A. General information

Thank you for visiting our website and for your interest in it. The protection of your personal data (also referred to as "data" for short) is very important to us and is therefore of the utmost importance. In the following, we would therefore like to inform you about the collection, processing and use of your personal data when you visit our website.

1 Validity and changes

This privacy policy is currently valid and is dated 09/09/2025

We reserve the right to amend this privacy policy if the legal situation or this online offer or the type of data collection changes. However, this only applies to declarations on data processing. Of course, we will always take your reasonable interests into account when making any changes. If the user's consent is required for data processing or components of the privacy policy contain a regulation of the contractual relationship with users, the privacy policy will only be amended with the user's consent.

2 Controller, contact, data protection officer

The controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (also referred to as "GDPR" for short) is

SpaceNet AG
Joseph-Dollinger-Bogen 14
D-80807 Munich

represented by the Management Board, whose members are:
Sebastian v. Bomhard, Sebastian Cler, Karin Schuler.

If you have any questions or comments about this privacy policy or about data protection in general, please contact our external data protection officer:

DPO SpaceNet AG
c/o Rickert Rechtsanwaltsgesellschaft mbH
Colmantstr. 15
53115 Bonn

E-mail address: datenschutz@space.net

3. legal basis for the processing of personal data

• If the legal basis is not stated in the privacy policy, the following applies
• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
• When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
• Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
• If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.

Applications via the online form
You are welcome to use our online form to apply for jobs advertised here. The purpose of processing personal data is to select a suitable applicant in connection with the respective advertised positions. For this purpose, it is necessary for the applicant to provide us with the types of data that we have labelled accordingly. By submitting personal data via an attached file, the applicant also agrees to the processing of personal data in this context. In the event that the application procedure is followed by an employment relationship, training relationship, internship or other employment relationship, the data will initially continue to be stored and transferred to the personnel file. The legal basis for the processing of personal data in the context of an online application is Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG. Beyond the original purpose (selection of a suitable applicant), SpaceNet will retain your application data for the defence of legal claims for a period of 6 months from the rejection of your application. The basis for processing is Art. 17 para. 3 lit. e, Art. 6 para. 1 sentence 1 lit. f GDPR. In addition, we may process your personal data if we need it to fulfil legal obligations (Art. 6 para. 1 sentence 1 lit. c GDPR) or for the defence of legal claims (e.g. due to AGG) against us. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR.

If your application documents contain special categories of personal data, e.g. information about health, religious beliefs or ethnic origin, we also base our processing on Art. 9 para. 2 lit. b, Art. 88 GDPR, § 26 para. 3 BDSG due to our legal obligations as an employer and the associated protection of your fundamental rights. In the application process, we will use all the information you provide to progress your application and to check whether we can offer you a job with us. We also have to fulfil our legal obligations as an employer. The provision of personal data is necessary for the lawfulness of the selection process to be carried out. The absence of relevant personal data in the application documents may result in you not being considered for the vacancy.

We will only use your contact details to contact you and inform you about the progress of the application process. We will only use other information contained in the application documents to determine your suitability for the vacant position.

Should you as an applicant also wish your application data to be stored in our applicant pool in order to be considered at a later date when filling vacant positions, your consent is required. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.

In this case, we will obtain your consent separately. The personal data will be stored by us until revocation, which can be declared at any time, but for a maximum of 12 months from the declaration of consent, unless longer storage is necessary for the defence of legal claims. To extend the storage period by a further 12 months, you must give your consent again.

This consent also applies to special categories of data in accordance with Art. 9 GDPR (e.g. photos, information on severely disabled status, etc.), insofar as these have been transmitted by you to SpaceNet.
Please note that for organisational reasons this is only possible for applicants who are over 16 years of age. Application data of applicants under the age of 16 will be destroyed after the above-mentioned deadlines have expired.

4 General information on the storage period

The data processed by us will be deleted or restricted in their processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, we delete data stored by us as soon as it is no longer required for its intended purpose. Data will only be deleted beyond the point in time at which the purpose ceases to apply if it is required for other and legally permissible purposes or if the data must continue to be stored due to statutory retention obligations. In these cases, processing is restricted, i.e. blocked and not processed for other purposes.

Statutory retention obligations arise, for example, from Section 257 (1) HGB (6 years for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and from Section 147 (1) AO (10 years for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

5. your rights

You have the following rights vis-à-vis us in accordance with the statutory provisions with regard to your personal data:

• Withdrawal of your consent (Art. 7 (3) GDPR)
• Right to information (Art. 15 GDPR),
• Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right to data portability (Art. 20 GDPR),
• Right to object to processing (Art. 21 GDPR).

To assert claims under the GDPR, please use the contact details of the controller listed above or alternatively contact the data protection officer. If you wish to contact us by email, please use an address stored in our system so that we can recognise you.

We cannot guarantee complete data security when communicating by e-mail, so we recommend that you send confidential information by post.

If you are of the opinion that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 para. 1 GDPR.

6 Order processing and recipients of data

We use external service providers to process your data and would like to inform you about the third parties and processors to whom we transfer data. There are various third-party services that we use on our website. These have different purposes, which we explain in more detail in the respective sections. These are services that we use to make our website functional, secure and visually appealing and to continuously optimise its content. We operate this website in our own high-security data centres in Munich.

Where processors are used, they are bound to our data protection instructions by a corresponding data processing agreement in accordance with Art. 28 GDPR. These service providers are our contractors and assist in the processing of your personal data, e.g. in the provision of this website. These contractors have been carefully selected by us and are regularly monitored. The processors do not carry out independent processing for their own purposes. Processors include, in particular, IT service providers (maintenance and support), telemedia service providers for the operation of IT systems (web hosters for the provision of online platforms, providers of backup services).

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, organisations or companies, this is done in accordance with the following legal requirements:

• Subject to express consent or transfer required by contract or law (Art. 49 GDPR), we only process data in third countries with a recognised level of data protection (Art. 45 GDPR),

• in the presence of and compliance with contractual obligations through so-called EU standard contractual clauses of the EU Commission (Art. 46 GDPR) or in the presence of certifications or legally binding internal data protection regulations (Art. 44 to 49 GDPR).

As part of the so-called "Data Privacy Framework", the EU Commission has recognised the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10 July 2023. Both the list of certified companies and further information on the Data Privacy Framework can be found on the website of the US Department of Commerce at www.dataprivacyframework.gov. In the respective sections of the data protection information, we inform you which service providers we use are certified under the Data Privacy Framework.

Our website may contain links to third-party websites. If you follow a link to one of these websites, please note that these offers have their own privacy policies and that we are not the controllers of your data on these websites. Please read the respective privacy policies before you provide personal data to these data controllers.

7. data security

This site uses SSL encryption for secure data transmission, especially for communication data from the contact form.

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether encrypted transmission is taking place by the closed display of the locked key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

B. Collection of personal data when visiting our website

The scope and type of collection and use of your data differs depending on whether you visit our website only to retrieve information, e.g. to view our offers or to make use of services offered by us or to contact us or request information.

1. informational use

For the informational use of our website, it is not necessary for you to actively provide personal data. Rather, in this case we only collect and use the data that your internet browser automatically transmits to us. This includes

• IP address
• Date and time of accessing our website
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originates and last page visited
• Browser type
• Language and version of the browser software
• Operating system used and its interface.

This data is processed in order to enable you to use the web pages you have accessed, for statistical purposes and to improve our website. Personal data processed in this context is automatically deleted from our servers after six months.

The processing of the aforementioned data is technically necessary for the provision of a website in accordance with Art. 6 Para. 1 S. 1 S.1 lit. f GDPR in order to display our website correctly. We store log files to ensure the stability and security of our website. In particular, the purpose of creating log files is to be able to detect attacks on our systems. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c, lit. f GDPR.

2. use of the customer area

The use and registration of our customer area is reserved for existing customers.

To use the customer area, it is necessary for you to register. The data entered in the mandatory fields during registration is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. The processing of voluntarily provided information is based on Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.

The data collected during registration will be stored by us for as long as you are registered on our website and beyond that for the duration of statutory retention periods.

Subject to the deletion of your account or the revocation of consent, we are, for example, obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we will restrict processing after the relevant guarantee and warranty periods have expired. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b, lit. c GDPR.

Mandatory information required for the processing of contracts and the creation of a user ID is marked accordingly in the registration form; further information is voluntary. The following is collected

• e-mail address*
• user name*
• password*
• Payment and billing data (form of address*, title, first name*, surname*, customer number*, company name, company address, telephone number)

Information marked with * must be provided upon registration.

We use the so-called double opt-in procedure for registration. After your registration, an e-mail will be sent to the e-mail address you have provided in which we ask you to confirm that you wish to create a customer account. This is done by clicking on a hyperlink contained in the e-mail. In addition, we are authorised to retain the IP addresses you use and the times of registration and confirmation in order to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c and f GDPR.

The following data is also stored at the time of registration

• Date and time of registration, including the IP address used

We process the data you provide for identification and allocation.

3. enquiries via contact form and email

We want to give you the opportunity to get in touch with us by e-mail and via our contact forms.

You can use the forms to request a quotation or for general enquiries. When using the forms to request a quotation, mandatory fields are also used to request data that is required to prepare a quotation. The processing of the personal data from the input mask serves us solely to process the contact.

Depending on the content of the enquiry, your data will be processed when you contact us via contact form, email or telephone for purely informational enquiries on the basis of your (presumed) consent in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR, or in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the contact is made in connection with (pre-)contractual performance obligations.

To contact us via our form, we only need your e-mail address.

In addition, you can voluntarily provide your name, the company so that we can contact you personally, or your telephone number so that we can call you back.

Purely informative enquiries, i.e. those that do not lead to a contract or do not contain any other content that must be retained, are deleted at the end of the year in which the enquiry was made.

Your details may be stored in a customer relationship management system ("CRM system"). The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate economic interests in being able to systematically manage customer and prospective customer contact data.

You have the option to withdraw your consent to the processing of personal data at any time without affecting the lawfulness of processing based on consent before its withdrawal. If you contact us by e-mail for information purposes, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. You also have the right to object to the storage of your personal data in a CRM system.

We will delete your contact enquiries from our active systems immediately after final processing, unless legal authorisation or retention obligations permit or require further storage.

4 Newsletter and advertising use

Your data will only be used for advertising and information purposes with your express prior consent. In this respect, the data will be used to present you with new products and events from our company that are tailored to your interests. This includes information on the current or future product range as well as events in which we are involved.

We use the so-called double opt-in procedure to register for our e-mail newsletter. After you have registered, an e-mail will be sent to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. This is done by clicking on a hyperlink contained in the e-mail. If the hyperlink confirmation is not received within 24 hours, your information will be blocked and deleted after one month. In addition, we are authorised to retain your IP addresses and the times of registration and confirmation in order to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a and lit. c GDPR.

The only mandatory information for registration is your e-mail address. Additional personal data can be provided voluntarily and is used to address you personally.

You can revoke your consent to advertising use and newsletter dispatch at any time by sending an email to newsletter-info@space.net or by using the unsubscribe link at the end of the email.

We would like to point out that we evaluate your user behaviour pseudonymously when sending the newsletter. In this context, we record and evaluate when you open and read our newsletter and which personalised links you click on. We use the data obtained in this way to create a user profile in order to tailor our newsletter to your individual interests. If you have consented to the analysis by Mautic on our website in the cookie settings (see "Use of cookies/Mautic" below), your website usage behaviour may also be included in the analysis.

The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously.

The newsletter is sent and analysed using the open source software Mautic. The data you enter for the purpose of receiving the newsletter is stored on our web server.

The legal basis for the processing is your consent, which can be revoked at any time, Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. We would like to point out that for technical reasons it is not possible to revoke the analysis functions in isolation. If you withdraw your consent, you will no longer be able to receive the newsletter.

7 Direct marketing

We have a legitimate interest (direct marketing, Recital 47 GDPR) within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR in informing existing customers (persons with whom we have a business relationship) about similar products/services that we offer.

We use a postal service provider to send you advertising by post.

You can opt out of receiving marketing communications at any time by sending an email to datenschutz@space.net or by following the instructions at the bottom of a marketing email. If possible, please send your e-mail from the same e-mail address that you used when you registered so that we can recognise you more easily.

C. Use of cookies

General information

We use cookie technology for our website. Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored on your computer for later retrieval. You can determine yourself whether cookies can be set and retrieved by changing the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback. Cookies cannot execute programmes or transmit viruses to your computer.

We only use so-called session cookies (also known as temporary cookies), i.e. cookies that are only stored temporarily for the duration of your use of one of our websites. For the full functionality of our website (currently only in the customer area), it is necessary for technical reasons to allow the aforementioned session cookies. The purpose of these cookies is to continue to identify your computer during a visit to our website when you switch from one of our websites to another and to be able to determine the end of your visit.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

Unless otherwise stated, the processing described in this section is based on your consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR. Further information on how you can revoke your consentcan be found in our cookie settings. This is/are linked in the footer of our website.

Use of the consent management tool "Consent Studio"

We use the consent management tool "Consent Studio" fromVallonic B.V. (Lange Nieuwstraat 172, 5041 DJ Tilburg, Netherlands) to obtain and manage data protection-compliant consent for the use of cookies and comparable technologies. For this purpose, a banner is displayed when you visit our website, which you can use to select or reject certain categories of cookies. Your preferences are documented in a cookie or in the local memory of your end device so that your selection is also taken into account when you visit the site again.

The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR (legal obligation to obtain effective consent) and, if you give your consent, in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.

In particular, the following data is stored

• Your consent decision (consent or rejection of individual categories)
• Time and scope of the decision
• a randomly generated user ID to assign the selection to a specific user
• Technical metadata on the browser and end device used, if applicable

The storage period for consent data is generally 12 months, unless you withdraw your consent beforehand or the data is removed by deleting the cookies/browser data. The legal basis for the subsequent obligation to provide evidence is Art. 6 Para. 1S.1 lit. f GDPR (legitimate interest in audit-proof documentation).

Matomo/Piwik

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. This serves to analyse visitor flows on our website. This enables us to recognise which subpages are used most frequently. By analysing the data obtained, we are able to compile information about the use of our website. This helps us to constantly improve our website and its user-friendliness.

For this purpose, pseudonymised user profiles are created which can be assigned to the browser you use by means of a cookie stored on your computer. If individual pages of our website are accessed, the following data is stored:

• The website accessed
• The website from which the user accessed the website (referrer)
• The subpages that are accessed from the accessed website
• The time spent on the website
• The frequency with which the website is accessed

The software runs exclusively on the servers of our website. The user's personal data is only stored there. The data is not passed on to third parties. When using Matomo, we deliberately refrain from processing your full IP address.

The legal basis for the processing of user data is your consent, revocable at any time, in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 para. 3 GDPR. To revoke your consent, please use the settings banner at the end of this privacy policy. In this way, a cookie is set on your system that signals to our system not to store the user's data.

The data will be deleted after 60 days. You can find further information at https://matomo.org/privacy/

We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is set on your system, which signals to our system not to save the user's data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again. You can find more information on the privacy settings of the Matomo software at the following link: matomo.org/docs/privacy/.

Google Analytics 4

We use the Google Analytics 4 service for the purpose of analysis and optimisation on our website on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR, which you can revoke at any time with effect for the future. If you have not consented to the use of the analysis tools, your data will not be collected by Google Analytics 4. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics 4 uses JavaScript and pixels to read information on your end device and cookies to store information on your end device. This is used to analyse your usage behaviour and improve our website. The access data is summarised by Google on our behalf into pseudonymous user profiles and transferred to a Google server in the USA. We will process the information obtained in order to analyse your use of the website and to compile reports on website activity. In Google Analytics 4, the anonymisation of IP addresses is activated by default. With IP anonymisation on our website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

The following data may be processed when you visit our website

• IP address (in abbreviated form, a clear assignment is not possible for us);

• approximate location (country and city);

• Technical information such as browser, internet provider, end device and screen resolution;

• Behaviour on the page (pages viewed, clicks and scrolling behaviour)

• Source of origin of the visit (via which website or advertising medium the page was reached)

• Session duration and whether the page was left without interaction;

• Adding to favourites;

• Sharing content (social media);

• clicked links to other websites;

• Achievement of certain goals (conversions).

Google uses the aforementioned information on our behalf to analyse your use of our website, to compile reports on website activity for us and to provide us with other services related to the use of websites and the internet. As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning to automatically analyse and enrich the data. You can find information on this on the following page: https: //support.google.com/analytics/answer/10710245. The analyses are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria. You can find more information on this in the associated Google documentation.

Google Analytics 4 stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website. The information collected by the cookies about the use of our website (including your anonymised IP address) may be transferred to a Google server in the USA and stored there under Google's responsibility. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. We have concluded an order processing contract with Google Ireland Limited (parent company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the use of Google Analytics 4. It cannot be ruled out that Google Ireland Limited will transmit personal data to the parent company Google LLC. (USA) as part of the commissioned processing. Google has joined the EU-US Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Google complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The logged data is stored at Google together with the randomly generated user ID, which is stored in a cookie on your device, enabling the evaluation of pseudonymised user profiles. This user-related data is automatically deleted after 14 months.

We have made the following data protection settings for Google Analytics 4:

• Anonymisation of the IP address;

• deactivated advertising function;

• deactivated personalised advertising;

• deactivated remarketing;

• retention period of 14 months (and no resetting of the retention period for new activity)

• deactivated cross-device and cross-page tracking (Google Signals);

• deactivated data sharing (in particular Google products and services, benchmarking, technical support, account specialist).

Further information on Google Analytics 4 can be found on the following pages at https://policies.google.com/privacy?hl=de, in the terms of use at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://support.google.com/analytics/answer/6004245?hl=de.

Further information on the cookies used by Google Analytics 4 can also be found at https://support.google.com/analytics/answer/11397207?hl=de

Google Analytics 4 uses the special "demographic characteristics" function and can use it to compile statistics that provide information about the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the data collected cannot be assigned to a specific person and is deleted after being stored for a period of two months.

Google Tag Manager

We use the tag management system 'Google Tag Manager (GTM)' from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website to efficiently manage JavaScript and HTML tags for tracking and analyses with our own and third-party software. When you visit our website, a connection to Google's servers is established and personal data (in particular your IP address) is transmitted to Google. The GTM itself does not set its own cookies and does not access data collected by integrated tags, but data is already transmitted to Google simply by loading the GTM. We have concluded a data processing agreement with Google Ireland Limited (parent company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google has joined the EU-US Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the European Commission's adequacy decision on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Google complies with the required data protection regulations and practices. The integration only takes place with your express consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR, which you can manage at any time via our Consent Banner. Further information on data protection at Google can be found at

policies.google.com/privacy and marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Google AdSense

We use Google AdSense, an advertising service provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), and also conversion tracking as part of Google AdSenseAds. Google AdSenseAds stores a cookie for conversion tracking on your computer's hard drive ("conversion cookie") when you click on an advert placed by Google. If you visit certain pages of our website, Google can recognise that you have clicked on the ad and have been referred to this website. The information obtained using conversion cookies is used to compile statistics for advertisers who use conversion tracking. These statistics show us the total number of users who have clicked on the Google advert and visited a website with a conversion tracking tag. We have concluded a data processing agreement with Google Ireland Limited (parent company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google has joined the EU-US Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the European Commission's adequacy decision on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Google complies with the required data protection regulations and practices.

The legal basis for the processing of user data is your consent, which can be revoked at any time, in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 para. 3 GDPR.

Leadfeeder

We use the Leadfeeder service of Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, Germany, on our website. Leadfeeder enables us to identify companies that visit our website in order to recognise potential business customers and optimise our marketing and sales in a targeted manner.

For this purpose, a tracking code is integrated on our website that allows Leadfeeder to record the IP addresses of visitors and assign them to companies based on publicly available information. Only firmographic data, such as company names, addresses, sector and number of employees, is collected. Personal data of individual private persons is not collected or analysed. The data processed by Leadfeeder is stored for a maximum of two years and can be deleted prematurely on request.

The legal basis for the use of Leadfeeder is your express consent in accordance with Art. 6 Para. 1 S.1 lit. a, Art. 7 GDPR, which you give by giving your consent in the cookie banner. Leadfeeder will not be activated without this consent.

An order processing contract has been concludedwith the provider Dealfront Group GmbH to ensure compliance with data protection requirements. You have the right to revoke your consent to data processing at any time without affecting the legality of the processing carried out up to that point.

Further information on data processing by Leadfeeder can be found in the privacy policy at: https: //www.leadfeeder.com/privacy/.

LinkedIn

We use cookies from the LinkedIn service on our website as soon as content or functions from LinkedIn (e.g. share buttons, plugins, embedded content) are integrated.

If individual pages with LinkedIn content are accessed, the following data may be transmitted to LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (parent company: LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA 94085) and processed, including the time and IP address:

• Your (possibly shortened) IP address
• Browser type/version, language setting, window and screen resolution
• The operating system used and device configuration
• Referrer URL (the website from which you came)
• Activities on our website in connection with LinkedIn elements (e.g. number of page views, length of stay, click paths, interactions with buttons or content)
• Frequency of access and use of embedded LinkedIn functions
• Downloads or interactions with provided LinkedIn content
• In the case of a LinkedIn login: Linking this information to your LinkedIn profile

The processing of this data enables LinkedIn to evaluate the use of our website and LinkedIn-specific elements, to ensure the provision and to carry out reach measurements and personalised content. In addition, the processing supports the "same-browser verification" security function and session management.

The legal basis for the use of LinkedIn is your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, which you give by giving your consent in the cookie banner. LinkedIn will not be activated without this consent.

The data will be deleted as soon as it is no longer required for our recording purposes.

LinkedIn has joined the EU-US Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the European Commission's adequacy decision on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that LinkedIn complies with the required data protection regulations and practices[A1]. Further information can be found in the privacy policy at https://www.instagram.com/legal/privacy/.

Mautic

We use the open source marketing tool Mautic on our website, which is hosted on our server. It is not passed on to third parties or processors. Mautic uses both cookies and tracking pixels. When individual pages of our website are accessed, the following data is stored, recording the time and approximate location (based on your IP address):

• Your abbreviated IP address
• Browser type/version, language setting, resolution of the browser window, screen resolution
• The operating system used, input method
• Referrer URL (the website from which you accessed our website)
• Activities on our website including number of page views, time spent on the site and click paths
• The frequency of visits to the website
• Downloads of files provided on our website
• Opening of emails and clicking on links from newsletter campaigns

Processing this data enables us to analyse how our website is used. The purpose of this is to better tailor and/or individualise our marketing measures (website design, email marketing, tracking pixels) to your interests. The tool also helps us to better analyse the success of individual marketing measures and to automate marketing measures based on the interests of our users.

If you register for our newsletter, we can link the information listed above with your newsletter registration.

The legal basis for the processing of user data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a, Art. 7 para. 3 GDPR, which you can revoke at any time. To revoke your consent, please use the settings banner at the end of this privacy policy. The data will be deleted as soon as it is no longer required for our recording purposes. Cookies are deleted after 7 days at the latest.

Your IP address in the user profile and in the associated database will be anonymised.

Advertising based on tracking and retargeting

As we only want to show you adverts on our advertising partners' websites that really interest you, we use tracking and retargeting technologies on our website so that you only see adverts that really interest you. As a rule, cookies are used for this purpose, which are temporarily stored for this purpose and thus enable our retargeting partners to recognise visitors to our website under a pseudonym. This enables our retargeting partners to show you our products that are likely to be of interest to you.

The legal basis for the processing described in this section is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. You can revoke your consent at any time and without giving reasons via the settings of the cookie banner or your browser settings.

We use the data collected for statistical and advertising purposes and in particular

• for targeted advertising, including via advertising networks in cooperation with partners
• to measure the success and billing of advertising measures between advertising partners and us
• to understand which adverts you have already seen in order to prevent you from seeing the same adverts again and
• to assess which parts of our website need to be optimised.

Social media integration

Unless otherwise stated, we process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to improve the content and make it more convenient for you to use. The purposes described are in line with our legitimate interests. If cookies are used when integrating social media content, this is done on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a, Art. 7 GDPR.

a. Social media profiles

We also link to our presence on various social networks on our website. The integration takes place via a linked graphic of the respective network. This prevents an automatic connection to the server of the respective network from being established when our website is accessed; instead, the user is only redirected to the service of the respective social network by clicking on the corresponding graphic.

After forwarding, information is collected by the respective network, whereby it cannot be ruled out that the data collected in this way is processed in the USA.

The data collected is initially the IP address, date, time and page visited. However, if you are logged into your user account on the respective network, the network operator may be able to assign the information collected about the specific visit to your personal account. If you interact via a "Share" button of the respective network, this information can be stored in your personal account and published if necessary. If you wish to prevent the information collected from being directly assigned to your user account, you must log out before clicking on the graphic or the "Share" button.

The following social networks are integrated into our website:

• Facebook, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Meta Platforms Inc. 1601 Willow Road Menlo Park California 94025, USA)
  Privacy Policy at:
• Instagram, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Meta Platforms Inc. 1601 Willow Road Menlo Park California 94025, USA)
  Privacy policy at: privacycenter.instagram.com/policy
• LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, (parent company: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA)
  Privacy policy at: de.linkedin.com/legal/privacy-policy
• Xing, Xing New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
  Privacy policy at: privacy.xing.com/de/datenschutzerklaerung
• YouTube, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland
  Privacy policy at: policies.google.com/privacy