PRIVACY POLICY

Version: November 2025

1 General Information

1.1 Objective and Responsibility

1.     This privacy policy informs you about the nature, scope and purpose of the processing of personal data in relation to our online offer https://konu.org/ and the associated websites, functions and content (hereinafter collectively referred to as "online offer" or "website"). Details on these processing activities can be found in section 2.

2.     Details of data processing for the purpose of carrying out our business processes are described in section 3.

3.     KONU LLC (28 Elmwood St #2, Somerville, Massachusetts, 02144, United States) - hereinafter referred to as "Provider", "we" or "us" - is the provider of the online offer and responsible for data protection.

4.     Our online offer is provided by Squarespace Ireland Limited (Le Pole House, Ship Street Great, Dublin 8, Ireland).

5.     The term ‘user’ encompasses all customers, interested people, employees and visitors of our online service.

1.2 Legal Bases

In principle, we collect and process personal data based on the following legal grounds:

1.     Consent in accordance with article 6 paragraph 1 lit. a General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.

2.     Necessity for the performance of a contract or in order to take steps prior to entering into a contract according to article 6 paragraph 1 lit. b GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.

3.     Processing to fulfil a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR, meaning that e.g. the processing of data is required by law or other provisions.

4.     Processing in order to protect legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

The specific legal bases for the individual processing operations are specified in the following sections.

1.3 Data Subject Rights

You have the following rights with regards to the processing of your data through us:

1.     The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.

2.     Right of access in accordance with article 15 GDPR

3.     Right to rectification in accordance with article 16 GDPR

4.     Right to erasure (‘right to be forgotten’) in accordance with article 17 GDPR

5.     Right to restriction of processing in accordance with article 18 GDPR

6.     Right to data portability in accordance with article 20 GDPR

7.     Right to objection in accordance with article 21 GDPR

Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

1.4 Data Erasure and Duration of Storage

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.

1.5 Security of Processing

1.     We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.

2.     These security measures include in particular the encrypted transfer of data between your browser and our server.

1.6 Transfer of Data to Third Parties, Subcontractors and Third Party Providers

1.     A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.

2.     If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.

3.     If we use content, tools or other means from other companies (hereinafter collectively referred to as ‘third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.

2 Concrete Data Processing

2.1 Collection of information for the use of the online offer

1.     When using the online offer, information is automatically transmitted to us by the user's browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

2.     The processing of this information is based on legitimate interests pursuant to Article 6 (1) (f) GDPR (e.g. optimization of the online offer) and to ensure the security of the processing pursuant to Article 5 (1) (f) GDPR (e.g. for the defense and reconnaissance of cyberattacks).

3.     The information is automatically deleted at latest 30 days after the end of the connection - i.e. use of the online offer - unless otherwise required by retention periods.

4.     The collection of data and the storage of data in log files is absolutely necessary for the provision of the online offer. Therefore, there is no deletion, objection or correction option on the part of the user.

2.2 Consent Management by UserCentrics

1.     We use the Usercentrics Consent Management Platform as a consent management tool as part of the analytics activities on our website. The Usercentrics Consent Management Platform collects log file and consent data using JavaScript. This JavaScript enables us to inform users about their consent to certain tags on our website and to obtain, manage and document this consent.

2.     Therefore we process the following data:

·       Consent data or data of consent (anonymized log data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp).

·       Device data (e.g. shortened IP addresses (IP v4, IP v6), device information, timestamp)

·       User data (e.g. eMail, ID, browser information, SettingIDs, Changelog)

The ConsentID (contains the above data), the Consent status incl. timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing will only take place if you submit a request for information or revoke your consent. In this case, the relevant information is provided to us in a compact data format in an easily readable text form for the purpose of data exchange (JSON file).

3.     No user information is stored for the statistics of the use of the granted or not granted consent. Only the frequency and locations of clicks are stored.

4.     The personal data is stored on a Google Cloud server located in the EU (Brussels, Frankfurt am Main).

5.     The purpose of the data processing is the analysis and management of the consents granted, in order to comply with our obligation of a GDPR compliant consent management. The use of Usercentrics serves the purpose of proving granted and non-granted consents as well as their management.

6.     The legal basis for the management of your consents for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consents, the control of marketing measures on the basis of the consent granted as well as the optimization of consent rates.

7.     The data is deleted as soon as it is no longer required. The associated cookie has a term of 60 days. The revocation document of a previously granted consent is kept for a period of three years. The retention is based on the one hand on our accountability pursuant to Art. 5 (2) GDPR.

2.3 Squarespace

1.     Data Processing

We host our website at Squarespace Ireland Ltd, Le Pole House, Shipstreet Great, Dublin 8, Ireland (hereinafter: Squarespace). Squarespace a tool for creating and hosting websites. When you visit our website, your data is processed on Squarespace's servers. In this process, personal data may also be transmitted to Squarespace's parent company, Squarespace Inc, 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are necessary for the presentation of the site and to ensure security (necessary cookies).

2.     Legal Basis and Legitimate Interest

The use of Squarespace is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

3.     Data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://support.squarespace.com/hc/en-us/articles/360000851908-GDPR-and-Squarespace

4. While using this website Squarespare establishes a connection to Squarespace-CDN.

2.4 Adobe Typekit Web Fonts

1.     Data Processing

Our website uses so-called “web fonts“ to correctly display font styles. The web font “Futura PT” and “Adobe Garamond Pro” are provided by Adobe Typekit. To correctly display text and fonts, your browser loads the required web fonts into your browser cache. To execute this function, the browser you are using must connect to the Adobe Typekit servers. Through this connection, Adobe Typekit learns that our website has been accessed through the IP address assigned to you.

2.     Legal Basis and Legitimate Interest

Please note that the use of Adobe Typekit Web Fonts is in the interest of a consistent and attractive presentation of our online services. If your browser does not support web fonts, then your device will use a standard font. The above purpose constitutes a legitimate interest in accordance with Art. 6 (1) (f) GDPR.

3.     Further Information

For further information on Adobe Typekit Web fonts, please visit https://typekit.com/ as well as the data protection policy of Adobe Typekit, which can be found at https://www.adobe.com/de/privacy/policies/adobe-fonts.html

2.5 Online Marketing

2.5.1 Google AdS and AdS conversion tracking

1.     We use the online advertising programme "Google Ads" on our website and, in this context, conversion tracking (= visitor action analysis). Google Ads Conversion Tracking is an analysis service of Google Inc (Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

2.     When you click on an advert placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website while the cookie is valid, Google and we can recognise that you have clicked on the ad and have been redirected to this page. Each Google Ads customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of Google Ads customers.

3.     The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. The processing takes place on the basis of Art. 6 para. 1 lit. GDPR from our legitimate interest in targeted advertising. The information collected with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. The processing is carried out on the basis of Art. 6 para. 1 lit. GDPR from our legitimate interest in targeted advertising and in analysing the impact and efficiency of this advertising.

4.     You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you on the basis of Article 6(1)(f) GDPR. To do so, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. You will then not be included in the conversion tracking statistics. You can also deactivate personalised advertising for you in Google's advertising settings.

2.5.2 LinkedIn Ads

1.     We use "LinkedIn Ads", a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn Ads processes and stores information about the behaviour of our users. Among other things, cookies are used for this purpose, small text files that are stored locally in the cache of your web browser on your end device and that enable us to analyse the use of our website by our users.

2.     We use LinkedIn Ads for marketing and optimisation purposes, in particular to analyse the use of freelancermap and to continuously improve individual functions and the user experience. By statistically evaluating user behaviour, we can improve our offering and make it more interesting for our users. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Art. 6 (1) (a) GDPR. In order to comply with the requirements of the GDPR, corresponding standard contractual clauses have been agreed with LinkedIn.

3.     You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you will not be able to use all the functions of our website to their full extent. You can also prevent the collection of the aforementioned information, in particular by LinkedIn, by clicking on the following link and setting an opt-out cookie: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Please note that this setting will be deleted if you delete your cookies.

4.     Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy

2.6 Hubspot CMS

1.     Data Processing

We use Hubspot, Inc. as our customer relationship management (CRM) tool at KONU. On our website, Hubspot uses tracking cookies to track site visits and page views on our website. We process the following data: user ID, IP country, IP time zone, referring sites, number of site views, number of visits, timestamps.

2.     Legal Basis and Legitimate Interest

These cookies are used to improve your website experience and provide more personalized services to you, both on our website and through other media. The above purpose constitutes a legitimate interest in accordance with Art. 6 (1) (f) GDPR. You may revoke consent for cookies using our Usercentrics Cookie Banner.

3.     Further information

The data privacy policy of Hubspot can be found here: https://legal.hubspot.com/privacy-policy

4.     Data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Hubspot is certified under the EU-U.S. Data Privacy Framework. Further information can be found here: https://legal.hubspot.com/eu-us-dpf

2.7 Hubspot Forms

1.     Data Processing

We use Hubspot forms to collect information from users through a number of forms on our website (contact us form, post-workshop forms, and open enrollment registration forms). The data collected is the data provided by users filling out the forms (form conversions):

·       Contact us form: first and last name, email address, company name, location, role, “how can we help”, “may we add you to our mailing list”, “agree to receive communication from KONU”

·       Post-workshop form: first and last name, email address, company name, location, role, “what resonated from the workshop today”, ”are you interested in a 1:1 consultation”, “may we add you to our mailing list”, “agree to receive communication from KONU”

·       Workshop registration forms: first and last name, email address, company name, location, role, “discount code”, ”would you like to learn more about our services”, “how did you hear about us”, “agree to receive communication from KONU”

2.     Legal Basis and Legitimate Interest

The purpose of data processing is to provide the user with further information on the services they have requested, such as marketing information in order to stay in touch with KONU and/or information on the workshop they have registered for. The legal basis for data processing is freely given consent in accordance with Art. 6 (1) (f) GDPR. You may revoke consent for data processing at any time.

3.     Further information

The data privacy policy of Hubspot can be found here: https://legal.hubspot.com/privacy-policy

4.     Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Hubspot is certified under the EU-U.S. Data Privacy Framework. Further information can be found here: https://legal.hubspot.com/eu-us-dpf

5.     Hubspot uses the CloudFlare service to secure the forms. CloudFlare is processing cookies on the basis of the weighing of interests in accordance with Art. 6 (1) (f) GDPR.

2.8 Youtube

1.     Data Processing

We have integrated YouTube videos into our website, which are stored on the YouTube platform and can be played directly from our website. YouTube is a service of Google LLC, D / B / A YouTube. 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter referred to as "Google"). Data about you as a user will only be transferred to Google if you explicitly consent to the use of the video function via our Consent Management System (see paragraph 2.2).

We have no influence on this data transmission. The data transfer takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account.

2.     Purposes and Legal Basis

We use YouTube videos on our website to present them in a simple way.

The legal basis for the processing of your personal data is your consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR.

3.     During the data transfer to Google, your personal data will be transferred to Google servers, which may also be located in the USA. The USA is a country without a level of data protection adequate to that of the EU. This means, in particular, that the US authorities can access personal data in a simplified manner and that there are limited rights to such measures. When you enable the YouTube video feature, you expressly consent to the transfer of data to Google and to the transfer of your personal data to servers in the United States.

4.     If you have given your consent, you have the right to withdraw it at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

5.     Further Information

Further information on data processing, in particular the legal basis and the storage period of Google, can be found in the privacy policy of the provider (https://policies.google.com/privacy) and in the privacy banner on the YouTube platform. There you will also find further information on your rights and setting options to protect your privacy.

Google reloads further services, these include in particular

a.     Google Photos

b.     Google Fonts

c.     DoubleClick

In doing so, Google may also process your data in the USA, a third country without sufficient data protection.

2.9 Google Analytics

1.     We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House Barclays Dublin Ireland - hereinafter "Google"), on the basis of your consent for the analysis, optimization and economic operation of our online offer pursuant to Article 6 (1) (a) GDPR. Google uses cookies and other technologies. The information generated by the service about the use of the online offer by users is transmitted to a Google server in the USA and processed there.

2.     Google acts on our behalf within the framework of order processing pursuant to Article 28 GDPR. We have concluded a data protection agreement with Google that contains the EU standard data protection clauses.

3.     We use Google Analytics with IP anonymization enabled.

4.     Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/¬dlpage/gaoptout?hl=en.

5.     The collected data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

6.     Further information on data use by Google, settings and revocation options can be found on Google's websites:

https://policies.google.com/technologies/partner-sites?hl=de ("Data use by Google when you use our partners' websites or apps").

https://policies.google.com/technologies/ads ("Data use for advertising purposes").

https://adssettings.google.com/¬authenticated ("Managing information Google uses to serve ads to you").

2.10 Links to other websites

1.     While using some of our services, you will be automatically redirected to other websites.

2.     Please note that this privacy policy does not apply there. The privacy policy of the linked website may differ considerably from this one.

2.11 LinkedIn Analytics

1.     We use the LinkedIn Analytics service on our website. The provider is LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2 Dublin, Ireland).

2.     The service stores and processes information about your user behaviour on our website. For this purpose, the service uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable your use of our website to be analysed. The legal basis is Art. 6 (1) (a) GDPR (consent).

3.     We use the service to analyse the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour, we can improve our offer and make it more interesting for you as a user. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

2.12 Google Tag Manager

1.     We use the Google Tag Manager on our website. The Google Tag Manager is a service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

2.     Through the Google Tag Manager, we can integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it. In doing so, it cannot be ruled out that Google also transmits the information to a server in a third country.

3.     In particular, the following personal data is processed by the Google Tag Manager:

·        Online identifiers (including cookie identifiers).

·        IP address

4.     In addition, you can find more detailed information about the Google Tag Manager on the websites https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

as well as at

https://www.google.com/intl/de/policies/privacy/index.html (section "Data we receive based on your use of our services").

5.     Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager (Art. 28 GDPR). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

6.     If you have deactivated individual tracking services (e.g. by setting an opt-out cookie), the deactivation remains for all affected tracking tags that are integrated by the Google Tag Manager.

7.     By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. In addition, the integration of the Google Tag Manager optimizes the loading times of the various services.

8.     The legal basis for the processing of personal data described here as part of the measurement process is consent expressly granted by you in accordance with Art. 6 Para. 1 lit. a GDPR.

9.     The legal basis for the processing of those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 (1) GDPR).

2.13 HubSpot Analytics

1.     We use HubSpot Analytics from HubSpot, Inc, Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.

2.     HubSpot Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users. This information is used, among other things, to compile reports on website activity. HubSpot Analytics is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

3.     Further information can be found in the privacy policy for HubSpot Analytics: https://legal.hubspot.com/privacy-policy.

2.14 Google Adsense

1. This website uses Google Adsense, a web advertising service of Google Inc, USA (''Google'').

2. Google Adsense uses so-called ''cookies'' (text files), which are stored on your computer and enable your use of the website to be analysed.

3. Google Adsense also uses so-called ''web beacons'' (small invisible graphics) to collect information. By using the web beacon, simple actions such as visitor traffic on the website can be recorded and collected.

4. The information generated by the cookie and/or web beacon about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

5. Google will use this information to analyse your use of the website with regard to the advertisements, to compile reports on the website activities and advertisements for the website operators and to provide further services associated with the use of the website and the Internet.

6. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

2.15 Google Adsense for Youtube

1. We use the “Google AdSense for YouTube” service on our website as part of the “YouTube” service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Irland.

2. The legal basis for the use of Google Adsense for Youtube is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

3. The data processed by Google AdSense for YouTube includes your IP address, device information, viewing behavior, interaction data, and cookies are set to provide personalized advertising.

4. If you are logged into a Google account, Google Adsense for YouTube may link data collected to your user profile in order to display personalized advertising.

5. Google processes this data to display personalized advertising and analyze user interactions with advertisements.

6. It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have concluded a Data Processing Addendum with Google, which guarantees that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.

7. Further information on the privacy policy of Google Adsense for Youtube can be found at: https://policies.google.com/privacy

2.16 LinkedIn Insight Tag

1. This website uses LinkedIn's Insight Tag. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

2. With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or take other action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, the advertising recipient is not identified.

3. LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

4. As the website operator, we cannot assign the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

5. If consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6 (1) lit. a GDPR. Consent can be revoked at any time. If consent has not been obtained, the use of this service is based on Art. 6 (1) lit. f GDPR; the website operator has a legitimate interest in effective advertising measures, including social media.

6. Data transfer to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

7. You can object to the analysis of usage behaviour and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

8. Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

2.17 Information about Google Services

1. We use various services of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland on our website.

   For more information on the individual concrete services of Google that we use on this website, please refer to the further privacy policy.

2. Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country.

   The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.

   Google is registered in the data privacy framework. Furthermore, Google has committed to comply with the standard contractual clauses for the transfer of personal data to third countries (Standard Contractual Clauses - SCC).

   More information about the Standard Contractual Clauses is available at

   https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de

   and at

   https://policies.google.com/privacy/frameworks?hl=

3. We ourselves cannot influence which data Google actually collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, among others:

   1. Log data (in particular the IP address)

   2. Location-related information

   3. Unique application numbers

   4. Cookies and similar technologies

      Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types.

4. If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data.

5. Google states the following about this, among other things:

   "If you are not signed into a Google Account, we store the data we collect with unique identifiers associated with the browser, app, or device you are using. This allows us to ensure, for example, that your language settings are maintained across all browser sessions.

   If you are logged into a Google account, we also collect data that we store in your Google account and consider to be personal data." (https://privacy.google.com/take-control.html)

6. You can prevent this data from being added directly by logging out of your Google account or also by making the appropriate account settings in your Google account. Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.).

7. You can find more detailed information in the privacy notices of Google, which you can access here: https://www.google.com/policies/privacy/

8. You can find notes on Google's privacy settings at https://privacy.google.com/take-control.html.

3 Processing for the purpose of carrying out our business processes

3.1 Inquiry by e-mail, telephone or fax

1.     If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent, unless it is necessary to pass it on to third parties in order to process your request.

2.     The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.

3.     The data you send to us via contact requests remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

3.2 Existing customer advertising

1.     Insofar as you have already made use of services from us against payment, we may inform you from time to time by e-mail or letter about similar services from us (in particular new offers), unless you have objected to this.

2.     The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct advertising (recital 47 GDPR). You can object to the use of your e-mail address and postal address for advertising purposes at any time without additional costs with effect for the future.

4 Processing for the purpose of carrying out our business processes

4.1 Personnel application

For reasons of better readability, the simultaneous use of masculine and feminine and various forms of language is dispensed with - within the framework of the following explanations. All references to persons apply to all genders: m/f/d.

4.1.1 Direct applications

1.     We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

2.     Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

3.     If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

4.     Storage period of the data

5.     If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

4.1.2 Inclusion in the applicant pool

1.     If we do not make you a job offer, we may be able to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

2.     The inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.

3.     The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

5 Cookies

5.1 General Information

1.     Cookies are information transmitted by our web server or third-party web servers to the users' devices where they are stored for later retrieval. Cookies can be in the form of small files or any other types of information storage.

2.     In the case that users do not want that cookies are stored on their device, they will be asked to disable the corresponding option in their browser's system settings. Saved cookies may be deleted in the system settings of the browser. The exclusion of cookies can lead to functional impairments of this online service.

5.2 Cookie overview, objection

1.     You can find an up-to-date overview of the cookies used on this website in the consent management platform "Usercentics" (see paragraph 2.2.).

2.     You can also manage your individual consents or preferences there.

6 Changes to the Data Privacy Policy

1.     We reserve the right to change this Data Privacy Policy with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.

2.     If users' consents are required or if elements of the Data Privacy Policy contain provisions in regards to the contractual relationship with the users, the changes will only be made with the consent of the users.

3.     Users are requested to keep themselves informed about the content of this Data Privacy Policy on a regular basis.