DATA PRIVACY

  1. General information and principles of data processing

Our privacy policy applies globally!

area42 is a California registered company. Therefore, the basis of this privacy policy is the California Privacy Protection Agency (CPPA) Privacy Policy.

About CPPA: In November 2020, California voters approved Proposition 24, the California Privacy Rights Act of 2020 (CPRA). The CPRA added new privacy provisions to the California Consumer Privacy Act of 2018.

The California Privacy Rights Act created a new agency, the California Privacy Protection Agency (CPPA), to implement and enforce the law. The CPPA is governed by a five-member board of directors. The internet address is: https://cppa.ca.gov/

If the European Union Data Protection Regulation “GDPR” is mentioned in this data protection declaration, this means that the passage mentioned is part of our data protection declaration due to the CPPA regulations and also complies with the GDPR, or that the GDPR entails stricter regulations than the CPPA and therefore the GDPR version is used. The addresses of third-party providers that we may use on our pages or to which we link are those that apply to the European Union for inquiries. For visitors to this website outside the European Union, different addresses or responsible locations may apply. Typically these are the companies' closest regional locations. For users in the USA and companies whose headquarters are in the USA, this is the address of the corporate headquarters in the USA. All relevant addresses that are not specifically mentioned in this declaration can be found on the Internet. If you have specific questions or needs, we will be happy to help make such addresses accessible.

For questions regarding this statement, as well as any other questions to area42, users can use the contact form at the bottom of the area42 home page.

The protection of your privacy and the protection of your personal data, the so-called personal data, when using our website is an important concern for us.

According to Art. 4 No. 1 GDPR, personal data is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address.

Data for which no reference to your person can be established, such as through anonymization, is not personal data. Processing (e.g. collecting, storing, reading, querying, using, transmitting, deleting or destroying) according to Art. 4 No. 2 DS-GVO always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally prescribed retention obligations to be observed.

Here you will find information about the handling of your personal data when visiting our website. To provide the functions and services of our website, it may be necessary for us to collect personal data about you. We also explain to you the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.

  1. Responsible entity

area42, 3000 Danville Blvd, 94507 Alamo, CA (hereinafter: "area42" or "we") hereby informs you about the processing of your personal data in the context of this website.

This privacy policy only applies to the website of area42. It does not apply to other websites to which we refer by hyperlink. We cannot accept any responsibility for the confidential handling of your personal data on third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.

  1. Data Protection Officer

If you have any questions about data protection, you can also contact our data protection officer at any time: Akif Colak, e-mail: akif.colak@icloud.com

  1. Provision and use of the website / server log files

a) Type and scope of data processing When you use this website or, for example, by registering or using the contact form to transmit data to us, we collect via server log files technically necessary data that are automatically transmitted to our server, including: IP address - Date and time of the request - Name and URL of the file accessed - Website from which the access was made (referrer URL) - Access status/HTTP status code - browser type - Language and version of the browser software - Operating system

b) Purpose and legal basis The processing described is technically necessary in order to be able to display our website to you. We also use the data to ensure the security and stability of our website. The legal basis for this processing is Article 6 Paragraph 1 Letter f) GDPR. The processing of the data mentioned is necessary to provide a website and thus serves to protect a legitimate interest of our company.

c) Storage period As soon as the personal data mentioned is no longer required for displaying the website, it is deleted. Data in server log files are automatically deleted by the system as a rule after 2 weeks. Because the collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website, there is no possibility for users of the website to object with regard to this aspect. Further storage may take place in individual cases if this is required by law.

  1. Usage of Cookies

a) Type, scope and purpose of data processing We use cookies. Cookies are files of small size that are sent by us to the browser of your terminal device during your visit to our website and stored in the browser directories. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. Among other things, cookies allow us to make our website more user-friendly and effective for you by, for example, evaluating the way our visitors use our website. This includes, for example, the ability to determine preferred country and language settings. Where third parties process information via cookies, they collect the information directly from your browser. This category includes, for example, providers of cookie banners. These banners store the selection of cookie options made by users through their own cookies.

Temporary cookies/ session cookies Our website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your terminal device during subsequent website visits. These session cookies expire at the end of the session.

Persistent cookies So-called persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information about your visits to our website. This information helps, for example, to improve your user experience. The respective storage period differs depending on the cookie. You can delete permanent cookies independently via your browser settings.

Third-party cookies We use analytical cookies to monitor anonymized user behavior on our website. In addition, we use advertising cookies. These cookies allow us to track user behavior for advertising and marketing purposes.

Social media cookies allow you to connect to your social networks and share content from our website within your networks.

Browser settings configuration Most web browsers are preset to automatically accept cookies. However, you can configure your respective browser so that it only accepts certain cookies or not at all. However, we would like to point out that you may then no longer be able to use all the functions of our website. You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers can differ in their respective modes of operation, we ask you to use the respective help menu of your browser for the corresponding configuration options. The deactivation of the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to deactivate it again.

b) Legal basis This processing is technically necessary in order to display our website to you. We also use the data to ensure the security and stability of our website and to comply with legal obligations. The collection of data is necessary for the provision of our website and thus serves to protect a legitimate interest of our company. The legal basis for the processing of the aforementioned data is Art. 6 para. 1 lit. c) and lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") issued by us on the website, the legal basis for further data processing is Art. 6 (1) a) GDPR.

c) Storage period As soon as the data transmitted to us via the cookies is no longer required for the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.

d) Cookie-Categories

We use the following categories of cookies: aa) Necessary cookies Necessary cookies ensure functions without which our website cannot be used as intended. These absolutely necessary cookies serve, for example, to ensure that logged-in users always remain logged in when accessing various sub-pages. They are so-called first party cookies, the cookies are used only by us. These cookies do not require consent, but you can disable cookies in your browser at any time.

bb) Statistics cookies Statistics cookies collect information about the usage patterns of a website in order to improve its attractiveness, content and functionality. For example, the following data is collected: The number of times a page or sub-pages are accessed, the time spent on the website, the order of the pages visited, which search terms led you to us, the country, region, city from which access is made, and the proportion of mobile devices accessing our websites. Furthermore, we analyze which areas of our website are of particular interest to you. Statistics cookies help website owners understand overall how visitors interact with websites by collecting and reporting information anonymously.

cc) Cookies for personalization Cookies for personalization enable our website to save the information you have already provided (e.g. registered name, language selection, location) and to offer you improved and more personalized functions based on this. Only anonymized information is processed via these.

dd) Marketing cookies Marketing cookies are used to follow visitors on websites and serve them interest-based advertisements on the website. They are also used to limit the appearance frequency of ads and measure the effectiveness of advertising campaigns. Through these cookies, it is registered whether one has visited a website or not. This obtained information can be shared with third parties, such as advertisers. Cookies to improve targeting and advertising are often linked to third party site functionality. The intent is to show ads that are relevant and engaging to the individual user and therefore more valuable to users, publishers, and advertising third parties.

  1. Data collection for the implementation of pre-contractual measures and for the fulfillment of contracts

a) Type and scope of data processing In the pre-contractual area and when concluding a contract, we must - as in the non-online area - request and store personal data from you. This concerns, for example, first and last name, address, e-mail address, telephone number or bank details. b) Purpose and legal basis of data processing We collect and process this data exclusively for the purpose of executing the contract or fulfilling pre-contractual obligations. The legal basis for this is Art. 6 para. 1 lit b) GDPR. If there is also consent from you, the additional legal basis is Art. 6 para. 1 lit. a) GDPR. c) Storage period The data is deleted as soon as it is no longer required for the purpose of your processing. In addition, there may be legal obligations to retain data, for example, obligations to retain data under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these retention obligations.

  1. Data Transfer

We will only share your personal data with third parties if: a) you have given your express consent to this in accordance with Art. 6 (1) a) GDPR. b) this is legally permissible and necessary according to Art. 6 para. 1 lit. b) GDPR for the fulfillment of a contractual relationship with you or the implementation of pre-contractual measures. c) there is a legal obligation for the transfer according to Art. 6 para. 1 lit. c) GDPR. We are legally obliged to transfer data to state authorities, e.g. tax authorities, social insurance carriers, health insurance companies, supervisory authorities and law enforcement agencies. d) the transfer is necessary in accordance with Art. 6 (1) f) GDPR for the protection of legitimate business interests, as well as for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data. e) in accordance with Art. 28 GDPR, we make use of external service providers (so-called order processors) when processing the data, who have been obligated to handle your data with care. We use such service providers in the areas of: - IT - logistics - telecommunications - sales and distribution - marketing

When transferring data to external bodies in third countries, i.e. outside the EU or EEA, we ensure that these bodies treat your personal data with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through contractual agreements or other suitable guarantees.

  1. Website Comments

a) Type and scope of data processing On our website you can comment on posts in our blog. When you comment on a post, we collect and store the data you enter in the input mask. In addition to the comments you leave, information about the time you entered the comment and possibly the user name (pseudonym) you chose will also be saved and published. Furthermore, the IP address assigned by the data subject's Internet service provider (ISP) is stored. A disclosure to third parties does not occur. b) Purpose and legal basis The data you transmit (e.g. the IP address) is for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment made. This collected personal data will not be passed on to third parties unless such transfer is required by law or serves the legal defense of the person responsible for processing. The legal basis for the processing of personal data transmitted when using the comment function is, if and to the extent that you have given your consent, Article 6 (1) (a) GDPR. You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation. Another legal basis is Article 6 Paragraph 1 Letter f) GDPR. Because we have a legitimate interest in processing if the rights of third parties are violated or illegal content is posted. c) Storage period The comments and the associated data (e.g. IP address) are saved and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons.

  1. Contact options via e-mail

On our website, a contact option is available to them by e-mail. a) Type and scope of data processing You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us as well as the personal data you provide as you wish when contacting us. b) Purpose and legal basis The purpose of the data processing is to be able to answer your request appropriately. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. There is a legitimate interest in processing the above-mentioned personal data in order to be able to deal with your request appropriately. c) Storage period The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted regularly if the purpose of the communication no longer applies and storage is no longer necessary. This may result, for example, from a processing of your request.

  1. Privacy notice for videoconferences

The following data protection information relates to the use of the following video conferencing systems: - Microsoft Teams (hereinafter: video conferencing systems)

Below we inform you about the processing of personal data in connection with the use of the video conferencing systems.

Purpose of the processing: We use video conferencing systems to conduct meetings with customers and interested parties, seminars and training sessions (hereinafter: "online conferences"). The video conferencing systems are technically provided by the respective provider. The regulations of the respective provider regarding the use remain unaffected.

Person responsible: The respective organizer of the online conference is responsible for data processing that is directly related to the implementation of online webinars.

What data is processed? Various types of data are processed when using the video conferencing system. The scope of the data also depends on the data you provide before or during participation in an online training course.

The following personal data may be subject to processing: User details: First name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional) Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. When dialing in by phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved. Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the online training and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time.

To take part in an online training course or to enter the "meeting room", you must at least provide information about your name.

Scope of data processing: If we want to record online training, we will communicate this to you transparently and - if necessary - ask for consent. As a rule, online training is not recorded. This also applies to the chat function.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis for data processing: Soweit Sie als Veranstaltungsteilnehmer einen Vertrag mit uns abgeschlossen haben, ist die Rechtsgrundlage Art. 6 Abs. 1 lit. b) GDPR (Vertrag bzw. Vorvertrag).

If you have given your consent to the processing of your personal data, the legal basis is Article 6 Paragraph 1 Letter a) GDPR.

As far as personal data of area42 employees is processed, Art. 6 Para. 1 lit. b) GDPR is the legal basis for data processing.

We only use audio or video recordings and the use of functions that are not necessary for a session on the legal basis of the data subject's consent in accordance with Art. 6 para. 1 lit. a) GDPR. The declaration of consent is obtained in advance.

Recipients / disclosure of data Personal data that is processed in connection with participation in online conferences will not be passed on to third parties unless it is intended to be passed on.

Data processing outside the European Union Some of the providers of the video conferencing systems are based in the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with each of the providers that meets the requirements of Art. 28 GDPR. By concluding so-called EU standard contractual clauses, the providers have undertaken to comply with a level of data protection that essentially corresponds to the European level. Please note, however, that the existence of an appropriate data protection standard for providers outside the EU/EEA - even if EU standard contractual clauses have been concluded - cannot be guaranteed in every case.

Data Privacy Officer: We have appointed a data protection officer. You can reach him as follows: Akif Colak, e-mail: akif.colak@icloud.de

Your rights: You have the right to information about the personal data concerning you. You can contact us at any time for information. In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so. Finally, you have the right to object to processing within the scope of the statutory provisions. You also have the right to data portability within the framework of the data protection regulations.

Deletion of data: We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Right to complain to a supervisory authority: You have the right to complain to a data protection supervisory authority about the processing of personal data by us.

Amendment of this data protection notice: We will revise this data protection information in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

  1. Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. To this end, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress. These include the use of recognized encryption methods (SSL or TLS). However, data that is disclosed in unencrypted form, for example by unencrypted e-mail, may be read by third parties. We have no influence over this. It is the responsibility of the respective user to protect the data provided by them against misuse through encryption or in any other way.

  1. Changes to the privacy policy

We reserve the right to update this declaration at any time if necessary.

  1. Your rights

Here you will find your rights in relation to your personal data. Details can be found in Articles 7, 15-22 and 77 GDPR. You can contact the controller (section 2) or the data protection officer (section 3) in this regard.

a) Right to revoke your data protection consent in accordance with Art. 7 Para. 3 Sentence 1 GDPR You can revoke your consent to the processing of your personal data at any time with future effect. However, this does not affect the lawfulness of the processing carried out until the revocation. b) Right to information according to Art. 15 GDPR You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data as well as further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration. c) Right to correction and completion according to Art. 16 GDPR You have the right to immediately request that incorrect data be corrected. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data. d) Right to deletion (“right to be forgotten”) according to Art. 17 GDPR You have the right to deletion if processing is not necessary. This is the case, for example, if your data is no longer necessary for the original purposes, you have revoked your data protection declaration of consent or the data was processed unlawfully. e) Right to restriction of processing in accordance with Art. 18 GDPR You have the right to restrict processing, for example if you believe that the personal data is incorrect. f) Right to data portability according to Art. 20 GDPR You have the right to receive the personal data relating to you in a structured, commonly used and machine-readable format. g) Right to object according to Art. 21 GDPR You have the right to object to the processing of certain personal data concerning you at any time for reasons relating to your particular situation. In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. h) Automated decision in individual cases including profiling in accordance with Art. 22 GDPR You have the right not to be subject to a decision based solely on automated processing - including profiling - except in the exceptional circumstances mentioned in Article 22 GDPR. Decision-making based solely on automated processing – including profiling – does not take place. i) Complaint to a data protection supervisory authority in accordance with Art. 77 GDPR You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in accordance with data protection regulations.

  1. Online-Tools

You can find an overview of the online tools used on our websites and information on social media here:

Google Analytics

Nature and scope of data processing: We use the tracking tool Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information to systematically evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. If individual pages of our website are accessed, the following data is stored: Three bytes of the IP address of the user's accessing system (anonymized IP address) - The website accessed - The website from which the user accessed the page on our website (referrer) - The subpages that are accessed from the accessed page - The time spent on the website - The frequency with which the website is accessed We use Google Analytics with activated IP anonymization. This means that the IP addresses are shortened by the last octet (e.g. 192.168.65.***; so-called IP masking). It is no longer possible to assign the shortened IP address to the calling computer or end device of the user.

Purpose and legal basis: Der Dienst Google Analytics dient zur Analyse des Nutzungsverhaltens unseres Internetauftritts. Rechtsgrundlage ist Ihre Einwilligung nach Art. 6 Abs. 1 lit. a) GDPR.

Google contractually undertakes, on the basis of so-called EU standard data protection clauses, to comply with a data protection standard comparable to the European standard when transferring data to recipients outside the European Union. Please note, however, that we cannot guarantee that Google actually complies with the required data protection standard.

Storage period: We will delete the stored data as soon as they are no longer needed for our recording purposes. In our case, the storage period is a maximum of 24 months. d) Right to object You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de More information on the terms of use of Google Analytics: google.com/analytics/terms/de.html More information on data protection from Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de You can also change your consent in the cookie settings [Change your consent] at any time.

Google Fonts

Nature and scope of data processing: We use external fonts from Google on this website. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com(“Google”). These web fonts are integrated through a server call. This can also be a Google server in the USA. This means that which of our websites you have visited is transmitted to the server. The IP address of your device is also processed by Google. Purpose and legal basis: Der Zweck der Verwendung von Google Fonts ist die einheitliche Darstellung von Schriftarten. Rechtsgrundlage ist Ihre Einwilligung nach Art. 6 Abs. 1 lit. a) GDPR.

Google contractually undertakes, on the basis of so-called EU standard data protection clauses, to comply with a data protection standard comparable to the European standard when transferring data to recipients outside the European Union. Please note, however, that we cannot guarantee that Google actually complies with the required data protection standard.

Storage period: We do not process the data collected through Google's use of Google Fonts. Right to object: You have the right to object to the creation of these user profiles. This should be addressed to Google. Further information can be found in Google's data protection information, which you can access here: https://www.google.com/policies/privacy/

Google Maps

Nature and scope of data processing: We integrate the maps from the Google Maps service. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com(“Google”). This allows us to show you interactive maps directly on our website and enables you to use the map function conveniently. If you access the Google Maps component integrated on our website, Google stores a cookie on your device via your Internet browser and processes the following data: · The operating system · Information about the browser type and version used · Information about your Internet service provider · Your IP address · Date and time of access · Websites from which you came to our website · Websites that you access via our website

This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data can be assigned to your account. If you do not want your profile to be associated with Google, you must log out. Purpose and legal basis: Google saves your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide personalized advertising. We use Google Maps to show you maps on our website, particularly for directions. The legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR. Storage period: We will delete the stored data as soon as they are no longer needed for the purposes described. Right to object: You have the right to object to the creation of user profiles. This should be addressed to Google. You can prevent data from being transmitted to Google by deactivating JavaScript in your browser settings. In this case, however, you cannot use Google Maps on our website. For more information about Google's Terms of Service: https://policies.google.com/terms?gl=DE&hl=de More information on the terms of use of Google Maps: google.com/intl/de_US/help/terms_maps.html Further information can be found in Google's privacy policy: http://www.google.de/intl/de/policies/privacy/

Google reCAPTCHA

Nature and scope of data processing: Further information can be found in Google's privacy policy: We use reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com(“Google”). Through this service, Google can determine from which website a request is sent and from which IP address you are using the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary to offer and guarantee this service.

Purpose and legal basis: The purpose of using Google reCAPTCHA is to ensure data security when submitting forms. This is primarily used to distinguish whether the entry is made by a natural person or whether it is improperly processed by machine and automated processing. The tool includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the security of our website and in preventing unwanted, automated access in the form of spam.

Google contractually undertakes, on the basis of so-called EU standard data protection clauses, to comply with a data protection standard comparable to the European standard when transferring data to recipients outside the European Union. Please note, however, that we cannot guarantee that Google actually complies with the required data protection standard.

Storage period: We will delete the stored data as soon as they are no longer needed for the purposes described.

Right to object: You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. If you do not want Google to collect your data via our website, so-called opt-out cookies can also be used. These prevent future processing of your personal data when you visit the website. In order to prevent the processing of your personal data across different systems, you must use the opt-out cookie on all systems used. For more information about Google's privacy policy, please visit http://www.google.de/intl/de/privacy. If you do not agree to this processing, you can prevent the storage of cookies by setting your internet browser.

Google Tag Manager

We use the Google Tag Manager tool on our website. Google Tag Manager is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com (“Google”), which allows marketers to manage website tags through one interface. Google Tag Manager only implements tags. Tags are small elements of code on the website that are used, among other things, to measure traffic and visitor behavior, measure the impact of online advertising and social channels, use remarketing and audience targeting, and test and optimize the website. This means: No additional cookies are used. No personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level - in particular if you have chosen the objection solution for Google Analytics described above or have made the corresponding settings in your browser - it remains in effect for all tracking tags insofar as they are compatible with the Google Tag Manager will be implemented. Further information about data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy Advertising privacy policy: www.google.de/intl/de/policies/technologies/ads

Vimeo-Videos

Nature and scope of data processing: Our website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit our website, provided you have given your consent, a connection will be established to Vimeo's servers. The Vimeo server is informed which of our pages you have visited. Vimeo also collects your IP address. This applies even if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. Further information on how we handle user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy

Purpose and legal basis: Wir nutzen Vimeo, um Ihnen auf unseren Websites Videos anzeigen zu können. Rechtsgrundlage der Verarbeitung ist Ihre Einwilligung nach Art. 6 Abs. 1 lit. a GDPR.

Storage period: We will delete the stored data as soon as they are no longer needed for the purposes described.

YouTube-Videos

Nature and scope of data processing:We include YouTube videos in our online offering, which are available at: http://www.youtube.comare stored and can be played directly from our website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com (“Google”). YouTube collects your IP address, the date and time as well as information about the website you visited and the video you viewed. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. A connection to the Google advertising network is also established. As long as you access one of our websites with an embedded YouTube video without playing the video, no data will be transmitted to YouTube due to the YouTube “Extended Data Protection Mode” function. A transmission only takes place when you actually start a video. In order to save your desired settings regarding the playback of videos and data transmission to YouTube, we set a cookie. These cookies do not contain any personal data, they only contain anonymized data for browser customization. If you are logged in to YouTube at the same time, YouTube can assign the connection information to your YouTube account and use it for the purpose of personalized advertising. Further information can be found in Google's privacy policy: http://www.google.de/intl/de/policies/privacy/

Purpose and legal basis: Wir nutzen YouTube, um Ihnen auf unseren Websites Videos anzeigen zu können. Rechtsgrundlage der Verarbeitung ist Ihre Einwilligung nach Art. 6 Abs. 1 lit. a GDPR.

Storage period:We will delete the stored data as soon as they are no longer needed for the purposes described.

Social Networks

On this website we link to our presence in social networks or use social plugins such as “share” or “like” buttons. When you visit our website, no data is transmitted to the operator of the respective social network, but only when you actively follow the link to our profile on the respective social network or click on the social plugin. The following data categories are processed by the respective social network: · IP address · Date / time · Website visited

If you are logged into your user account of the respective network when you visit our profile page on a social network, the operator of the social network may be able to assign the information collected from the specific visit to your personal account. If you interact using a “Share” or “Like” button on the respective network, this information can also be assigned to the user’s personal account and, if necessary, published. If you want to prevent the collected information from being directly assigned to your user account, you must log out of the respective social network before accessing our profile page or using the social plugin. You can also configure the user account on the respective social network accordingly. If you access our profile page on a social network, the operator of the social network can also set cookies on your device, regardless of whether you have an account with the network or whether you are logged in there. Cookies are data packets that mark the user's end devices with a specific identifier. Cookies are primarily used to display personalized advertising to visitors to social networks, including our profile pages. This happens, for example, by showing the user on the social network's pages ads from advertising partners of the social network whose websites the user has previously visited. In addition, cookies make it possible to create statistics about the use of our profile page (e.g. number of page views, user categories). If we receive such statistical analyzes from the operator of the social network, the data will be anonymized beforehand, i.e. it is not possible for us to assign usage data to an individual user. The purpose we pursue for processing your data on our profile page on the respective social network is to provide information about our offers and services and to answer any inquiries on our profile page. The legal basis for processing is Article 6 Paragraph 1 f) GDPR. In this respect, public relations work is included in our legitimate interests within the meaning of the regulation. If you use a social plugin integrated by us, the legal basis is your consent in accordance with Art. 6 Para. 1 a) GDPR. We delete private messages that you send to us via social networks two years after the last communication with you. We generally leave public posts from you (e.g. in our timeline) permanently published until you expressly request their deletion. We have no influence on which data is collected and transmitted by the operator of the social network, to which third party recipients the data is transmitted by the operator of the social network and how long the data is stored by the operator of the social network. For this purpose, we refer to the data protection declaration of the respective social network. We reserve the right to delete illegal content published by users on our profile page on the respective social network, e.g. copyright violations or criminally relevant statements. According to the case law of the European Court of Justice, we are jointly responsible with the operator of the respective social network for the operation of our profile page or the social plugin with regard to compliance with data protection regulations. In this context, the operator of the social network provides the associated IT infrastructure and the website of the social network and is generally the primary contact when it comes to the processing of your data on the social network pages (e.g. information or deletion). However, you can also assert your legal rights against us. In this case, we will forward your inquiries to the operator of the social network. For US providers (Facebook, Twitter, YouTube, Instagram, LinkedIn) data is transferred to the USA. By concluding so-called EU standard contractual clauses, they have committed themselves to maintaining a level of data protection that essentially corresponds to the European level. TikTok may also transfer personal data outside the European Economic Area (EEA) on the basis of EU standard contractual clauses.

Please note, however, that the existence of an appropriate data protection standard for providers outside the EU / EEA - even if EU standard contractual clauses are concluded - cannot be guaranteed in every case.

We include the following social networks on our website through links:

Facebook Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2 D02 X525, Ireland https://www.facebook.com/about/privacy/

Twitter Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland https://twitter.com/de/privacy

Instagram Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2 D02 X525, Ireland https://help.instagram.com/519522125107875

TikTok Providers: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, c/o WeWork, 125 Kingsway, London, WC2B 6NH, London, England https://www.tiktok.com/legal/privacy-policy?lang=de

YouTube Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland https://policies.google.com/privacy?hl=de&gl=de

LinkedIn Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 D02 AD98, Ireland https://www.linkedin.com/legal/privacy-policy/

Xing Provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany https://privacy.xing.com/de/datenschutzerklaerung

Facebook Fanpages

As the operator of fan pages, in addition to Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, area42 is also responsible for the data processing of these Facebook fan pages in accordance with Art. 26 GDPR. The joint responsibility is described in the following agreement, which applies to every provider who sets up fan pages on the Facebook platform: Agreement on joint responsibility according to Art. 26 GDPR (https://www.facebook.com/legal/terms/page_controller_addendum).

You can also find more information here: About Page Insights data. This describes which page insights are processed on a Facebook fan page. Page Insights are aggregated statistics based on specific events logged by Facebook servers when people interact with Pages and the content associated with them.

If you access a Facebook fan page, Facebook can set cookies on your device, regardless of whether you have a Facebook account and whether you are logged in to Facebook as a user. Cookies are data that mark the user's end device with a specific identifier.

Cookies are set primarily to be able to display personalized advertising to visitors to Facebook websites, including a fan page. This happens because the user is shown ads on Facebook (i.e. also on the fan page) from Facebook advertising partners whose websites the user has previously visited. Cookies also make it possible to create statistics about the use of a fan page.

The collection of your data through cookies when using the fan page is neither legally nor contractually required. This is also not necessary for the conclusion of a contract. Cookies that are not technically necessary require your consent. Whether and how Facebook obtains your consent is the responsibility of Facebook.

Facebook alone decides on the use of cookies. area42 has no influence on which cookies are used by Facebook for what purpose, what information Facebook receives, where and how they are used, how long they are stored, to which third-party recipients they are transmitted and how you can control and set Facebook web advertisements describes Facebook in its cookie policy. This is under https://de-de.facebook.com/policies/cookies/ abrufbar. Weitere Informationen, insbesondere zur Übermittlung von Daten an Facebook, Inc., 1601 Willow Road, Menlo Park, Kalifornien, USA, erhalten Sie in der Datenrichtlinie von Facebook.

By concluding so-called EU standard contractual clauses, Facebook has committed itself to maintaining a level of data protection that essentially corresponds to the European level. Please note, however, that the existence of an appropriate data protection standard for providers outside the EU / EEA - even if EU standard contractual clauses are concluded - cannot be guaranteed in every case.

In principle, Facebook Ireland is responsible for fulfilling your legal rights. If you have any questions about the GDPR rights listed below, you can also contact area42: · Right to revoke consent in accordance with Art. 7 Para. 3 Sentence 1 GDPR · Right to information according to Art. 15 GDPR · Right to correction and completion according to Art. 16 GDPR · Right to deletion and to be “forgotten” according to Art. 17 GDPR · Right to restriction of processing in accordance with Art. 18 GDPR · Right to data portability according to Art. 20 GDPR · Right to object according to Art. 21 GDPR · Right not to be subject to a decision based solely on automated processing, including profiling Art. 22 GDPR · Complaint to a data protection supervisory authority in accordance with Art. 77 GDPR.

Supervisory authority: The Hamburg Commissioner for Data Protection and Freedom of Information Ludwig-Erhard-Strasse 22 20459 Hamburg Germany Phone: +49 40 42854-4040 Telefax: +49 40 42854-4000 E-Mail: mailbox@datenschutz.hamburg.de

The Irish Data Protection Commission is the responsible supervisory authority for Facebook: Data Protection Commission 21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland Phone: +353 (0)761 104 800 / +353 (0)57 868 4800

If you have any questions, you can contact our data protection officer at any time: Akif Colak, email: akif.colak@icloud.com

As of: September 2023