yfe.tv

Privacy Policy

Privacy Policy

Your Family Entertainment AG, Türkenstraße 87, 80799 Munich

Version of May 13, 2024 

Your Family Entertainment AG (hereinafter referred to as “YFE” or “we”) takes the protection of your personal data seriously. With this Privacy Policy, we would like to inform you in detail about what data we collect, process, and use from you when you contact us, during (pre-)contractual negotiations, as a user of our websites or applications, or through other interactions with us, and for what purpose. The processing of your personal data is carried out in accordance with the provisions of the European General Data Protection Regulation (hereinafter referred to as GDPR), the German Federal Data Protection Act (hereinafter referred to as BDSG), and the Telecommunications Act (hereinafter referred to as TKG). This Privacy Policy applies to all interactions between you and us, unless otherwise agreed upon. If you are contacting YFE as a representative of a company, please also forward this information to the current and future authorized representatives and beneficial owners in your company, as well as any jointly obligated parties. These include, for example, board members, managing directors, authorized signatories, or project managers.

1. Who is responsible for your data??

The controller responsible for the lawful collection, processing, and use of your data pursuant to Article 30, Paragraph 1 of the GDPR is: Your Family Entertainment AG Managing Director: Dr. Stefan Piëch Commercial Register: Munich Local Court, Registration No.: HRB 164992 Türkenstraße 87 80799 Munich Telephone: +49 89 997271-0 Fax: +49 89 997271-91 Email: info@yfe.tv

(

(Responsible entity) Contact details of our data protection officer in accordance with Article 30, paragraph 1 a) GDPR: DataGAP GmbH Bessemerstr. 82 10th floor South 12103 Berlin E-Mail: team@datagap.de Website: www.datagap.de

2. What data do you need to provide and which data sources do we use and process??

In principle, no personal data is required to use the website www.yfe.tv (the website).

2.1. Cookies and general data

Our websites use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser. You can prevent our websites from setting cookies at any time by adjusting the settings of your internet browser accordingly, thus permanently objecting to the use of cookies. Our use of cookies allows us to provide you with more user-friendly services that would not be possible without them. Cookies allow us to optimize the information and offers on our website for the user. Cookies enable us to recognize you as a returning user of our website. The purpose of this recognition is, for example, to prevent you from having to re-enter your login details every time you visit the website, as this is handled by the website and the cookie stored on the user’s computer system. The following cookies are used when you access our website: 1. So-called temporary cookies, which serve to optimize our website. These cookies do not contain any personal data and expire after the session ends; 2. So-called persistent cookies, which remain on your computer and recognize it on your next visit. This allows us to provide you with better access to our website. These cookies do not contain any personal data. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, some functions of our website may not be fully usable. Our website collects a range of general data and information each time you access it. This general data and information is stored in the server’s log files. The following data can be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reached our website (known as the referrer), (4) the sub-pages accessed on our website by an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to prevent attacks on our IT systems. We do not draw any conclusions about you from the use of this general data and information. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and its advertising, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack. This anonymously collected data and information is evaluated statistically and also with the aim of increasing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from all personal data provided by a data subject. The website is hosted on servers of a service provider commissioned by us. Our service provider is: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Further information about the processing of personal data by 1&1 can be found at: https://www.ionos.com/terms-gtc/privacy-policy/
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored includes:
  • Information about the browser type and version used
  • The user’s operating system
  • Date and time of access
  • Websites from which the user’s system accessed our website
This data is not combined with other data sources. The collection of this data is based on Article 6 Paragraph 1 Letter f of the GDPR. Our legitimate interest in processing this data is to ensure our website functions correctly and to optimize its features. The website’s server is located in Germany.

2.2. Personal data

The use of certain services or products we provide may require you to provide the personal data requested on a case-by-case basis. You can refuse to provide this data at any time. However, if you choose not to provide data that is necessary for providing the services or products, for establishing and maintaining a business relationship and fulfilling the associated contractual obligations, or that we are legally obligated to collect, we will generally be unable to provide the services or products, or we will have to refuse to enter into or execute new contracts, or we will no longer be able to perform an existing contract and may have to terminate it. If you wish to establish or continue a business relationship with us, you must provide the personal data that is necessary for establishing or continuing a business relationship with us and for us to fulfill it. This also applies, and in particular, if you wish to use certain YFE services or products, or if you request information from us that requires us to send you a unique access code for use or decryption.   “` The data we collect regularly includes the following information: Your first and last name, your email address, your postal address (including work address), and your telephone numbers (including work and mobile numbers). In certain cases, the collection of further data may be necessary. You will be notified accordingly in each case. Email addresses and other personal data that you provide in connection with inquiries and send to us will be used exclusively for processing these inquiries and for the purpose for which they were sent to us. In addition to the data you provide, we process data that we have lawfully received from third parties (e.g., Creditreform) (e.g., for the performance of contracts or based on your consent). For some of our services, we provide links to third-party providers on our website and allow them to place content on our pages. The inclusion of external links does not imply that YFE endorses the content behind the link. These third-party providers may, if you use their links, place cookies on your computer and collect information about your online activities on their websites or services. These currently include, but are not limited to, the following companies: Facebook YouTube EQS Group AG You can find more information about each company’s practices, including the options offered, on their respective websites. Our privacy policy does not extend to these third-party websites. Furthermore, we have no control over how these third-party providers process your data.

3. For what purpose and on what legal basis do we process your data??

The aforementioned personal data is collected by us in accordance with the provisions of the GDPR, the BDSG and the TKG.

3.1. Processing for the performance of contractual obligations (Art. 6, para. 1 b) GDPR)

Personal data is processed for the purpose of establishing pre-contractual business relationships initiated by you or for fulfilling existing contracts between you and us. The purpose of data processing is primarily based on your product interest and may include, among other things, needs analyses, consultations, and the execution of service, supply, or purchase contracts. Your previous purchasing behavior is also recorded in order to create optimized offers based on this data.

3.2. Processing within the framework of the balancing of interests (Art. 6, para. 1 f) GDPR)

Where necessary, we process your data beyond the actual fulfillment of your request or contract to protect our legitimate interests or those of third parties.

— Review and optimization of processes for needs analysis and direct customer contact; including customer segmentation and calculation of conversion probabilities

— Advertising or market and opinion research, unless you have objected to the use of your data

— Assertion of legal claims and defense in legal disputes

— Ensuring our IT security and IT operations

— Prevention and investigation of criminal offenses

— Video surveillance in our business premises to protect our property rights, to collect evidence in cases of industrial espionage, or to demonstrate proper and professional contract fulfillment by us

If you have given us your consent to process personal data for specific purposes (e.g., establishing or continuing a business relationship, subscribing to newsletters, invitations to in-house trade fairs, etc.), the lawfulness of this processing is based on your consent.

By giving your consent, you authorize us to use your data in accordance with this privacy policy for the duration of the business relationship or the legally binding retention and documentation obligations. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation (GDPR) came into effect, i.e., before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. You can request a status overview of the consents you have given at any time.

3.4. Data processing based on legal requirements (Art. 6, para. 1 c) GDPR) or in the public interest (Art. 6, para. 1 e) GDPR)

As a globally operating company, YFE has various legal obligations, i.e., statutory requirements (e.g., customs or export control regulations). The purposes of processing therefore include, among other things, creditworthiness checks, identity verification, fraud and money laundering prevention, compliance with tax-related control and reporting obligations, and the assessment and management of risks within the company and the group, also with regard to export controls.

4. Who has access to your data through us?

Access to your data is granted through us to those entities that require it to fulfill our (pre-)contractual and legal obligations. Service providers and agents we engage, in accordance with Article 28 GDPR (data processors), may receive data from us for this purpose, provided they comply with our written data protection instructions or comparable data protection obligations and demonstrate that the data processing is carried out in accordance with the GDPR, the German Federal Data Protection Act (BDSG), or a comparable level of data protection in Europe.

Furthermore, the aforementioned information will be disclosed to public authorities and institutions if required by law or by order of a public authority.

Other recipients of your data may also include those entities to which you have given us your consent to transfer your data, or for which you have released us from a duty of confidentiality or by giving your consent.

If, in exceptional cases, further transfers to third countries should be necessary, these will only take place in accordance with the admissibility provisions pursuant to Sections 4b and 4c of the German Federal Data Protection Act (BDSG).

4.1. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies.” Google will use this information on behalf of the operator of this website to evaluate your use of the website and to compile reports on website activity. Google will also use this information to provide the website operator with other services related to website and internet usage. The IP address sent by your browser as part of Google Analytics will not be combined with other Google data. Processing is carried out in accordance with Article 6(1)(a) GDPR based on your consent. We only use Google Analytics with IP anonymization enabled. This means that your IP address is only processed by Google in truncated form. We have concluded a data processing agreement with the service provider, obligating them to protect our customers’ data and not to disclose it to third parties. Since personal data is transferred to the USA, further safeguards are required to ensure the GDPR’s level of data protection. To guarantee this, we have agreed to standard contractual clauses with the provider in accordance with Article 46(2)(c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be guaranteed even through this contractual extension, we will endeavor to obtain further agreements and commitments from the recipient in the USA. The Google Analytics Terms of Service and information on data protection can be accessed via the following links: http://www.google.com/analytics/terms/de.html https://www.google.de/intl/de/policies/ The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Data at the user and event level, which is linked to cookies, user identifiers (e.g., User ID) and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA [Apple Identifier for Advertisers]), will be deleted no later than 14 months after collection. You can prevent the storage of cookies by adjusting your browser settings accordingly. However, please note that in this case, you may not be able to fully utilize all the functions of this website. You can also prevent Google from collecting the data generated by the cookie and analyzing your use of the website (including your IP address) and processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de. 4.2. Google Tag Manager This website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are used, and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which may in turn collect data. However, the Google Tag Manager itself does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with the Google Tag Manager. We use the Google Tag Manager based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools. Since the IP address is transferred to Google in the USA, further safeguards are required to ensure the GDPR’s level of data protection. To guarantee this, we have agreed to standard contractual clauses with the provider pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we strive to obtain further agreements and commitments from the recipient in the USA. 4.3. Google Fonts We use “Google Fonts” on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Fonts allows us to use external fonts. When you access our website, the necessary Google Fonts are loaded from our web server into your browser cache. This is necessary so that your browser can display our text in an enhanced visual format. If your browser does not support this feature, a standard font from your computer will be used. The fonts are hosted by us and are therefore not loaded from an external provider. The processing of your IP address is required for this. We use Google Fonts for optimization purposes, in particular to improve your experience on our website and to make its design more user-friendly. The legal basis for this data processing is our legitimate interest in this regard pursuant to Art. 6 para. 1 lit. f GDPR. 4.4. Mailchimp If you would like to subscribe to the newsletter offered on the website, which provides regular information about our offers and products, we require your email address as mandatory information. Additional data may be requested so that we can address you personally in the newsletter and/or identify you should you wish to exercise your rights as a data subject. We use the double opt-in procedure for sending our newsletter. This means that we will only send you our newsletter by email after you have explicitly confirmed that you consent to receiving it. As a first step, you will receive an email with a link that you can use to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. By confirming, you give us your consent, in accordance with Article 6 Paragraph 1 Letter a of the GDPR, to use your personal data for the purpose of sending the requested newsletter. When you subscribe to the newsletter, in addition to the email address required for sending, we store the IP address you used to subscribe, as well as the date and time of registration and confirmation, in order to be able to trace any potential misuse at a later date. You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to the data controller named above. After you unsubscribe, your email address will be immediately deleted from our newsletter mailing list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise legally permissible. Our email newsletters are sent via a technical service provider, to whom we transfer the data you provided when subscribing to the newsletter. The service provider uses this information to send and statistically analyze the newsletters on our behalf. For this analysis, the emails we send contain web beacons or tracking pixels, which are single-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. Using conversion tracking, we can also analyze whether a predefined action (e.g., purchasing a product on our website) has been performed after clicking a link in the newsletter. Technical information is also collected (e.g., time of access, IP address, browser type, and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct identification of individuals is therefore impossible. This data is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter. Service provider: Mailchimp Address: Rocket Science Group, LLC., 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA Privacy policy: https://mailchimp.com/legal/privacy/ Since personal data is transferred to the USA, additional safeguards are required to ensure the level of data protection required by the GDPR. To guarantee this, we have agreed to standard contractual clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These agreements obligate the recipient of the data in the USA to process the data in accordance with the level of data protection in Europe. In cases where this cannot be guaranteed even through this contractual extension, we strive to obtain further agreements and commitments from the recipient in the USA.

5. Social Media Presence

Below you will find information on how we handle your data, which is collected through your use of our social media presence on social networks and platforms. Your data is processed in accordance with legal regulations.

5.1. Provider

5.1.1. Facebook Fan Page
5.1.1.1. Data Controller
In the event that the data you transmit to us is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is, in addition to or instead of us, the data controller within the meaning of the GDPR. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR regarding joint controllership in the processing of data (Controller Addendum). This agreement specifies which data processing operations we and Facebook are responsible for when you visit our Facebook Fan Page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. Since Facebook Ltd. transfers personal data to the USA, including to Facebook Inc., additional safeguards are required to ensure the GDPR-compliant level of data protection. For this purpose, the provider uses standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. If you, as a visitor to the page, wish to exercise your rights (access, rectification, erasure, restriction of processing, data portability, lodging a complaint with a supervisory authority, objection, or withdrawal of consent), you can contact both Facebook and us. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/
5.1.1.2. Facebook’s Data Protection Officer
To contact Facebook’s Data Protection Officer, you can use the online contact form provided by Facebook at the following link: https://www.facebook.com/help/contact/540977946302970
5.1.1.3. Data Processing for Statistical Purposes via Page Insights Facebook provides so-called Page Insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. These are aggregated data that provide information about how people interact with our page. Page Insights may be based on personal data collected in connection with a person’s visit to or interaction with our page and in connection with the content provided. Please note what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged into Facebook or do not have a Facebook account. For example, user profiles can be created from user behavior and the resulting user interests. These user profiles can then be used to, for example, display targeted advertising. B. To display advertisements both on and off the platforms that are likely to match users’ interests. This data collection is carried out via cookies stored on your device. Furthermore, user profiles may also store data independent of the devices used by the users; in particular, if the users are members of the respective platforms and are logged in. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest lies in the optimized presentation of our offerings, effective information and communication with customers and prospective customers, and the targeted placement of advertisements. Please note that we have no influence on the data collection and further processing by Facebook. Consequently, we cannot provide any information about the extent, location, and duration of data storage by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, what analyses and connections Facebook makes with the data, and to whom Facebook discloses the data. If you wish to prevent Facebook from processing your personal data, please contact us via another method. Following this, we cannot provide any information about the extent to which Facebook complies with existing deletion obligations, what analyses and connections Facebook makes with the data, or to whom Facebook discloses the data. 5.1.2. Other Social Media Providers 5.1.2.1. Data Controller If your personal data is processed by one of the providers listed below, that provider is the data controller within the meaning of the GDPR. To exercise your data subject rights, we would like to point out that these can be most effectively asserted directly with the respective providers. Only they have access to the data collected from you. Should you nevertheless require assistance, please feel free to contact us at any time. We maintain online presences on the social media platforms of the following providers: — LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland — TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. 5.1.2.2. Data Protection Officer Information on how to contact the data protection officer of the other social media providers can be found here: — LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO — TikTok Technology Limited: https://www.tiktok.com/legal/report/privacy 5.2. General Information on Social Media Platforms 5.2.1. Data Controller The data controller within the meaning of the GDPR is the entity named at the beginning of this privacy policy, insofar as data transmitted by you via one of the social media platforms is processed by us. 5.2.2. Our Data Protection Officer For inquiries regarding data processing carried out by us as the data controller, you can contact our data protection officer using the contact details provided at the beginning of this privacy policy. 5.3. General Data Processing on Social Media Platforms 5.3.1. Data Processing for Market Research and Advertising As a rule, personal data is processed on the company page for market research and advertising purposes. For this purpose, a cookie is placed in your browser, which enables the respective provider to recognize you when you visit a website. Usage profiles can be created using the collected data. These are used to display advertisements, both on and off the platform, that are presumably tailored to your interests. Furthermore, user profiles may also store data independent of the devices you use. This is typically the case if you are a member of the respective platform and are logged in.
5.3.2. Data Processing When You Contact Us
We collect personal data when you contact us, for example, via a contact form or a messenger service such as Facebook Messenger. The specific data collected depends on the information you provide and the contact details you have entered or made available. This data is stored by us for the purpose of processing your inquiry and for any follow-up questions. We will not share this data with third parties under any circumstances without your consent. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 para. 1 lit. f GDPR, and, if applicable, Art. 6 para. 1 lit. b GDPR if your inquiry aims at concluding a contract. Your data will be deleted after your inquiry has been fully processed, unless statutory retention obligations prevent this. We consider your inquiry to be fully processed when it is clear from the circumstances that the matter has been resolved.
5.3.3. Data Processing for Contract Fulfillment If your contact via a social network or other platform aims at concluding a contract with us for the delivery of goods or the provision of services, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the requested services. The legal basis for processing your data in this case is Article 6(1)(b) GDPR. Your data will be deleted when it is no longer required for the performance of the contract or when it is clear that the pre-contractual measures will not lead to a contract corresponding to the purpose of the contact. Please note, however, that even after the contract has been concluded, it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations. 5.3.4. Data Processing Based on Consent If you are asked by the respective platform providers for your consent to processing for a specific purpose, the legal basis for the processing is Article 6(1)(a) and Article 7 GDPR. Consent can be withdrawn at any time with effect for the future. 5.4. Data Transfer and Recipients When visiting and using the platforms listed above, personal data may be transferred to the USA or other third countries outside the EU. Therefore, in these cases, additional safeguards are required to ensure the level of data protection guaranteed by the GDPR. Further information on whether and which suitable safeguards the providers can offer can be found in the list below. We have no influence on the processing of your personal data by the provider and how they handle it. We also have no information on this matter. For further information, please review the respective provider’s privacy policy and, if necessary, use the opt-out/personalization options regarding data processing by the provider: LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out According to its privacy policy, LinkedIn uses standard contractual clauses to ensure an adequate level of data protection in accordance with the GDPR for data transfers to the USA or other third countries outside the EU: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy?lang=de Opt-Out: https://www.tiktok.com/legal/privacy-policy?lang=de#ad-third-parties According to its privacy policy, TikTok uses standard contractual clauses to ensure an adequate level of data protection in accordance with the GDPR for data transfers to the USA or other third countries outside the EU: See section 5 of the privacy policy for details. href=”https://www.tiktok.com/legal/privacy-policy?lang=de”>https://www.tiktok.com/legal/privacy-policy?lang=de

6. How long do we store your data?

Starting regularly with your initial contact, as defined above, we store your personal data, as necessary, for the duration of the business relationship, where this involves regular deliveries or consultations from you by us, until its conclusion.

Furthermore, we are subject to various legal retention and documentation obligations. These arise, for example, from professional regulations, insurance regulations, the German Commercial Code, the German Civil Code, the Money Laundering Act, and other relevant provisions, which we will gladly explain in more detail on a case-by-case basis.

Corresponding statutory retention and documentation obligations are generally between 2 and 10 years.

Furthermore, we only retain personal data if this is necessary in connection with claims asserted against us (statutory limitation period according to § 195 of the German Civil Code up to 30 years).

In principle, your personal data will be deleted or anonymized as soon as it is no longer required for the aforementioned purposes and we are not obligated to retain it further based on statutory documentation and retention requirements. Deletion will also occur if you assert your right to deletion in accordance with section 6 below.

7. What rights to information and erasure do you have?

With regard to the processing of personal data, you can request information about your personal data in accordance with Article 15 GDPR, request the rectification of your personal data in accordance with Article 16 GDPR, request the erasure of your personal data in accordance with Article 17 GDPR, request the restriction of processing of your personal data in accordance with Article 18 GDPR, and request the transfer of certain personal data to you or a third party designated by you (right to data portability) in accordance with Article 20 GDPR. Regarding the right to information and erasure, the restrictions according to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply. You can assert these rights at any time free of charge against the responsible body or our data protection officer. You can also contact our data protection officer directly at any time with any questions or suggestions regarding data protection. You also have the right, pursuant to Article 77 of the GDPR in conjunction with Section 19 of the BDSG, to lodge a complaint with the data protection supervisory authority of either the (federal) state in which you have your residence or habitual abode or the state of Bavaria, where our company headquarters are located. Bavarian State Commissioner for Data Protection Data Protection Wagmüllerstr. 18 80538 Munich Tel. +49 89 212672-0 Email: poststelle@datenschutz-bayern.de

and the

Bavarian State Office for Data Protection Supervision Promenadenstr. 27 91522 Ansbach Tel. +49 98153 1300 Email: poststelle@ida.bayern.de

8. No automated decision-making

We generally do not use automated decision-making pursuant to Article 22 GDPR for establishing or carrying out business relationships. In the unlikely event of a deviation from this procedure, you will be informed separately by us, insofar as this is legally required.

9. Right to object pursuant to Article 21 GDPR

On grounds relating to your particular situation, you have the right to object at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

In certain cases, we process your personal data for direct marketing purposes (for example, newsletters or invitations to trade fairs). You have the right to object at any time to the processing of your personal data for such direct marketing. You can object to this processing at any time, free of charge, by contacting the company’s data protection officer or the responsible body. 10. Changes to the Privacy Policy We reserve the right to amend this Privacy Policy at any time in accordance with applicable data protection regulations. We will inform you of any significant changes to the Privacy Policy by posting a clearly visible announcement on our website.