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG); this consent can be revoked at any time.

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the setting of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies, set the browser so that you are informed about the setting of cookies and only allow the setting of cookies in individual cases, you can exclude the acceptance of cookies for certain cases or in general, and you can activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in detail from the cookie banner.

Consent

This Website uses its own consent technology to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law.

When you visit our website, a cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data will not be passed on to third parties.

Cookie consent technology is used to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DS-GVO.

The collected data is stored until you request us to delete it, revoke your consent or the cookies delete themselves or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

(b) Google Analytics 4

This Website uses functions of the web analysis service Google Analytics, an analysis tracking tool of the American company Google Inc (hereinafter: "Google"). The provider for companies located in Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google EU").

Google Analytics enables the website operator to analyze the behavior of website visitors. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. Information such as browser, IP address, referrer URL, session duration, bounce rate, location, page views, dwell time, operating systems used and origin of the user is collected. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google EU also creates so-called heat maps. Heatmaps allow us to see exactly those areas that you click on. This gives us information about where you are on our site. Other data that Google EU collects are, for example, contact details, any ratings, playing media (e.g. when you play a video via our site), sharing content via social media or adding to your favorites.

Further, Google Analytics uses various modeling approaches to augment the data sets it collects and uses machine learning technologies in its data analysis.

This data is summarized in a user ID and assigned to the respective end device of the website visitor. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there. Google EU processes the data and we receive reports about your user behavior.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). Thus, Google Analytics uses a tracking code to create a random, unique ID that is associated with your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our website, Google Analytics will thus recognize you as a returning user. All data collected in the course of this will be stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles. In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is standard.

Google EU has its servers spread all over the world. Most of the servers are located in the USA. The information collected by Google EU about the use of this website is usually transferred to a Google EU server in the USA and stored there. You can find out exactly where Google's data centers are located here:

https://www.google.com/about/datacenters/locations/?hl=de.

IP Anonymization

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google EU still within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google EU server in the USA and only shortened there. On behalf of the operator of this website, Google EU will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google EU.

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics in order to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

Google Analytics is only used on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO and § 25 Para. 1 TTDSG. You can revoke your consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.Unless you consent to the use of Google Analytics, Google Analytics will not be used when you visit our website.

Data transfer to the USA as a result of the use of Google Analytics is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/.

Data Processing Agreement

We have concluded an data processing agreement (DPA) with Google EU and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

The statistics and data from Google Analytics help us to optimize our website and adapt it to user preferences and to offer our services in the best possible way. The data statistically evaluated by Google EU show us the strengths and weaknesses of our website and we can optimize it based on this. The data also serve us to carry out our advertising and marketing measures in a more individual and cost-effective manner.

The retention period of the data depends on the properties used. When using the newer Google Analytics 4 Properties, the retention period of your user data is fixed at 14 months. For other so-called event data, we have the option to choose between a retention period of 2 months or 14 months.

For Universal Analytics properties, Google Analytics defaults to a retention period of 26 months for your user data. Then your user data will be deleted.

Browser Plugin

You can prevent the collection and processing of your data by Google EU by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de.

More information on the handling of user data when using Google Analytics can be found in the privacy policy of Google EU:

https://support.google.com/analytics/answer/6004245?hl=de.

We hope we have been able to provide you with the most important information regarding Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links:

https://marketingplatform.google.com/about/anayltics/terms/de/

(c) Google Tag Manager

This Website uses Google Tag Manager (hereinafter: "Google Tag Manager"). Google Ads is an online advertising program of Google EU. This tag manager is one of many helpful marketing tools from Google. Through Google Tag Manager, we can centrally manage and incorporate code sections from various tracking tools that we have built into our website. Tags are small sections of code that, for example, track your activity on our website. For this purpose, JavaScript code sections are inserted into the source code of our site. The tags can come from google's own products such as Google Ads or Google Analytics 4, but tags from other companies can also be included and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.

In order to make our website the best it can be for you and all the people who are interested in our products and services, we need various tracking tools such as Google Analytics 4. The data collected in the course of this shows us what website visitors are most interested in, where we can improve our services. In principle, we could include each code section of the individual tracking tools separately in our source code. However, this requires a relatively large amount of time and it's easy to lose track of what's going on. That's why we use the Google Tag Manager, which allows us to centrally integrate and manage all tools and requires hardly any programming skills.

The legal basis for the use of the Tag Manager is Art. 6 para 1 f) DS-GVO. We have a legitimate interest in managing the individual analysis tools centrally via a platform.

The Tag Manager itself is a domain that does not set any cookies and does not store any data. It acts as a mere "administrator" of the implemented tags. Accordingly, the Tag Manager only records the individual tags of the various web analysis tools that are managed via it. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

When Google does store data, that data is stored on Google's own servers. The servers are spread all over the world. Most of them are located in America. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can read exactly where the Google servers are located.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://policies.google.com/privacy/frameworks and

https://privacy.google.com/businesses/controllerterms/mccs/

How long the individual tracking tools store data from you can be found in our individual data protection texts for the individual tools.

(d) Google Ads

This Website uses Google Ads (hereinafter: "Google Ads"). Google Ads is an online advertising program of Google EU.

Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google EU (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.

This service is used exclusively on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO and § 25 Para. 1 TTDSG. You can revoke your given consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://policies.google.com/privacy/frameworks and

https://privacy.google.com/businesses/controllerterms/mccs/.

(e) Google Ads Remarketing

This Website uses the functions of Google Ads Remarketing. The provider is Google EU.

For this purpose, Google EU sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. Additional data processing only takes place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. In this case, if you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form target groups.

With Google Ads Remarketing, we can assign people to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting). For this purpose, we transfer certain customer data (e.g. e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that are adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO and § 25 Para. 1 TTDSG. You can revoke your consent at any time with effect for the future by deactivating this service in the Cookie Consent banner provided on the website.

If you have a Google account, you can also object to personalized advertising at any time using the following link:

https://www.google.com/settings/ads/onweb/.

For further information and the privacy policy, please refer to Google's privacy policy at:

https://policies.google.com/technologies/ads?hl=de.

(f) Microsoft Advertising

We use Microsoft Advertising for our online marketing activities. The provider of Microsoft Advertising is Microsoft. Microsoft Advertising is the conversion tracking tool from Microsoft, which we have integrated on our website to generate more reach and make more people aware of our products and services. We want to showcase our products not only on the famous search engine Google, but also on Bing and Yahoo! With Microsoft Advertising, we also have the opportunity to place ads in the so-called Microsoft Audience Network. For example, we can also place ads in LinkedIn, and through conversion tracking we learn, for example, through which ad you found us, which subpages you liked and what actions you performed on our website. This data allows us to tailor our website, our ads and our offers much better to your needs.

For tracking by Microsoft Advertising, we have included a conversion tracking tag from Microsoft Advertising in our website. This is the so-called Unversal-Event Tracking (UET) tag. If you come to our website via a Microsoft advertisement, we can learn more about your user behavior on our website with the help of these tracking tools. For example, we learn about the keyword or ad that brought you to our site, what you click on on our site, how many people visit our site through Microsoft Ads, and how long you stay on our site. However, this data is user behavior data and not personal data. Microsoft itself uses this data to optimize its own advertising and other services. If you have a Microsoft account, the collected data can be linked to your account and Microsoft recognizes and stores your IP address. In order to obtain all this data about your user behavior, a cookie is set in your browser after you have reached our website via a Microsoft or Bing ad.

The legal basis for the use of Microsoft Advertising is the consent of the visitor to the website in accordance with Art 6 para 1 lit.a DS-GVO (consent). This is requested from the user via the cookie banner of the visitor to our website and can be revoked by the visitor at any time for the future. Accordingly, we only use Microsoft Advertising if you have given us the corresponding consent.

We have no influence on how Microsoft uses the collected data on user behavior. Microsoft has its own servers in operation worldwide. Most of them are located in the USA. Therefore, it cannot be excluded that your data is also stored, managed or processed on servers in the USA. Microsoft stores the data for as long as it needs them to provide its own services.

Microsoft erwähnt zudem noch, dass die tatsächliche Aufbewahrungsdauer stark variiert und vom jeweiligen Produkt abhängt. Bei Bing Suchanfragen löscht Microsoft die Suchanfragen in der Regel nach sechs Monaten, indem das Unternehmen Ihre IP-Adresse löscht. Cookies-ID, die etwa über das Cookie MUID erzeugt werden, werden nach18 Monaten unkenntlich gemacht.

Wir weisen darauf, dass nach Auffassung des EUGH die USA kein den europäischen Datenschutz entsprechenden Schutz von personenbezogenen Daten gewährleistet.

Als Grundlage für eine Datenverarbeitung in Drittstaaten außerhalb der EU oder eine Datenweitergabe an diese, verwendet Microsoft Standardvertragsklauseln. Hierbei handelt es sich um von der EU-Kommission bereitgestellte Vorlagen, welche auf einem Durchführungsbeschluss der EU-Kommission basieren. Durch diese soll sichergestellt werden, dass der Schutz von personenbezogenen Daten auch in Drittstaaten dem europäischen Standard entspricht, wenn diese dort gespeichert oder verarbeitet werden. Microsoft verpflichtet sich im Zuge dessen das europäische Datenschutzniveau einzuhalten, selbst wenn die Daten in den USA gespeichert oder verarbeitet werden.

Den Durchführungsbeschluss der EU-Kommission finden Sie unter:

https://eur-lex.europa.eu/eli/dec-impl/2021/914/oj?locale=de

Weitere Informationen zu den Standardvertragsklauseln von Microsoft finden Sie unter:

https://learn.microsoft.com/en-us/compliance/regulatory/offeringeu-model-clauses

Sie haben jederzeit die Möglichkeit nicht an dem Conversion-Tracking von Microsoft Ads teilzunehmen. Falls Sie nicht wollen, dass Ihnen interessensbezogene Werbeanzeigen von Microsoft Advertising angezeigt werden, können Sie über

https://account.microsoft.com/privacy/ad-settings/signedout

diese Funktion ausschalten.

Zudem können Sie auch in Ihrem Browser alle Cookies deaktivieren, verwalten oder löschen. Bei jedem Browser funktioniert das ein wenig anders. Die Anleitungen der gängigsten Browser finden Sie hier:

Chrome: Cookies in Chrome löschen, aktivieren und verwalten

Safari: Verwalten von Cookies und Websitedaten mit Safari

Firefox: Cookies löschen, um Daten zu entfernen, die Websites auf Ihrem Computer abgelegt haben Internet Explorer: Löschen und Verwalten von Cookies

Microsoft Edge: Löschen und Verwalten von Cookies Wir hoffen Ihnen einen Überblick über die Datenverarbeitung durch das ConversionTracking von Microsoft Ads geboten zu haben.

Mehr Informationen zur Datenverarbeitung durch Microsoft finden Sie unter https://privacy.microsoft.com/dede/privacystatement.

(g) Meta-Pixel (former Facebook Pixel)

This website uses the Meta pixel for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta EU"). However, according to Meta EU, the collected data is also transferred to the USA and other third countries.

By integrating the meta pixel into our website, the behavior of page visitors can be tracked after they have been redirected to our website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta EU, so that a connection to the respective user profile is possible and Meta EU can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of data by Meta EU cannot be influenced by us as site operator.

This service is used exclusively on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO and § 25 Para. 1 TTDSG, which is obtained via the Cookie Consent Banner. You can revoke your consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta EU, we and Meta EU are jointly responsible for this data processing (Art. 26 DS-GVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Meta EU. The processing by Meta EU that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a Joint Processing Agreement. The text of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Meta EU is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Meta EU directly with Meta EU. If you assert the data subject rights with us, we are obliged to forward them to Meta EU.

The data transfer to the USA is based on the standard contractual clauses of the EU-Commssion: Further details can be found under:

https://www.facebook.com/legal/EU_data_transfer_addendum und

https://de-de.facebook.com/help/566994660333381.

In the data privacy policy of Facebook further information can be found regarding the protection of your data:

https://de-de.facebook.com/about/privacy/.

You also can deactivate the remarketing function „Custom Audiences” in the settings for advertisements:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

For that you need to be signed in at Facebook.

If you don’t have a Facebook account, you can deactivate usage based advertisement by Facebook on the Website of the European Interactive Digital Advertising Alliance under:

http://www.youronlinechoices.com/de/praferenzmanagement/.

(h) AdRoll Pixel

AdRoll Pixxel is a retargeting service offered by AdRoll. AdRoll Pixxel is a platform for digital and growth marketing that bundles marketing and advertising activities in one central location and also serves as a kind of "mission control" for the customer journey. The solution offers advanced tracking and audience targeting, cross-channel attribution, dynamic ads and email marketing automation tools, among others. It allows us and our partners to appropriately inform the visitor about topics of interest to him/her based on the visitor's previous use of the website and serve ads accordingly. This activity is facilitated by tracking usage data and using cookies and other identifiers to collect information that is then transmitted to the partners who manage the remarketing and behavioral targeting activity. AdRoll does this by placing a JavaScript code in the header of the website to track the behavior of visitors to the website on the website. The information is processed by AdRoll Advertising Limited to display advertisements that are relevant to the particular visitor. You may opt-out of AdRoll's provision of targeted advertising by clicking on the blue icon that usually appears in the corner of AdRoll advertisements. You may also opt-out of targeted advertising using opt-out tools provided by Your Online Choices (http://www.youronlinechoices.com/), Digital Advertising Alliance (http://www.aboutads.info/choices/) or the Network Advertising Initiative (NAI) (http://www.networkadvertising.org/choices/).

It cannot be ruled out that AdRoll also transfers, stores or processes the collected data in the USA. According to the opinion of the European Court of Justice, the level of data protection in the USA does not currently meet the European standard and is not adequate. Standard contractual clauses are therefore required as a basis for data processing in a third country. These are templates provided by the EU Commission, which are intended to ensure that personal data is also processed in the third country in accordance with the European data protection standard. AdRoll has committed itself through these standard contractual clauses to comply with the European data protection standard when processing personal data, even if the processing takes place in the USA.

More information about AdRoll's standard contractual clauses can be found at:

https://www.nextroll.com/trems/data-protection

More information on data processing by AdRoll can be found at:

https://www.nextroll.com/about/privacy

(i) LinkedIn Insight Tag

The LinkedIn Insight Tag is a JavaScript code from LinkedIn that companies can embed on their site. It is a tracking tool that captures and analyzes LinkedIn members on a web page. It gives us insights into their audience, the attractiveness of their offers, and the performance of ad campaigns on LinkedIn. The LinkedIn Insight Tag sets a cookie in the browser of the website visitor. Via this, LinkedIn collects the following data of the visitor to the website, among other things:

- URL,

- Referrer URL,

- Device properties,

- browser properties and

- IP address.

LinkedIn anonymizes the data within 7 days. Within 90 days, it deletes the data again. We do not receive any personal data, only aggregated reports on the demographics of our target audience and the performance of our ads. In the process, we receive information on criteria such as

- Industry,

- job title,

- company size,

- career level and

- location

of the Website visitors.

The legal basis for the use of LinkedIn Insight Tag is the consent of the respective visitor to the website pursuant to Art. 6 (1) lit. a of the General Data Protection Regulation (DS-GVO), which is obtained via the cookie banner when visiting the website. You can revoke this consent at any time for the future.

It cannot be ruled out that LinkedIn also transfers, stores or processes the collected data in the USA. According to the opinion of the European Court of Justice, the level of data protection in the USA does not currently meet the European standard and is not adequate. Standard contractual clauses are therefore required as a basis for data processing in a third country. These are templates provided by the EU Commission, which are intended to ensure that personal data is also processed in the third country in accordance with the European data protection standard. LinkedIn has committed itself through these standard contractual clauses to comply with the European data protection standard when processing personal data, even if the processing takes place in the USA.

More information about LinkedIn's standard contractual clauses can be found at:

https://de.linkedin.com/legal/l/dpa

More information on data processing by LinkedIn can be found at:

https://de.linkedin.com/legal/privacy-policy.

(9) Plugins and other Tools

(a) YouTube with extend data privacy protection

This Website embeds videos from the website YouTube. The operator of YouTube is Google EU.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO. Insofar as a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG. You can revoke your given consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.

For more information about data protection at YouTube, please refer to their privacy policy at:

https://policies.google.com/privacy?hl=d

(b) Vimeo

This Website embeds videos from the website Vimeo. Vimeo is an online video portal. Users can upload, watch, comment and rate videos there. Companies can publish videos on the portal for their content marketing or embed Vimeo videos on their website. The platform has around 170 million members. The operator of Vimeo is Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA ("Vimeo").

We use Vimeo in extended data protection mode. According to Vimeo, this mode means that Vimeo does not store any information about visitors to this website before they view the video. As soon as you start a Vimeo video on this website, a connection to Vimeo's servers is established. This tells the Vimeo server which of our pages you have visited. If you are also a member of Vimeo and logged in, Vimeo assigns this information to your personal user account. When you click on the start button of a video, this information can also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo account before using the website and deleting the corresponding cookies from Vimeo.

Furthermore, Vimeo may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, Vimeo can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, after the start of a Vimeo video, further data processing operations may be triggered over which we have no control.

Vimeo is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO. Insofar as a corresponding consent has been granted, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG. You can revoke your given consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.

For more information about data protection at Vimeo, please see their privacy policy at:

https://vimeo.com/privacy

In addition, Vimeo calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo's own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. Users can also prevent the collection of data generated by Google Analytics and related to their use of the website (including your IP address).

(c) Storyblok

This Website uses the plugin, from Storyblok ("Storyblok"), provided by Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz, Austria, for the uniform display of fonts. Storyblok are installed locally. A connection to servers of Storyblok does not take place. In doing so, Sotryblok sets iFrames and forms on the end device of the website visitor and collects their IP address, operating system, device type, geo-location, time stamp and visited website. The purpose for the use is to further develop and improve the website and to measure the content and its performance.

Storyblok is used in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO.

You can find more information about Storyblok at:

https://www.storyblok.com/legal/privacy-policy

(c) Google Maps

This Website uses the map service Google Maps in connection with the solar configurator. The provider is Google EU.

Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google EU server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google EU may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. We have no influence on this data transmission.

Google Maps is used in the interest of an appealing presentation of our online offers and easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DS-GVO. If a corresponding consent has been requested, the processing will be carried out exclusively on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG. You can revoke your consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in the Google EU privacy policy:

https://policies.google.com/privacy?hl

(d) Google ReCaptcha

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function is primarily used to distinguish whether an entry is made by a natural person or is misused by machine and automated processing.

For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. f DS-GVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a DS-GVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the aforementioned option for making an objection.

The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC in the USA.

For further information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Deletion: Further information on the deletion of personal data by Google can be found at: https://policies.google.com/privacy?gl=DE&hl=de

(10) Contact Form

If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.

At the time of sending the message, the following data will be stored:

1. email address

2. name of contact person (optional)

3. telephone / mobile phone number (optional)

4. IP address of the calling computer

5. date and time of contact

6. comment (optional)

We do not pass on this data to third parties without your consent.

The processing of this data is based on Art. 6 (1) lit. b DS-GVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DS-GVO) or on your consent (Art. 6 (1) (a) DS-GVO), if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

(11) Scheduling a Meeting

On our Website you have the possibility to make appointments with us. We use Calendly for booking appointments. Provider is Calendly

For the purpose of booking an appointment, you enter the requested data and the desired date in the mask provided. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment. Furthermore, Calendly collects log files (number and time of page views, browser, browser version and operating system as well as an anonymized IP address).

The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here:

https://calendly.com/privacyDie data entered by you will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

The legal basis for data processing is Art. 6 para. 1 lit. f DS-GVO. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG. You can revoke your given consent at any time with effect for the future by deactivating this service in the Cookie Consent Banner provided on the website.

Calendly also processes data in the USA, among other places. We point out that in the opinion of the EUGH, the USA does not provide protection of personal data equivalent to European data protection.

Microsoft uses standard contractual clauses as the basis for data processing in third countries outside the EU or data transfer to them. These are templates provided by the EU Commission, which are based on an implementing decision of the EU Commission. They are intended to ensure that the protection of personal data in third countries also complies with the European standard if it is stored or processed there. In the course of this, Calendly undertakes to comply with the European level of data protection, even if the data is stored or processed in the USA.

These standard contractual clauses of Calendly can be found at:

https://calendly.com/de/dpa

Data Processing Agreement

We have concluded a contract on data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

(12) Usage of the solar configurator on our Website

With the solar configurator you can mark an area or open space in Google Maps and based on further information you provide, we will create an initial non-binding offer and send it to the contact details you provide. Google Maps has therefore been integrated into the solar configurator.

If you want to use the solar configurator on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive e-mails. In addition, you must mark the desired area on Google Maps and provide us with further information for the preparation of the offer.The data processing is based on your consent (Art. 6 para. 1 lit. a DS-GVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

In this context, the address that you have entered will be passed on to Google, as well as the IP address via which the entry is made. Nevertheless, it cannot be ruled out, especially if you have a Google account, that this personal data will be linked to further data collected by Google.

C. Contact via E-Mail, phone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

D. Other Tools

(a) Pipedrive

We use Pipedrive as our CRM tool for processing and storing contact data. The provider of the Pipedrive CRM tool is Pipedrive OÜ.

Pipedrive OÜ is a limited liability company under Estonian (EU) legislation with the address Mustamäe tee 3a, 10615 Tallinn, Estonia, registered in the Estonian Commercial Register under the code 11958539 ("Pipedrive").

When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DS-GVO. In order to process and respond to your request and messages as quickly as possible, we use contact forms of our customer relationship management tool ("CRM Tool") Pipedrive. The data transmitted when filling out the form is sent to Pipedrive and stored there on Pipedrive servers.

We also use the CRM system Pipedrive based on our legitimate interests in an efficient and fast processing of user requests, existing customer management, new customer business. Accordingly, further legal basis is the legitimate interest pursuant to Art 6 (1) lit. f) DS-GVO.

You can access Pipedrive's privacy policy here: https://www.pipedrive.com/en/privacy.

(b) Asana

We use Asana as our project management tool in which we manage our individual projects. The provider of the tool is Asana. In the course of this, there may also be a processing of personal data of customers and their employees.

The legal basis for the processing of this personal data is Art. 6 para. 1 b) DS-GVO (contract initiation and execution). For an efficient management of projects, the use of Asana is indispensable for us.

The data will be deleted by us after the purpose has ceased to exist, provided that no legal retention periods exist. We do not have any further information on how long Asana stores the corresponding data.

For further information regarding the data processing by Asana, please find Asana's privacy policy here:

https://asana.com/de/terms#privacy-polcy

E. Audio- or video conferencing

(a) Data processing

We use online conferencing tools, among others, to communicate with our customers. The tools we use in detail are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conferencing tools collect all data that you provide/enter to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the Service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text. (b) Purpose and legal basis

(b) Legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b DS-GVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 (1) (f) DS-GVO). Insofar as consent has been requested, the tools in question are used on the basis of this consent in accordance with Art. 6 (1) a DS-GVO; consent can be revoked at any time with effect for the future.

(c) Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

(d) Conference tools used

We use the following conferencing tools:

(i) Google Meet

We use Google Meet. The provider is Google EU. For details on data processing, please refer to Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Data processing

We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law and ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

(ii) Microsoft Teams

We also use Microsoft Teams. The provider of Microsoft Teams is Microsoft. For details on data processing of Microsoft, please refer to Microsoft's privacy policy:

https://privacy.microsoft.com/en-us/privacystatement

Data Processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the DS-GVO.

F. Our Company’s presences on social media

This privacy policy applies to the following social media presences of our Company.

● https://www.facebook.com/Enviria.Energy.PV

● https://www.instagram.com/enviria/

● https://www.linkedin.com/company/enviria

● https://www.xing.com/pages/enviria

(a) Data processing by social networks

We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.

Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection.

In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

(b) Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DS-GVO

(c) Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

(d) Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

(e) Your rights

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to object, to data portability and the right to lodge a complaint with the competent supervisory authority. Furthermore, you may request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.

(f) Social networks in detail

(i) Facebook

We have a corporate presence on Facebook. The provider of this service is Meta EU. According to Meta, the collected data is also transferred to the USA and other third countries.

We have concluded a joint processing agreement (Controller Addendum) with Meta. This agreement specifies the data processing operations for which we or Meta is responsible when you visit our Facebook page. You can view this agreement at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in:

https://www.facebook.com/settings?tab=adss

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://de-de.facebook.com/help/566994660333381.

For details, see Facebook's privacy policy:

https://www.facebook.com/about/privacy/.

(ii) Instagram

We have a corporate presence on Instagram. The provider of this service is Meta EU.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://help.instagram.com/519522125107875 und

https://de-de.facebook.com/help/566994660333381.

For details on their handling of your personal data, please refer to Instagram's privacy policy:

https://help.instagram.com/519522125107875.

(iii) Twitter

We have a corporate presence on Twitter. The provider of this service is Twitter.

If you carry out an action on our Twitter corporate presence (e.g. comments, posts, likes, etc.), it is possible that you will make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by Twitter, which is jointly responsible for the ENVIRIA corporate presence, we cannot make any binding statements about the purpose and scope of the processing of your data.

The data transfer to the USA as a third country is based by Twitter on the standard contractual clauses of the EU Commission. Standard contractual clauses are templates provided by the EU Commission, which are intended to ensure that personal data in the third country enjoys a level of protection that corresponds to the European data protection standard and are based on an implementing decision of the EU Commission (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de). Through the clauses, Twitter thus undertakes to comply with the European level of data protection in the transfer, processing and storage of personal data, even if the data is stored, processed or managed in the USA. These standard contractual clauses of Twitter can be found here:

https://gdpr.twitter.com/en/controller-to-controller-transfers.html

For details on their handling of your personal data, please refer to Twitter's privacy policy:

https:twitter.com/en/privacy

(iv) LinkedIn

We have a company presence on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you would like to disable LinkedIn advertising cookies, please use the following link:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The data transfer to the USA as a third country is based by LinkedIn on the standard contractual clauses of the EU Commission. Standard contractual clauses are templates provided by the EU Commission, which are intended to ensure that personal data in the third country are protected in accordance with the European data protection standard and are based on an implementing decision of the EU Commission (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de). Through the clauses, LinkedIn thus undertakes to comply with the European level of data protection in the transfer, processing and storage of personal data, even if the data is stored, processed or managed in the USA. These standard contractual clauses of LinkedIn can be found here:

https://www.linkedin.com/legal/l/dpa and

https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal data, please refer to the data protection of LinkedIn:

https://www.linkedin.com/legal/privacy-policy.

(v) Xing

We have a corporate presence on Xing. The provider is Xing.

If you carry out an action on our company website on Xing (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public.

Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.

The legal basis for processing your data in connection with the use of our corporate presence is Art. 6 para. 1 p. 1 lit. f DSGVO.

We store your activities and personal data published via our corporate presence until you revoke your consent. In addition, we comply with the statutory retention periods.

You can object at any time to the processing of your personal data that we collect in the course of your use of our corporate presence and assert your data subject rights mentioned in this data protection declaration. To do so, send us an informal e-mail to info@enviria.energy. You can find further information on objection and removal options here:

https://privacy.xing.com/de/datenschutzerklaerung

For details on their handling of your personal data, please refer to Xing's privacy policy:

https://privacy.xing.com/de/datenschutzerklärung

G. Further Information

To contact us regarding data protection issues, the best way is to send an e-mail to the address info@enviria.energy.

Please note that this data protection declaration applies exclusively to ENVIRIA Internet pages. Insofar as our pages contain links to Internet pages of third parties, our data protection declaration does not apply to these. Please inform yourself on the respective pages about the data protection regulations applicable there.

You can find further information about us in our imprint: http://enviria.energy/impressum/.

If you have any questions or suggestions, please feel free to contact us at any time by sending an e-mail to info@enviria.energy.

Changes to the privacy policy

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations, or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.Die Nutzer werden gebeten, sich regelmäßig über den Inhalt der Datenschutzerklärung zu informieren.

Status: 30.06.2023

Data Privacy Policy and Consents

Status: June 2023

(1) Definitions

(2) Name and address of the Controller

(3) Contact details of the Data Protection Officer

(4) Legal basis for data processing

(5) Data erasure and storage period

(6) Data security

(12) No automated decision making (including profiling).

(13) No obligation to provide personal data.

(14) Legal obligation to transmit certain data

(15) Your Rights

(16) Changes to the Privacy Policy

(9) Plugins and other Tools

(10) Contact Form

(11) Scheduling a Meeting

D. Other Tools

E. Audio- or video conferencing

Awards and memberships