Data Protection

Privacy Policy

Thank you for your interest in Tridooh. With this privacy policy, we inform you about the type, scope, and purpose of the personal data we process and your rights as a data subject in accordance with the requirements of the General Data Protection Regulation (GDPR). We also explain how we handle data that can be related to you personally, such as your name, address, email addresses, user behavior, and any information you leave, knowingly or unknowingly, when you visit our website, including how long this data is stored and the rights you have as a data subject in relation to us.

General Information

Responsibility

Unless otherwise stated in this privacy policy, Tridooh, Kantstr. 26, 10623 Berlin, Phone: +49 01639555762, Email: contact@tridooh.com, is responsible for data processing according to Art. 4 No. 7 GDPR.

Data Processing on the Website

Accessing the Website

When you use our services, we automatically set cookies that are essential for the service, and the following data is processed:

Information about the accessing device and the software used

Date and time of access

Websites from which the user arrives at our website or that the user accesses via our website

–IP address

Processing the IP address is technically necessary to enable the delivery of the website. The legal basis for data processing is Art. 6(1)(b) GDPR. Our servers also store your IP address for up to 14 days for our own security purposes (Art. 6(1)(f) GDPR). If you access our website with a company’s IP address, we analyze user behavior on our website to improve our service. There is no personal reference, as the IP address only allows conclusions about a company, not a natural person.

Accessing Our Website

When accessing our website, such data that your browser transmits to the server hosting the website content is automatically stored in log files and, if necessary, processed. The following data is processed upon access:

Date and time of access

IP address of the accessing device

Website accessed

The URL from which the file was requested/the desired function was initiated

The size of the transmitted data

The transmitted browser identification

The processing of this data is solely for the purpose of providing the content from our website, as well as for the identification and tracking of unauthorized access to the web server and other criminal offenses. The legal basis for data processing is Art. 6(1)(f) GDPR.

Regarding transmission to a third country, if personal data is transferred to and stored and processed on our processor’s servers in the USA, we have concluded the EU Commission’s standard data protection clauses with our processor, which allow the transfer of personal data to the USA in individual cases.

Our legitimate interests in data processing lie in ensuring IT security and maintaining the operation of our online presence.

The recipient of the data is a processor in the IT sector.

The data is deleted no later than seven days after recording.

Data processing is essential for the security and operation of the website. Therefore, the right to object and the possibility of objection can only be enforced by not accessing our website.

The provision of your personal data is voluntary and solely based on your input. Without entering your data, we cannot process your request.

Tracking Tools

Google Analytics

If you have given your consent, we use the web analysis service Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. This includes the “Universal Analytics” mode, which allows data, sessions, and interactions across multiple devices to be assigned to a pseudonymous user ID, enabling the analysis of a user’s activities across devices.

Google Analytics uses “cookies,” which are text files stored on your computer that allow an analysis of your use of the website.

For more information on the terms of use and data protection at Google, please visit here and here.

The purpose and legal basis of data processing is that the evaluation by Google Analytics allows us to assess the use of our website, compile reports on website activities, and make our website more comfortable and secure for you. We can further improve our website offerings for you based on visits and statistical evaluations.

The legal basis for using Google Analytics is Article 6(1)(a) of the GDPR.

If personal data is transferred to Google servers in the USA and stored and processed there, we have entered into the EU Commission’s standard data protection clauses with Google, which in individual cases allow the transfer of personal data to the USA.

The data processed by Google Analytics is accessible to us for 26 months.

You can withdraw your consent at any time with future effect by preventing the storage of cookies through the corresponding settings in your browser software or by withdrawing the consent you gave during your first visit to our website for the processing of data by Google Analytics. You can do this by revoking your consent in our Consent Manager.

The provision of your data is voluntary. Of course, you can also view our website without cookies. Generally, you can deactivate the use of cookies at any time via your browser settings.

Please note that certain functions of our website may not work if you disable the use of cookies.

Google Ads

Google Ads Conversion:

If you have given your consent, we use the Google Ads Conversion service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website.

Our advertisements are delivered by Google through so-called “Ad Servers.” We use Ad Server cookies that allow us to measure certain parameters for success, such as ad impressions or clicks by users. If you access our website via a Google ad, a cookie is stored on your device by Google Ads. These cookies generally expire after 30 days and are not intended to identify you personally. Analysis values stored in these cookies typically include the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), and opt-out information (indicating that the user no longer wishes to be targeted).

These cookies enable Google to recognize your internet browser. If a user visits specific pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot be tracked across the websites of Ads customers. We do not collect or process any personal data in these advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the

implemented advertising measures are particularly effective. We do not receive any further data from the use of advertising material, particularly we cannot identify users based on this information.

Due to the marketing tools used, your browser automatically connects directly to Google’s server. We have no control over the scope and further use of data collected by Google through this tool and inform you according to our knowledge: By integrating Ads Conversion, Google receives information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or logged in, it is possible that the provider may obtain and store your IP address.

We use this service to make you aware of our attractive offers on external websites through advertising materials (so-called Google Ads). We can determine the success of individual advertising measures in relation to the data of the advertising campaigns. We pursue the interest of showing you advertisements that are of interest to you, making our website more interesting for you, and achieving a fair calculation of advertising costs.

The legal basis for data processing is Article 6(1)(a) of the GDPR.

If personal data is transferred to Google servers in the USA and stored and processed there, we have entered into the EU Commission’s standard data protection clauses with Google, which in individual cases allow the transfer of personal data to the USA.

The data processed by Google is accessible to us for 12 months.

You can prevent participation in this tracking process in several ways:

By setting your browser software accordingly, particularly the suppression of third-party cookies, so that you do not receive ads from third-party providers;

By installing the plugin provided by Google via the following link: Google Ads Plugin;

By disabling interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link About Ads Choices, with this setting being deleted when you delete your cookies;

By permanently disabling it in your browsers (Firefox, Internet Explorer, or Google Chrome) via the link Google Ads Plugin. We would like to inform you that in this case, you may not be able to fully use all the functions of this website.

Further information about Google Ads and data protection at Google can be found here.

The provision of your data is voluntary. Of course, you can also view our website without cookies. Generally, you can deactivate the use of cookies at any time via your browser settings. Please note that certain functions of our website may not work if you disable the use of cookies.

Google Ads Remarketing

If you have given your consent, we use the Google Ads Remarketing service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website.

With the Google Ads Remarketing application, you can be shown ads from us after visiting our website as you continue to use the Internet. This is done through cookies stored in your browser, which Google uses to record and evaluate your usage behavior when visiting various websites. This way, Google can determine your previous visit to our website. According to Google, data collected during remarketing is not merged with your personal data, which may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.

The legal basis for data processing is Article 6(1)(a) of the GDPR.

You can prevent participation in this tracking process in several ways:

By setting your browser software accordingly, particularly the suppression of third-party cookies, so that you do not receive ads from third-party providers;

By installing the plugin provided by Google via the following link: Google Plugin;

By disabling interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link About Ads Choices, with this setting being deleted when you delete your cookies;

By permanently disabling it in your browsers (Firefox, Internet Explorer, or Google Chrome) via the link Google Plugin. We would like to inform you that in this case, you may not be able to fully use all the functions of this website.

Further information about Google Ads and data protection at Google can be found here.

The provision of your data is voluntary. Of course, you can also view our website without cookies. Generally, you can deactivate the use of cookies at any time via your browser settings. Please note that certain functions of our website may not work if you disable the use of cookies.

DoubleClick by Google:

We use the online marketing tool DoubleClick by Google, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google uses a cookie ID to track which ads are displayed in which browser, preventing the same ad from being shown multiple times. DoubleClick can also use cookie IDs to track conversions related to ad requests, such as when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser to make a purchase.

According to Google, DoubleClick cookies do not contain any personally identifiable information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server. We have no control over the extent and further use of the data collected by Google through this tool and are informing you based on our current knowledge: Through the integration of DoubleClick, Google receives information that you have visited the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google may associate your visit with your account.

Even if you are not registered or logged in, it is possible that the provider may obtain and store your IP address.

DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, and prevent users from seeing the same ads multiple times.

The legal basis for processing your data is Article 6(1)(1)(a) of the GDPR.

If personal data is transferred to and stored on Google’s servers in the USA, we have concluded the EU Commission’s standard data protection clauses with Google, which permit the transfer of personal data to the USA in specific cases.

The data processed by Google on your behalf is accessible to us for 12 months. You can prevent participation in this tracking procedure in several ways:

By adjusting your browser settings to suppress third-party cookies, which will prevent you from receiving ads from third-party providers;

By disabling cookies for conversion tracking by setting your browser to block cookies from the domain “https://www.googleadservices.com“, noting that this setting will be deleted if you delete your cookies;

By disabling interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link https://www.aboutads.info/choices, noting that this setting will be deleted if you delete your cookies;

• By permanently disabling cookies in your browsers (Firefox, Internet Explorer, or Google Chrome) via the link https://www.google.com/settings/ads/plugin. Please note that you may not be able to use all the functions of this website to their full extent if you do this;

By revoking the consent you initially gave for data processing by Google Analytics on your first visit to our website. You can do this by withdrawing your consent in our consent manager.

For more information about DoubleClick by Google, visit https://www.google.de/doubleclick and https://support.google.com/adsense/answer/2839090, as well as Google’s general privacy policy: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org.

Providing your data is voluntary. Of course, you can generally view our website without cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please note that individual functions of our website may not work if you disable the use of cookies.

Facebook Custom Audiences:

We use the remarketing feature Custom Audiences by Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 (“Facebook”), on our website. When using Custom Audiences, your browser automatically establishes a direct connection to Facebook’s server. We have no control over the extent and further use of the data collected by Facebook through this tool and are informing you based on our current knowledge.

Through the integration of Facebook Custom Audiences, Facebook receives information that you have visited the corresponding webpage of our website or clicked on one of our ads. If you are registered with a Facebook service, Facebook may associate your visit with your account. Even if you are not registered or logged in, it is possible that the provider may obtain and store your IP address and other identifying characteristics.

By using Facebook Custom Audiences, users of the website can be shown interest- based ads (“Facebook Ads”) within the social network Facebook or on other websites that also use this method. Our goal is to show you ads that are of interest to you, making our website more engaging for you.

The legal basis for data processing is Article 6(1)(1)(a) of the GDPR.

If personal data is transferred to and stored on Facebook’s servers in the USA, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, has concluded the EU Commission’s standard data protection clauses with the Facebook entities in the USA, permitting the transfer of personal data to the USA in specific cases.

Cookies set via this website remain active for up to 180 days after the last interaction.

You can manage the “Facebook Custom Audiences” function in your cookie settings, and for logged-in users, you can manage it under https://www.facebook.com/settings/?tab=ads.

Additionally, you can revoke the consent you initially gave for data processing by Facebook Custom Audiences during your first visit to our website. You can do this by withdrawing your consent in our consent manager.

Providing your data is voluntary. Of course, you can generally view our website without cookies. In general, you can deactivate the use of cookies at any time via your browser settings.

Please note that individual functions of our website may not work if you disable the use of cookies.

Facebook Pixel

If you have given your consent, we use the “Facebook Pixel” service from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”) on our website.

This enables us to display interest-based advertisements (“Facebook Ads”) to users of our website when they visit the social network Facebook or other websites that also use the process. We aim to show you ads that are of interest to you to make our website more interesting for you.

Due to the marketing tools used, your browser automatically connects directly to the Meta server. We have no control over the scope and further use of data collected by Meta through this tool and inform you according to our knowledge: By integrating Facebook Pixel, Meta receives information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Meta service, Meta can associate the visit with your account. Even if you are not registered with Meta or logged in, it is possible that the provider may obtain and store your IP address and other identification features.

The legal basis for data processing is Article 6(1)(a) of the GDPR.

The data processed by Meta is accessible to us for 12 months.

Meta is the sole data controller for the Facebook Pixel. Please contact Meta directly via this link for any questions regarding the Facebook Pixel.

You can prevent participation in this tracking process in several ways:

By setting your browser software accordingly, particularly the suppression of third-party cookies, so that you do not receive ads from third-party providers;

By disabling interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link About Ads Choices, with this setting being deleted when you delete your cookies;

By disabling it via Meta.

The provision of your data is voluntary. Of course, you can also view our website without cookies. Generally, you can deactivate the use of cookies at any time via your browser settings. Please note that certain functions of our website may not work if you disable the use of cookies.

Facebook Conversion:

We use the remarketing function Conversion Pixel from Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025 (“Facebook”). When using Custom Audiences, your browser automatically establishes a direct connection with Facebook’s server. We have no influence over the extent and further use of the data collected by Facebook through this tool and are informing you according to our knowledge. By integrating Facebook Custom Audiences, Facebook receives information that you have visited the respective webpage of our online presence or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, it is possible that the provider will obtain and store your IP address and other identifying features.

By using Facebook Conversion, users of the website can be shown interest-based advertisements (“Facebook Ads”) during their visit to the social network Facebook or other websites that also use this method. Our aim is to show you advertisements that are of interest to you, making our website more appealing to you.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.

To the extent that personal data is transferred to Facebook’s servers in the USA and stored and processed there, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, has concluded the standard data protection clauses adopted by the EU

Commission with Facebook companies based in the USA, which in individual cases allow the transfer of personal data to the USA.

Cookies set via this website remain stored for up to 180 days after the last interaction.

On the one hand, you can edit the “Facebook Custom Audiences” function in your cookie settings and for logged-in users under [External] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook. com%2Fsettings%2F%3Ftab%3Dads&data=05%7C02%7C%7C220c3c46207146b5cd c508dcbba2125e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63859155 2211081547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luM zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fZSNfPwJfNCJDePa qSLMAD27HqxzEJbCpDmjgIBMoOg%3D&reserved=0.

Furthermore, you can withdraw the consent you gave during your initial visit to our website for the processing of data through Facebook Custom Audiences. You can do this by withdrawing your consent in our Consent Manager.

Providing your data is voluntary. Of course, you can generally view our website without cookies. In general, you can disable the use of cookies at any time through your browser settings.

Please note that some functions of our website may not work if you have disabled the use of cookies.

Facebook Lead Ads:

We use the Lead Ads feature from Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025 (“Facebook”) on our Facebook page. When using Facebook Lead Ads, the data of interested parties—so-called leads—is processed via a contact form displayed on Facebook websites.

We have no influence over the extent and further use of the data collected by Facebook through this feature and are informing you according to our knowledge. By integrating Facebook Lead Ads, Facebook receives information that you have visited the respective webpage of our online presence or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, it is possible that the provider will obtain and store your IP address and other identifying features.

We use this data exclusively for our own marketing purposes. The use of the data is tied to the purposes pursued with the respective Lead Ad campaign. These purposes are specifically outlined within the Lead Ad campaign before we receive the provided data.

For more information, please refer to Facebook’s data policy at [External] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook. com%2Fabout%2Fprivacy&data=05%7C02%7C%7C220c3c46207146b5cdc508dcbba 2125e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63859155221108502 4%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6I k1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5WpYǪsk24sLR7iwBkb4KHc8 P7DlwKiuhtzlDeuBP1UY%3D&reserved=0.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.

To the extent that personal data is transferred to Facebook’s servers in the USA and stored and processed there, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, has concluded the standard data protection clauses adopted by the EU Commission with Facebook companies based in the USA, which in individual cases allow the transfer of personal data to the USA.

The data processed by Meta is viewable by us for 12 months.

On the one hand, you can edit the “Facebook Custom Audiences” function in your cookie settings and for logged-in users under [External] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook. com%2Fsettings%2F%3Ftab%3Dads&data=05%7C02%7C%7C220c3c46207146b5cd c508dcbba2125e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C63859155 2211088534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luM zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=a2CyhntVZLL6dxT wDIquz696uCvJF8VdggsPMVMzLBY%3D&reserved=0. Furthermore, you can withdraw the consent you gave during your initial visit to our website for the processing of data through Facebook Custom Audiences. You can do this by withdrawing your consent in our Consent Manager.

Providing your data is voluntary. Of course, you can generally view our website without cookies. In general, you can disable the use of cookies at any time through your browser settings.

Please note that some functions of our website may not work if you have disabled the use of cookies.

LinkedIn Ads:

We use the LinkedIn Ads service from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) on our website. When you visit our websites, a direct connection between your browser and the LinkedIn server is established via remarketing tags. LinkedIn thus receives the information that you have visited our

website with your IP address. This allows LinkedIn to associate your visit to our website with your LinkedIn user account.

The information obtained through the aforementioned procedure can be used by us to display LinkedIn Ads.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.

To the extent that personal data is transferred to LinkedIn’s servers in the USA and stored and processed there, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, has concluded the standard data protection clauses adopted by the EU Commission with LinkedIn companies based in the USA, which in individual cases allow the transfer of personal data to the USA.

By integrating LinkedIn’s remarketing tags, we do not store any personal data. You can prevent participation in this remarketing process in several ways:

By adjusting the settings of your browser software, particularly by blocking third- party cookies, so you do not receive advertisements from third-party providers;

By deactivating the display of LinkedIn Ads in your [External] LinkedIn settings. More information on this topic can be found at the following link: [External] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.link edin.com%2Fhelp%2Flinkedin%2Fanswer%2F65446%2Fanzeigeneinstellungen

–

verwalten%3Flang%3Dde&data=05%7C02%7C%7C220c3c46207146b5cdc508 dcbba2125e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6385915 52211092986%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIj oiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=DZd 0fq3kwZMǪrtǪdjiif9fDCAK4FM7qyh9sJxo1VtCI%3D&reserved=0.

Finally, you can withdraw the consent you gave in our Consent Manager.

Providing your data is voluntary. Of course, you can generally view our website without cookies. In general, you can disable the use of cookies at any time through your browser settings.

Please note that some functions of our website may not work if you have disabled the use of cookies.

Social Media

Facebook

Tridooh uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for the information service offered here.

Please be aware that you use this Facebook page and its features at your own risk. This is especially true for the use of interactive features (e.g., commenting, sharing, rating). Alternatively, you can also access the information offered on this page through our website at https://tridooh.com/en/start/. When you visit our Facebook page, Facebook collects, among other things, your IP address and other information stored on your PC in the form of cookies.

Joint Responsibility with Facebook

This information is used to provide us, as the operators of the Facebook pages, with statistical information about the usage of the Facebook page. More information on this can be found at the following link provided by Facebook: https://de- de.facebook.com/help/pages/insights.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes which information it receives and how it is used in its data usage policies. There, you will also find information on how to contact Facebook and manage ad settings. The data usage policies are available at the following link: https://de-de.facebook.com/about/privacy. You can find the complete data policy of Facebook here: https://de- de.facebook.com/full_data_use_policy.

Facebook does not clearly and conclusively state how it uses data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are attributed to individual users, how long Facebook retains this data, and whether data from a visit to the Facebook page is shared with third parties. When accessing a Facebook page, the IP address assigned to your device is transmitted to Facebook.

According to Facebook, this IP address is anonymized (for “German” IP addresses). Additionally, Facebook stores information about its users’ devices (e.g., in the context of the “Login Notification” feature); this may allow Facebook to associate IP addresses with individual users. If you are currently logged into Facebook, a cookie with your Facebook identifier is present on your device. This allows Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Through Facebook buttons embedded in websites, Facebook can track your visits to these websites and link them to your Facebook profile. Based on this data, content or advertisements can be tailored to you.

If you want to avoid this, you should log out of Facebook or disable the “stay logged in” feature, delete the cookies on your device, and close and restart your browser. This will remove Facebook information that can directly identify you. You can then use our Facebook page without revealing your Facebook identity. If you access interactive features of the page (e.g., like, comment, share, message), a Facebook login screen will appear. After logging in, Facebook can recognize you again as a specific user.

Information on how to manage or delete your data can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy#.

Responsibility of Tridooh

In addition, Tridooh is solely responsible for certain data processing. We process the following data for providing our information service and communicating with Facebook users:

User interactions (postings, likes, etc.), profile name, and data provided by users during interactions, e.g., for processing service requests

Statistical surveys for target group advertising

Aggregated statistical data on user interactions, i.e., without personal reference for Tridooh (e.g., page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions including origin, times of day)

Targeted advertisements based on aggregated demographic data without personal reference (e.g., age, location, language, or gender information).

This privacy policy can be found in its current version under the “Privacy” section on our Facebook page. If you have questions about our information service, you can reach us at contact@tridooh.com.

To the extent that personal data is transferred to servers in the USA and processed there by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, has concluded the standard data protection clauses adopted by the EU Commission with Facebook companies based in the USA, which in specific cases allow the transfer of personal data to the USA.

The legitimate interest, if the legal basis is Art. 6 (1) (f) GDPR (legitimate interests), is in effectively providing information to users, customers, and interested parties, communicating with these individuals, and representing Tridooh externally.

After processing your request, your provided personal data will be deleted from our systems. If you interact with us publicly, such as by leaving a comment or liking a post, this data will remain publicly available on the page until deleted by us or by you. If legal

retention obligations require a longer storage period, your data will only be stored for this purpose and blocked for other uses.

To exercise your right to object, please contact us either at contact@tridooh.com or at the above address by post or phone. We will then promptly process your request.

Providing your data is voluntary. However, it is not possible to visit our page without us or Tridooh and Facebook processing personal data jointly or separately.

Sure, here’s the translation:

Instagram

Tridooh utilizes the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, for the information service offered here. Instagram is a part of Facebook Ltd.

Please be aware that you use this Instagram profile and its features at your own risk. This is particularly true for using interactive features (e.g., commenting, sharing, rating). Alternatively, you can access the information offered through this page on our website at https://tridooh.com. When visiting our Instagram profile, Facebook collects your IP address and other information, which may be stored on your computer in the form of cookies.

Shared Responsibility with Facebook

This information is used to provide us, as the operators of the Instagram profile, with statistical information about the use of the Instagram profile. For more details, Facebook provides information at the following link: [Extern] Facebook Help.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes what information it receives and how it is used in its data usage policies. You can also find information about how to contact Facebook and adjust ad settings there. The data usage policies are available at the following link: [Extern] Facebook Data Policy.

Facebook does not clearly and conclusively name how it uses the data from visiting Instagram profiles for its own purposes, how activities on the Instagram profile are attributed to individual users, how long Facebook stores this data, and whether data from visiting the Facebook page is shared with third parties. When accessing an Instagram profile, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses).

Facebook also stores information about users’ devices (e.g., as part of the “Login Notifications” feature); therefore, Facebook may be able to link IP addresses to individual users. If you are currently logged in to Facebook, a cookie with your Instagram ID is on your device. This allows Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Through Facebook buttons embedded in websites, Facebook can track your visits to these sites and associate them with your Instagram profile. Based on this data, content or advertising can be tailored to you.

If you wish to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete cookies on your device, and restart your browser. This will remove Facebook information that can directly identify you. This way, you can use our Instagram profile without revealing your Instagram ID. When accessing interactive features of the page (like, comment, share, message, etc.), an Instagram login screen will appear. After logging in, Facebook will recognize you again as a specific user.

Information on how to manage or delete your existing information can be found on the following Facebook support pages: [Extern] Facebook Support.

Responsibility of Tridooh

In addition, Tridooh is solely responsible for certain data processing. We process the following data for the purpose of providing our information service and communicating with Instagram users:

User interactions (postings, likes, etc.);

Profile name and data provided by the user in the communication history, e.g., for processing service requests, statistical surveys for target audience advertising;

Statistical data on user interactions in aggregated form, i.e., without personal reference for Tridooh (e.g., page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions including origin, times of day);

Targeted advertising based on aggregated demographic data without personal reference (e.g., age, location, language, or gender information).

This privacy statement can be found in its current version under the “Data Protection” section on our Facebook page. For questions about our information service, you can reach us at contact@tridooh.com.

Processing is carried out to respond to your inquiries (if you have made an inquiry) or to communicate with you and to publish information about events, products, and services from Tridooh. The legal basis for processing for the purpose of responding to inquiries

initiated by you and aimed at a future contract is Art. 6 para. 1 sentence 1 lit. b) GDPR and in other cases Art. 6 para. 1 sentence 1 lit. f) GDPR.

To the extent that personal data is transferred and stored on Facebook servers in the USA and processed there, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, has entered into standard contractual clauses adopted by the EU Commission with Facebook companies based in the USA, which in specific cases allow the transfer of personal data to the USA.

The legitimate interest, where the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interests), is in the effective provision of information for users, customers, and prospects, and in communication with these individuals as well as in the external representation of Tridooh.

After your request has been processed, the personal data you provided will be deleted from our systems. If you interact with us publicly, for example by leaving a comment or liking a post, this data remains publicly accessible on the page until it is deleted by us or you. If legal retention periods require longer storage, your data will only be stored for this purpose and blocked for other purposes.

To exercise your right to object, please contact us either at contact@tridooh.com or at the above address by post or phone. We will process your request promptly.

The provision of your data is voluntary. However, it is not possible to visit our profile without Tridooh and Facebook jointly or separately processing personal data.

LinkedIn

Tridooh utilizes the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”) for the information service offered here. Please be aware that you use this LinkedIn page of Tridooh and its features at your own risk. This particularly applies to the use of interactive features (e.g., commenting, sharing, rating).

Shared Responsibility with LinkedIn

Tridooh and LinkedIn share joint responsibility only for the processing of so-called “Insights Data,” to the extent that this data is used to create “Page Insights.”

Tridooh and LinkedIn have entered into an agreement regarding their joint responsibility, which you can access here: [Extern] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flegal.linkedin.c om%2Fpages-joint-controller- addendum&data=05%7C02%7C%7C29b0a151c1fb40d5d38c08dcbba379df%7C84df9

e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638591558021207227%7CUnknown% 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI 6Mn0%3D%7C0%7C%7C%7C&sdata=f8lJC7ry6JfHb4y9jbzbXZBkBIW5eDPiiXtftxVfjhk

%3D&reserved=0 (the “Page Insights Joint Controller Addendum”). This agreement pertains to data processing related to a visit or interaction with our LinkedIn profile, but only if this data is subsequently used for “Page Insights.” “Page Insights” include analytical services that help the operator of a LinkedIn profile better understand interactions with their pages. The purpose of the data processing is to generate aggregated statistics for LinkedIn profile operators.

It concerns the processing of data related to visits or interactions with a LinkedIn profile, but only if the purpose is the use for “Page Insights.” LinkedIn provides more information about this at the following link: [Extern] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.c om%2Fhelp%2Flinkedin%2Fanswer%2F4499%2Flinkedin-page-analytics- overview%3Flang%3Den&data=05%7C02%7C%7C29b0a151c1fb40d5d38c08dcbba37 9df%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638591558021223608% 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6Ik1h aWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5kWVDt4jfy19%2Bj0DW3KG%2F

WukG8mJUMkDoRRmg0nX1rw%3D&reserved=0. The information available to data subjects regarding “Page Insights Data” ([Extern] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flegal.linkedin.c om%2Fpages-joint-controller- addendum&data=05%7C02%7C%7C29b0a151c1fb40d5d38c08dcbba379df%7C84df9 e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638591558021229426%7CUnknown% 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI 6Mn0%3D%7C0%7C%7C%7C&sdata=U6z2jSwooxlǪXOarYuR6CLN2jiBHy0JlGDBD5Gi icOs%3D&reserved=0) explains how and when “Insights Data” is collected and used to create “Page Insights”:

When a LinkedIn member visits, follows, or interacts with the page, LinkedIn processes personal data to provide the page operator with insights into the usage;

Specifically, LinkedIn processes data that the member has provided to LinkedIn, such as data on job function, country, industry, tenure, company size, and employment status from a member’s profile; and

Additionally, LinkedIn processes information about how a member has interacted with your company page, such as whether a member is a follower.

When visiting our LinkedIn page, LinkedIn collects, among other things, your IP address and other information stored on your PC in the form of cookies. This information is used

to provide us as the page operator with statistical information about the use of the LinkedIn page. We do not receive any personal data from LinkedIn in this context.

The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. LinkedIn describes what information it receives and how it is used in general terms in its user agreement and privacy policy. You will also find information about how to contact LinkedIn and adjust ad settings. LinkedIn’s data policy is available at: [Extern] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.c om%2Flegal%2Fprivacy-policy%3Ftrk%3Dhomepage-basic_footer-privacy- policy&data=05%7C02%7C%7C29b0a151c1fb40d5d38c08dcbba379df%7C84df9e7fe 9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638591558021232912%7CUnknown%7CT WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn 0%3D%7C0%7C%7C%7C&sdata=o282bIs6UVomEiwoN4GDBXǪ%2FYUPqhBaELexs5

%2FF%2Bv0I%3D&reserved=0.

If you wish to exercise your rights as a data subject under the GDPR, please note that we cannot fully comply with all these rights without LinkedIn. It may therefore be more effective for you to contact LinkedIn directly. However, if you need assistance, feel free to contact us.

The respective responsibilities, especially regarding the safeguarding of data subject rights, between Tridooh and LinkedIn can be found in the Page Insights Addendum ([Extern] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flegal.linkedin.c om%2Fpages-joint-controller- addendum&data=05%7C02%7C%7C29b0a151c1fb40d5d38c08dcbba379df%7C84df9 e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638591558021236338%7CUnknown% 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI 6Mn0%3D%7C0%7C%7C%7C&sdata=CUIoUlAphS8zrwZusw11%2BBrWcunegzxqfk% 2FxpoYl%2BAA%3D&reserved=0).

LinkedIn assumes primary responsibility for fulfilling GDPR obligations for the joint

processing of “Insights Data.” This includes fulfilling the following data subject rights:

Right of access (Art. 15 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)

Detailed information on exercising these rights is provided by LinkedIn in its privacy policy under section 4: [Extern] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.c om%2Flegal%2Fprivacy-policy%3Ftrk%3Dhomepage-basic_footer-privacy- policy&data=05%7C02%7C%7C29b0a151c1fb40d5d38c08dcbba379df%7C84df9e7fe 9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638591558021239897%7CUnknown%7CT WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn 0%3D%7C0%7C%7C%7C&sdata=wsZhqCRXZ%2F0zmpIK%2FzomXBCzC76BxDbMC2 DTB5%2FHM8w%3D&reserved=0.

Responsibility of Tridooh

In addition, Tridooh is solely responsible for certain data processing activities. We process the following data to communicate with LinkedIn users through our information service:

User interactions (postings, likes, etc.)

Profile name and data provided by the user during communication, e.g., for handling service requests

Statistical surveys for targeted advertising

Aggregated statistical data on user interactions, i.e., without personal reference for Tridooh (e.g., page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions including origin, times of day)

Targeted advertisements based on aggregated demographic data without personal reference (e.g., age, location, language, or gender information)

The processing is carried out for the purpose of responding to your inquiries (if you have made an inquiry) or communicating with you, and to publish information about events, products, and services from Tridooh. The legal basis for processing for the purpose of responding to inquiries, which serve a future contract and are initiated by you, is Art. 6

(1) (b) GDPR and in other cases Art. 6 (1) (f) GDPR.

If personal data is transferred to and stored and processed on LinkedIn servers in the USA, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, has entered into the standard data protection clauses adopted by the EU Commission with LinkedIn companies based in the USA, which allow the transfer of personal data to the USA in specific cases.

The legitimate interest is in effectively providing information to users, customers, and prospects, communicating with these individuals, and presenting Tridooh to the public.

This privacy statement can be found in its current version on the “About Us” page under the “Privacy Policy” section of our LinkedIn page.

After completing your request, the personal data you provided will be deleted from our systems. If you interact publicly with us, such as by leaving a comment or liking a post, this data will remain publicly accessible on the page until deleted by us or yourself. If statutory retention obligations require a longer storage period, your data will be stored only for this purpose and blocked for other uses.

To exercise your right to object, please contact us either at contact@tridooh.com or at the above address by post or phone. We will promptly process your request.

Providing your data is voluntary. However, it is not possible to visit our profile without processing personal data either jointly with LinkedIn or by Tridooh and LinkedIn separately.

YouTube

Tridooh utilizes the technical platform YouTube, a Google company headquartered at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “YouTube”), for the information service offered here.

Responsibility of YouTube

Please note that you use this YouTube page and its functions at your own risk. This particularly applies to the use of interactive features (e.g., commenting, sharing, rating).

Tridooh does not influence the nature and extent of the data processed by YouTube, the manner of processing and use, or the sharing of this data with third parties beyond enabling data processing related to the YouTube page. Tridooh also does not have any effective control in this regard. The information YouTube receives and how it is used is described in general terms in YouTube’s privacy policy. There, you will also find information about how to contact YouTube and settings for advertisements. YouTube’s privacy policy is available at the following link: [External] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpolicies.google. com%2Fprivacy%3Fhl%3Dde%26gl%3Dde&data=05%7C02%7C%7Ca3cdad4e7f9649 93db2f08dcbba40a81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6385 91560440406382%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJǪIjoiV 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=V9o6naKmx20 FbE6OWGpMO%2FgID5ksykZDbbRjemjD%2FVA%3D&reserved=0.

YouTube processes both voluntarily provided data, such as name and username, email address, phone number, or contacts from your address book when you upload or sync

it. Additionally, YouTube analyzes the content you share to determine your interests, processes messages you send directly to other users, and can determine your location using GPS data, information about wireless networks, or your IP address to provide you with advertisements or other content.

YouTube uses analysis tools for this purpose. Tridooh has no influence over or knowledge of the potential use of such tools by YouTube. If such tools are used for the Tridooh account, Tridooh neither commissioned nor approved or otherwise supported them. Moreover, the data gained by Tridooh from analysis is not provided to YouTube. Only certain non-personal information about activities, such as the number of profile or like clicks resulting from specific activities, is viewable by Tridooh through the YouTube account. Beyond this, Tridooh has no way to prevent or disable the use of such tools.

Furthermore, YouTube also receives information when you view content, even if you have not created a YouTube account. Such data, known as “log files,” typically includes IP address, browser type, operating system, information about previously visited websites, your location, your mobile provider, the device you are using (including device ID and application ID), as well as information about search terms used and features in cookies.

Responsibility of Tridooh

In addition, Tridooh is also responsible for certain data processing. For offering our information service, we process the following data to communicate with YouTube users:

User interactions (postings, likes, video views, etc.);

Profile name and data provided by the user in the conversation history, e.g., for handling service requests; and

Statistical data on user interactions in aggregated form, i.e., without personal reference for Tridooh (e.g., number of video impressions, number of interactions, number of details expanded, number of likes and dislikes).

Purposes and Legal Basis of Data Processing

The processing is for the purpose of answering your inquiries (if you have submitted a request) or communicating with you and to publish information about events, products, and services of Tridooh. The legal basis for processing for the purpose of answering requests that aim at a future contract and initiated by you is Art. 6 para. 1 sentence 1 lit.

b) GDPR, and for other cases, i.e., general inquiries, Art. 6 para. 1 sentence 1 lit. f) GDPR.

As far as personal data is transferred and stored on servers in the USA by Google and further processed there, we have concluded the Standard Contractual Clauses adopted by the EU Commission with Google, which in specific cases allow the transfer of personal data to the USA.

The legitimate interest lies in the effective provision of information to users, customers, and interested parties, communication with these individuals, and the external representation of Tridooh.

This privacy statement can be found in its current version within our YouTube profile

under “About” and at the end of the website under the “Links” section.

If you publicly interact with us, for example, by leaving a comment or liking a video, this data remains publicly accessible on the page until deleted by us or you. If legal retention obligations require longer storage, your data will only be stored for this purpose and blocked for other uses.

To exercise your right to object, please contact us either at contact@tridooh.com or at the above address by mail or telephone. We will process your request promptly.

The provision of your data is voluntary. However, visiting our profile is not possible without Tridooh and YouTube processing personal data independently and separately.

Cloudflare

On our website, we use services provided by our data processor, Cloudflare, Inc., located at 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare offers a globally distributed Content Delivery Network (CDN). Technically, the transfer of information between your browser and our website is routed through Cloudflare’s network. During this process, your IP address is transmitted to Cloudflare’s servers and processed there.

Cloudflare is thus able to analyze the traffic between users and our website to detect and prevent attacks, as well as to reduce the loading speeds of our site.

For more information about Cloudflare, please visit [External] https://support.cloudflare.com/hc/de/articles/205177068-Step-1-How-Cloudflare- works. For information about data protection at Cloudflare Inc., visit [External] https://www.cloudflare.com/privacypolicy/. Data processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR.

Our legitimate interest in data processing lies in creating an attractive and quickly accessible web presence and in maintaining the security and stability of our website.

If personal data is transferred to and stored and processed on Cloudflare servers in the USA, we have entered into the Standard Contractual Clauses adopted by the EU Commission with Cloudflare, which allow for the transfer of personal data to the USA on a case-by-case basis.

Cloudflare retains data only as long as necessary to verify and attribute your access.

To exercise your right to object, please contact us at contact@tridooh.com or send a postal or telephone inquiry to the address above. We will process your request promptly.

Providing your data is voluntary. However, visiting our website is not possible without using our CDN.

OpenMapTiles

We have integrated map material from the OpenMapTiles mapping service (“OMT”) provided by MapTiler AG, Höfnerstrasse 98, 6314 Unterägeri, Switzerland (“MapTiler”) on our site. Your IP address is briefly processed by OMT.

We include the map material to improve the geographical representation of our company locations and to help you find them more easily.

The legal basis for data processing is Article 6(1)(f) GDPR.

Further information can be found in the privacy policy of MapTiler ([External] https://www.maptiler.com/privacy-policy/).

Our legitimate interest in data processing is to present website visitors with a clear depiction of where our display locations are situated.

If personal data is transferred to and stored briefly on OMT servers in Switzerland, there is an [External] adequacy decision by the EU Commission, which allows OMT to process personal data from the European Union.

We do not store personal data through the integration of OpenMapTiles.

If you do not wish for OMT to load during your visit to our website, you can also block OMT using browser add-ons, such as the script blocker [External] “NoScript.”

Providing your data is voluntary. You can still visit our website without using OMT. However, please be aware that in this case, you may not be able to use all features of our website fully, and the presentation of our website may be limited.

Data Processing within the Tridooh Ads Manager (TAM)

Creation and Use of a User Account

For using certain services, registration with an existing user account is required. This necessitates prior registration. The data collected during registration is processed to provide the desired service. The legal basis for this data processing is Article 6(1)(b) GDPR.

You can create a user account on our website. In the context of using a user account on the TAM, we process your email address, name, billing address (street, house number, postal code, and city), and possibly your VAT identification number.

The processing is carried out exclusively for the provision of our services and for billing these services to you. The legal basis for this data processing is Article 6(1)(b) GDPR if the processing of your data is necessary for the performance of the contract and the contractual partner is a natural person. If the data processing is not necessary for pre- contractual measures or the performance of the contract with you, the legal basis is Article 6(1)(f) GDPR.

If personal data is transferred to and stored and further processed on servers of our processor in the USA, we have entered into the standard data protection clauses adopted by the EU Commission with our processor, which allow the transfer of personal data to the USA on a case-by-case basis.

If personal data is transferred to, stored, and further processed on servers of our service provider in the United Arab Emirates, we rely on your consent in accordance with Article 49(1)(a) GDPR for the data processing, due to the lack of an adequacy decision or other suitable safeguards, and we will inform you separately about the risks.

Our legitimate interest in data processing is to fully perform and process the contract concluded with our respective customer and to provide you with the most optimal and comprehensive service possible within the scope of our contractual relationship with you.

The data processed by you is accessible internally only to those employees involved in responding to your email. To deliver our contract with you, we organize and analyze customer data using a productivity and collaboration tool on a Software-as-a-Service basis from a processor in the IT sector in the USA. For creating and using the user account, we also use a service provider in the IT sector based in the United Arab Emirates.

We generally retain the data until we have fully provided the services agreed upon in our contract with you. Your personal data will only be stored beyond the provision of the service if this is legally required.

Data processing is necessary for the performance of the contract with you. The option to object is therefore only enforceable if you do not enter into a contract with us or do not create a user account with us.

Providing the aforementioned personal data is contractually required. Without this personal data, we cannot provide our services to you properly.

Transactional Emails

We send you so-called transactional emails. In the context of transactional emails, we process your email address and name.

We process the aforementioned data to optimally support you in interacting with the TAM and to inform you that the action you performed was successful.

The legal basis for this data processing is Article 6(1)(b) GDPR if the processing of your data is necessary for the performance of the contract and the contractual partner is a natural person. If the data processing is not necessary for pre-contractual measures or the performance of the contract with you, the legal basis is Article 6(1)(f) GDPR.

Our legitimate interest is to fully perform and process the contract concluded with our respective customer and to provide you with the most optimal and comprehensive service possible within the scope of our contractual relationship with you.

The recipient of the data is a processor in the field of email marketing.

The personal data processed by you in the context of transactional emails is retained by us for 6 months, unless it needs to be retained for longer due to legal retention periods.

If the legal basis is Article 6(1)(f) GDPR, you may exercise your right to object to us.

Providing the aforementioned personal data is neither legally nor contractually required. However, without processing your personal data in the context of transactional emails, we cannot provide our services to you.

Media

As a registered user, you can upload content in the media area. If this content contains personal data, we process it on your behalf and according to your instructions within the scope of the contractually agreed services. In this case, you are responsible for the

processing of personal data according to Article 4(7) GDPR. You can delete the uploaded content in the media area at any time.

Statistics

We offer you the option to view statistics on the display of your content on our displays (per day and per display) in your user account. In this process, we process your name if our contractual partner is a natural person.

We offer the evaluation of statistics on the display of your content on our displays to provide you with a complete service.

The legal basis for this data processing is Article 6(1)(b) GDPR if the processing of your data is necessary for the performance of the contract and the contractual partner is a natural person.

The personal data processed by you in the context of the aforementioned statistics is retained by us for 12 months.

Providing the aforementioned personal data is contractually required. Without this personal data, we cannot provide our services to you properly.

Payments

When you use a paid service, we process the personal data you provide, including contact details, for the execution and fulfillment of the contract and for enforcing legal claims or demands. The legal basis for this data processing is Article 6(1)(b) GDPR or, if you are not the contractual partner but act as a contact person for the contractual partner, Article 6(1)(f) GDPR. The same applies to processing activities required for pre- contractual measures, such as inquiries about our products or services. Additionally, we are legally obligated to process certain data we receive from you in connection with a contract for tax purposes. The legal basis for this is Article 6(1)(c) GDPR. This also includes storing the IP address of the device from which you accessed our website when concluding the contract for VAT purposes.

If you choose the payment method “purchase on account” when concluding a paid contract, we conduct a credit check to avoid the risk of unpaid claims, based on your consent and our legitimate interest. The legal basis for data processing in this case is Article 6(1)(a) GDPR and Article 6(1)(f) GDPR. We use the services of Schufa Holding AG to assess the risk associated with advance performance. Details on how the scoring calculation works can be found here: https://www.schufa.de/de/datenschutz-dsgvo/.

We always take appropriate measures to protect your rights and freedoms and your legitimate interests, which includes at least the right to influence from the data

controller, to state your own position, and to contest the decision. You have the right to request information about the logic involved and the expected consequences of the processing for you.

When using a paid service, we offer various payment methods from the following providers, who are each responsible for data processing according to Article 4(7) GDPR:

Klarna

This website integrates the payment service Klarna (Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden). Klarna allows for purchase on account or flexible installment payments. Additionally, Klarna offers services such as buyer protection as well as identity and credit checks. If you choose the payment option “Purchase on Account” or “Installment Purchase” during the ordering process on our online shop, your data will be automatically transmitted to Klarna. By selecting this payment option, you consent to the transmission of the necessary personal data for processing the invoice or installment purchase, as well as for identity and credit checks.

The personal data transmitted to Klarna typically includes your first and last name, address, date of birth, gender, email address, IP address, telephone number, mobile number, and other data necessary for processing an invoice or installment purchase. Furthermore, personal data related to your order, such as bank details, card number, expiration date, CVC code, item quantity, item number, data on goods and services, prices and taxes, past purchase behavior, or other information about your financial situation, are also transmitted.

The transmission of this data is intended for identity verification, payment administration, and fraud prevention. We transmit personal data to Klarna particularly when there is a legitimate interest in doing so. The personal data exchanged between Klarna and us is transmitted by Klarna to credit agencies to conduct identity and credit checks. Klarna may also forward this personal data to affiliated companies (Klarna Group) and service providers or subcontractors as necessary to fulfill contractual obligations or process the data on their behalf. To decide on the establishment, execution, or termination of a contractual relationship, Klarna collects and uses data and information about your past payment behavior as well as probability values for future behavior (so-called scoring). The scoring is calculated based on scientifically recognized mathematical-statistical methods.

You can withdraw your consent to the processing of your personal data by Klarna at any time. However, this withdrawal does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.

You can view Klarna’s applicable data protection regulations at Klarna Data Protection.

PayPal

PayPal is integrated as a payment option on this website. PayPal is an online payment service provider operated by PayPal (Europe) S.à r.l. & Cie S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are processed through so-called PayPal accounts, which represent virtual personal or business accounts. Additionally, PayPal allows virtual payments via credit cards if you do not have a PayPal account. A PayPal account is managed through an email address, so there is no traditional account number. PayPal enables online payments to third parties or the receipt of payments. It also offers escrow functions and buyer protection services.

If you choose the payment option “PayPal” during the ordering process on our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of the personal data required for payment processing. The personal data transmitted to PayPal usually includes your first name, last name, address, email address, IP address, telephone number, mobile number, or other data necessary for payment processing. Data related to your order is also transmitted for processing the purchase contract.

The transmission of data serves the purpose of payment processing and fraud prevention. We transmit personal data to PayPal particularly when there is a legitimate interest in doing so. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies to conduct identity and credit checks. PayPal may also forward this personal data to affiliated companies and service providers or subcontractors as necessary to fulfill contractual obligations or process the data on their behalf. You can withdraw your consent to the processing of your personal data by PayPal at any time. However, this withdrawal does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.

You can view PayPal’s applicable data protection regulations at PayPal Privacy Policy.

Stripe

Tridooh offers payment through the payment service provider Stripe.

If you choose a payment method provided by Stripe, payment processing is carried out by Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. During the ordering process, your information and order data (name, address, account number, sort code, possibly credit card number, invoice amount, currency, and transaction number) will be transmitted. The transmission of your data is solely for

the purpose of processing payments with Stripe Payments Europe Ltd. For more information on Stripe’s data protection, visit Stripe Privacy Policy.

Newsletter

We also use the email address collected during your registration or as part of contract execution to inform you via email about similar goods or services of our own, provided we informed you of this when collecting the email address and you did not object. The processing of the email address in this case is based on our legitimate interest in promoting our offers. The legal basis is Article 6(1)(f) GDPR. You can object to the receipt of this information about additional offers at any time, e.g., by clicking the unsubscribe link provided in each of these emails.

If you have subscribed to our newsletter, we will also use your email address to send you the newsletter you requested. The legal basis for data processing is Article 6(1)(a) GDPR. You can withdraw your consent at any time with future effect or unsubscribe from the newsletter, e.g., by clicking the unsubscribe link provided in each newsletter.

Emails contain tracking pixels for the purpose of optimizing our newsletter. This allows us to determine which browser and operating system is used, which IP address is accessing, and who the provider is. It also detects whether the email has been read and whether the link integrated in the email has been clicked, and if the respective website has been visited via this IP address. Additionally, it counts the number of visits to the website and records the time of day when the email was accessed and the visit occurred. The approximate location of the user is also transmitted. If you do not wish this, you can unsubscribe from the newsletter at any time as described above. The legal basis for data processing is Article 6(1)(a) or Article 6(1)(f) GDPR.

Geo-Localization

To display content relevant to your location, we process your IP address truncated to the geographical level of states/regions. The geographic information obtained cannot be used to determine a user’s specific location. The legal basis for data processing is Article 6(1)(f) GDPR.

Contact

When you contact us, e.g., through one of our contact forms or via email, we process the data you provide (such as your email address, name, and telephone number, if provided) to handle your request. The data collected in this context will be deleted as soon as it is no longer required for the stated purpose, unless legal retention obligations prevent deletion. The legal basis for data processing is Article 6(1)(f) GDPR.

We also process personal data in countries outside the European Economic Area (EEA), including the USA. To ensure an adequate level of data protection, we use the Standard Contractual Clauses of the EU Commission in our contractual arrangements with services in third countries according to Article 46(2)(c) GDPR, unless there is an adequacy decision by the European Commission for the respective third country.

We process personal data only as long as necessary for the purposes stated in this privacy policy. Afterwards, the personal data will be deleted unless legal retention periods prevent deletion.

Rights as a Data Subject

Right to Information

You have the right, pursuant to Art. 15 GDPR, to request information about the personal data we process about you.

Right to Rectification

If the personal data we have stored is no longer up-to-date or accurate, you can request a correction pursuant to Art. 16 GDPR. You may also request the completion of your data if it is incomplete.

Right to Erasure

You have the right, pursuant to Art. 17 GDPR, to request the deletion of your personal data.

Right to Restriction of Processing

Under Art. 18 GDPR, you have the right to request the restriction of processing of your personal data.

Right to Data Portability

Under the conditions of Art. 20(1) GDPR, you have the right to have the personal data that we process automatically based on your consent or for the performance of a contract transmitted to you or to a third party. Since the collection of data necessary for providing our website and the storage of log files are mandatory and not based on consent under Art. 6(1)(a) GDPR or a contract under Art. 6(1)(b) GDPR, but justified by Art. 6(1)(f) GDPR, the right to data portability does not apply in this context.

Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right under Art. 77(1) GDPR to lodge a complaint with a data protection supervisory authority of your choice. This also includes the supervisory authority responsible for us:

Berlin Commissioner for Data Protection and Freedom of Information Telephone: +49 (0)30 13889-0

Fax: +49 (0)30 2155050

Email: mailbox@datenschutz-berlin.de

Right to Object under Art. 21(1) GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data if it is based on Art. 6(1)(f) GDPR. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. The collection of data necessary for providing our website and the storage of log files are essential for the operation of the website.

Date: 13.08.2024