Privacy policy

This Privacy Policy shall give you an overview of what happens to your personal data (hereinafter also referred to as "data") in our company and to inform you of the data protection claims and rights to which you are entitled in line with the European General Data Protection Regulation ("GDPR") and national data protection legislation, for example the German Federal Data Protection Act (Bundesdatenschutzgesetz, " BDSG"). We therefore ask you to take note of this Privacy Policy and if necessary, to print it out or save it.

Personal data is all data with which you can be personally identified. Your personal data may be processed for various purposes. Basically, the data processing operations by Protelion Software GmbH, Oberwallstraße 24 10117 Berlin (Germany) (hereinafter also referred to as „ Protelion“ or "We") can divide into the following areas of application:

• General information on data protection, data processing procedures and data subject rights, which applies to all data processing procedures carried out for us, can be found in Part A below.
• In connection with the website www.protelion.com (hereinafter referred to as "Website") or comparable external online presences, such as our social media profiles (“Website and external online presences hereinafter also referred to collectively as "Internet Presences"), we process data of the visitors which are exchanged between their internet-capable end devices and the server operated by us, as well as data which are communicated to us in the context of the use of the website. Details of this can be found in Part B.
• For the purpose of processing or initiating contracts, we process the necessary data of our customers and interested parties. You can find more information on this under Part C.
• Data of our business partners or suppliers are used exclusively for the direct placing, processing or execution of orders. You can find more information on this under Part C.

Please visit each section for quick and contextual information on specific processing situations.

A. General Information on Data Protection and Data Subject Rights

I. Who Is Responsible For Data Processing and Who Can You Contact If You Have Any Questions?

“Controller” according to the GDPR and other national data protection laws of the member states as well as other provisions of data protection law is:

Oberwallstr. 24 D-10117 Berlin

+49 30 206 43 66-0

info@protelion.de

For questions regarding data protection, please contact our data protection coordinator Mr Josef Waclaw, using the contact details above.

II. What Rights Do You Have With Regard to Your Personal Data?

If your personal data is processed, you are a "data subject" within the meaning of the GDPR, which may entitle you to the rights described below. Insofar as you assert rights against Protelion as the responsible body, we recommend that you address these to our contact details mentioned above.

1. Right of Access

In accordance with Art. 15 GDPR, you can request confirmation from us as to whether personal data relating to you is being processed by us and to what extent we are processing your data.

2. Right to Rectification

If personal data concerning you is incorrect or incomplete, you have a right to correction and/or completion pursuant to Art. 16 GDPR.

3. Right to Erasure

If the legal requirements of Art. 17 GDPR are met, you can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to erasure, we will immediately and completely erase your data in order to fulfil our statutory obligations to erase after the processing purpose has ceased to apply, provided there is no legal or statutory retention period to the contrary.

4. The Right to Restriction of Processing

In the cases specified in Art. 18 GDPR, you may request us to restrict the processing of your data. If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

5. Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to have data provided by you, which we process automatically on the basis of your consent or in fulfilment of a contract, transferred to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.

6. Right to Object

If we process your data on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you may object to this data processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you file an objection, we will no longer process your personal data concerned unless we can prove compelling legitimate grounds for the processing which override your interests as a data subject or for the establishment, exercise or defence of legal claims.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

7. Right to Withdraw Consent Under Data Protection Law

Some data processing operations are only possible with your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please note that even after withdrawing your consent, it may still be possible to process the data concerned in whole or in part on the basis of other legal principles.

8. Right to Withdraw Consent Under Data Protection Law

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes upon GDPR (Art. 77 GDPR in conjunction with § 19 BDSG).

A list of data protection authorities in Germany and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If you are of the opinion that we violate German or European data protection law when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for our company headquarters:

Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219    
Besuchereingang: Puttkamerstr. 16 – 18 (5. Etage), 10969 Berlin; Telefon: 030/ 13889-0;    
E-Mail: mailbox@datenschutz-berlin.de

III. Which Personal Data Are Processed and From Which Sources?

1. Origin of Personal Data

We mainly process the data that we receive directly from the data subjects in the course of a business initiation or in the course of the business relationship (see also Part C). In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have obtained, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).

Via our Website, we process data that we receive during your visit to the Website or that you actively communicate to us when using the Website, e.g. when using our contact form. Other data is automatically collected by our IT systems when you visit the Website. These are mainly technical data (e.g. Internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter our Website. Details can be found under Part B.

In individual cases, we also process data that we have permissibly received or acquired from other third parties such as credit agencies, creditor protection associations or public authorities, or that we have permissibly taken, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).

2. Categories of Personal Data

Among the personal data that we regularly process are personal master/contact data such as: First and last name, address, e-mail address, telephone number, fax, position in the company.

In addition, we also process the following additional personal data depending on the order/service:

• address data: street, house number, address additions (if necessary), postcode, city, country
• contact data: telephone number(s), e-mail address(es)
• registration data: Information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you when registering.
• offer data
• access data: date and time of the visit to our service; the page from which the accessing system accessed our site; pages called up during use; data for session identification (session ID); in addition, the following information of the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
• information on the type and content of our business relationship such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
• advertising and sales data,
• documentation data (e.g. consultation protocols, data from service meetings or support cases)
• information from your electronic dealings with us (e.g. IP address, log-in data),
• other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
• the documentation of declarations of consent

IV. For Which Purposes and On What Legal Basis Are Data Processed?

We process your data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as amended, in particular on the following basis:

1. Fulfilment of (Pre-)Contractual Obligations (Art. 6 para. 1 lit. b GDPR)

Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR in order to fulfil Protelion‘s contractual obligations, in particular in connection with the sale and distribution of our goods and services as well as all activities customary in the industry for the operation or administration of Protelion (e.g. customer administration). The data may also be processed on a pre-contractual level as part of initiating business with Protelion or in the course of other contractual relationships with Protelion.

For example, Art. 6 para. 1 lit. b GDPR, is the legal basis in the following cases:

• creating and maintaining a partner account or a supplier account in our CRM-system
• creating and maintaining customer/prospect files in our CRM-system
• sending information
• offering and selling of Protelion products
• offer and implementation of our offered services

Details for the purpose of this data processing can be found in the respective contract documents and terms and conditions.

2. Legitimate Interests (Art. 6 para. 1 lit.f GDPR)

On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract in order to safeguard the legitimate interests of Protelion or third parties. That is permissible except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Data processing to safeguard legitimate interests is carried out in the following cases, for example:

• provision of the Internet Presences, their functions and contents
• answering contact requests and communication with users
• transmission of data to companies and partners associated with usexecution of payment transactions via external service providers
• use of debt collection service providers and lawyers to collect receivables and/or enforce them in court
• assertion of other legal claims and defence in legal disputes
• advertising or marketing
• market and opinion surveys
• measures for business management and further development of our services;
• maintaining databases on customers/prospects and service providers to improve our offering
• carrying out a risk assessment (due diligence) in the context of any company restructuring or a company acquisition or sale
• ensuring the IT security and IT operations of our company
• measures for building and facility safety

3. Fulfilment of Legal Obligations (Art. 6 para. 1 lit.c GDPR)

The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the German Commercial Code (Handelsgesetzbuch “HGB”) or the German Tax Code (Abgabenordnung “AO”).

4. Consent (Art. 6 para. 1 lit.a GDPR):

If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact data listed under A. No. I or No. II. Please note that processing which took place before the withdrawal is not affected by the withdrawal and under certain circumstances data processing may continue to be possible at least partially on the grounds of some other legal basis.

V. Who Receives My Data?

At Protelion, those employees or organizational units who need your data to fulfil our contractual and legal obligations or to process or pursue our legitimate interests receive it.

Your data will be forwarded to companies for the initiation or execution of a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 para. 1 lit. b GDPR or - depending on the type of concrete contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or the execution of the contract. This applies to the following recipients or recipient categories:

• IT service providers (e.g. email service providers, web hosting companies)
• Sales partners
• Advertising partners
• Insurance companies
• Banks
• Payment service providers
• Shipping and logistics service providers
• Credit agencies
• Accountants
• Tax and legal advisers

If we use a service provider in the sense of order processing in accordance with Art. 28 GDPR, we shall nevertheless remain responsible for the protection of your data. Insofar as required by law, contract processors are contractually obliged by means of an order processing agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data insofar as they require the data to perform their respective services.

Your data will only be transferred to state institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you have commissioned us to do so.

VI. How long will my data be stored?

Your personal data will only be used for the purpose for which you provided it to us or for which you gave us your consent and will be stored until this specific purpose has been fulfilled. After complete processing of the purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in particular tax and commercial law nature).

However, the data will be deleted at the latest after expiry of all time limits unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as blocking your data. See Part A. Section II.

Your data will be erased or blocked by us as soon as the purpose of storage no longer applies or you request us to erase it.

We process and in particular store your data in principle at most only until the termination of the business relationship or until the expiry of the applicable guarantee, warranty and limitation periods. For example, the statute of limitations according to §§ 195 ff. of the German Civil Code (BGB) is generally three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes for which the data is required as evidence.

We are also subject to statutory documentation and storage periods (e.g. from the German Commercial Code (Handelsgesetzbuch, “HGB”) (e.g. § 257 HGB), the German Money Laundering Act or the German Tax Code (Abgabenordnung “AO”) (e.g. § 147 AO)). The time limits specified there for storage or documentation are two to ten years. For example, even after termination of a contract with you, we would be required to store your data for a period of time until the completion of the tax audit of the last calendar year in which you were our customer.

VII. Will Personal Data Be Transferred To A Third Country?

As part of our processing activities, in certain business transactions or areas of activity, personal data may also be transferred to locations in so-called third countries outside the EU or the EEA to which the EU Commission has not yet attested an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will only be done on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.

By playing one of the YouTube videos embedded on our website by clicking on the play button, you consent (a) to the use of cookies by YouTube, which may also serve to analyse user behaviour for market research and marketing purposes by YouTube, and (b) to the processing of your data by YouTube in the USA in accordance with Art. 49 para 1 sentence 1 lit. a GDPR. More details can be found below, under Part B. Section IV.4.

B. Use of Our Internet Presences

In principle, you can visit our Websites and use them for information purposes without having to provide any personal details (e.g. register, place orders or otherwise provide information about yourself). In this case, we process personal data of our users only to the extent necessary to provide a functional Website and our content and services or to the extent that cookies used on the Website provide us with personal information when visiting the Website. For information on our own cookies used by us, please refer to Part B Section II. Other cookies enable our partner companies or third parties to recognise your browser on your next visit, if applicable. For information on such third party cookies, please refer to Part B Section III.

In addition, the processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by statutory provisions.

I. Provision of the Website and Creation of Log Files

Description of Data Processing

Each time you access our Website, our system automatically collects data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server logfiles contain IP addresses or other data that enable an assignment to a user. This could be the case, for example, if the link to the Website from which the user accesses the Website or the link to the Website to which the user switches contains personal data. The following information is collected:

• IP addresses
• Date and time of the server request
• Description of the type and version of the web browser used
• Operating system used
• requesting domain (referrer URL)
• the address (URL) of the previously visited page (referrer URL)
• the host name and IP address of the device from which access is made

Prior to storage, each data set record is anonymised by our web host immediately upon collection by changing the IP address, in order to ensure a high level of data protection. Therefore, the server log files themselves do not contain any IP addresses in explicit form or any other data that would allow them to be assigned to a certain user. This data is not stored together with other personal data of the user.

Legal Basis and Purpose of Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the Website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

In the case of storage of data in log files, this is the case after 7 days at the latest.

Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible. The data is stored in log files in order to ensure the functionality of the Website.

Duration of Storage / Right to Object and Erasure

Data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the Website, this is the case when the session in question has ended.

The collection of data for the provision of the Website and the storage of data in log files is mandatory for the operation of the Website. Consequently, there is no possibility for the user to object.

II. Use of Cookies

Description of Data Processing

Our Website uses cookies or similar methods and collects, processes and uses usage data (e.g. access times, visited websites) or meta and communication data (IP address, device information).

Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user's computer system and which enable the browser to be uniquely identified when the offer is called up again. If a user calls up a Website, a cookie can be stored on the user's operating system. A cookie contains a characteristic string of characters. The use of these cookies serves to make a website more user-friendly, effective and secure. When you visit a website on which a cookie is embedded, the data you enter is stored exclusively in the cookie on your computer. In this case, data will only be transmitted to the servers of our offer when a page request is made.

Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages while visiting our offer.

Other cookies remain on your device for a specified period of time and enable us to recognise your browser on your next visit (so-called persistent or protocol cookies). The purpose of the use of these cookies is to be able to offer you an optimal user guidance as well as to "recognise" you and to be able to present you with the most varied website and new content possible during repeated use.

Cookies that originate from partner companies or third parties may be used, for example, to collect information for advertising, customised content or statistics ("third-party cookies"). To the extent that we do not identify cookies as originating from third parties, the cookies originate from our offering ("first-party cookies"). We inform you separately about third-party cookies or "tracking" technologies that we use in the following sections of this privacy policy.

Flash cookies are stored on your device as data elements of web pages if they are operated with Adobe Flash. Flash cookies have no time limit.

For more information about which cookies we use to make our website more user-friendly, what purpose they serve and what data is stored with them or transmitted to third parties, please refer to our cookie management tool, via which you can give your consent to the use of cookies when you access our website in accordance with the preferences you have selected.

Our cookie management tool collects log file and consent data using JavaScript. This JavaScript allows us to inform the user about their consent to certain tags on our website and to obtain, manage and document this consent. Cookie Management Tool stores the setting selected and the consent given when you enter the website and processes the following data:

Consent data or data of consent (anonymised logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp).

Device data (e.g. shortened IP addresses (IP v4, IP v6), device information, timestamp)

User data (e.g. email, ID, browser information, SettingIDs, changelog).

For this purpose, the cookie management tool stores a technically necessary cookie ("klaro").

For more information about which cookies we use to make our website more user-friendly, what purpose they serve and what data is stored in them or transmitted to third parties, please refer to the detailed information Cookie Management Tool, which you can access there under "Privacy Settings”.

Legal Basis and Purpose of Data Processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality and security of the Website and a customer-friendly and effective design of the site visit, unless we ask you for consent under Art. 6 para. 1 lit. a GDPR.

The purpose of using technically necessary cookies is to simplify the use of Websites for users. Some functions of our Website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change. The purpose of the cookies we use in particular depends on the services used and is clarified in the following sections of the privacy notice.

Duration of Storage / Right to Object and Erasure

As Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. In principle, it is also possible to use our Website without cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

If cookies are deactivated for our Website, it is possible that not all functions of the Website can be used to their full extent.

III. Statistical analysis of the Website / increase of reach / tracking to measure the success of advertising campaigns and optimisation of the display of advertisements

1. Google Analytics

Description of data processing

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: " Google").

Google Analytics also uses cookies. The information generated by a Google cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. Google processes the data and we receive reports about your user behaviour. These reports may include, but are not limited to, the following:

Audience reports: Audience reports help us get to know our users better and know more precisely who is interested in our service.

Ad reports: Ad reports help us analyse and improve our online advertising.

Acquisition reports: Acquisition reports give us helpful information on how to attract more people to our service.

Behaviour reports: This tells us how you interact with our website. We can track the path you take on our site and which links you click on.

Conversion reports: Conversion is when you take a desired action as a result of a marketing message. For example, when you go from being just a website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you. This is how we want to increase our conversion rate.

Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognises you as a new user. The next time you visit our site, you will be recognised as a "returning" user. All collected data is stored together with this user ID. This is what makes it possible to evaluate pseudonymous user profiles in the first place.

Your interactions on our website are measured through identifiers such as cookies and app instance IDs. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google Account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorise it. Exceptions may occur if required by law. The following cookies are used by Google Analytics:

This list cannot claim to be complete, as Google is constantly changing its choice of cookies.

We inform you that this website uses Google Analytics exclusively with the extension "anonymizeIp()". Your IP address is thus not stored in full and is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. The identification of the visitor to the website is excluded. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Incidentally, below we show you an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heat maps. Heatmaps allow you to see exactly those areas that you click on. This gives us information about where you are "travelling" on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce is when you view only one page on our site and then leave our site.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.

Technical information: Technical information includes your browser type, internet service provider or screen resolution.

Source of origin: Google Analytics, or us, is of course also interested in which website or which advertisements you came to our site from.

Other data include contact details, any ratings, the playing of media (e.g. if you play a video via our site), the sharing of content via social media or the addition to your favourites. This list does not claim to be exhaustive and only serves as a general orientation of the data storage by Google Analytics.

For more information on the processing of data by Google, please read Google's privacy policy: https://policies.google.com/privacy?hl=de

Legal basis and purpose of data processing

We use Google Analytics to evaluate the use of our website and services, to compile reports on the activities on our website and services and to provide us with other services related to the use of our website and services and internet usage. We also use Google Analytics to analyse data from AdWords and the Double Click cookie for statistical purposes. Since we, as website and service operators, have a great interest in this analysis of user behaviour in order to optimise both our website and services, as well as our offers placed there and our advertising, we ask you to give your consent to the use of Google Analytics and the storage of Google Analytics cookies on the basis of Art. 6 (1) lit. a GDPR.

The information generated by the cookie about your use of our website or our services is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Nevertheless, in exceptional cases, the full IP address may be transmitted to a Google server in the USA and shortened there. By consenting to the cookies used by Google Analytics being switched on, you also consent to your data being processed in the USA in accordance with Art. 49 section 1 sentence 1 lit. a GDPR. The USA is considered by the European Court of Justice to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal redress. If you click on the "Decline" button of our cookie management tool or make a limited selection without cookies from Google, the described transmission to Google will not take place. You can revoke the consent you have given at any time with effect for the future.

Google will use this information for the purpose of evaluating your use of the website and/or services, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties on its own behalf where required to do so by law, or where such third parties process the information on Google's behalf. Google has contractually assured that it will not associate your IP address with any other data held by Google. In order to safeguard this and the data processing carried out for us, we have concluded a contract with Google for the processing of data on behalf of Google.

Duration of storage / right of objection and elimination

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

By installing the browser add-on to deactivate Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de), you can object to the use of your data and collection by Google Analytics. By doing so, you inform Google Analytics that no information about your website visit should be transmitted to Google Analytics.

Furthermore, you can install an opt-out cookie on your device via this link https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable, in particular for browsers of mobile devices, so that the collection of data by Google Analytics on our website is prevented in the future. Please note that when you delete the cookies on your end device, you must also reinstall the opt-out cookie.

Alternatively, you can also set your cookie preferences via the cookie management tool we have integrated on our Website.

2. Google Tag Manager

Description of data processing

The Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") that allows marketers to manage Website tags through a single interface. The Google Tag Manager itself (which implements the tags) is a domain without cookies and does not collect personally identifiable information. The Google Tag Manager helps to implement and to trigger other tags code snippets, tracking codes and conversion pixels on a website, that may themselves collect data. The Google Tag Manager offers an easy-to-use user interface for which no deep programming knowledge or modifications to the source code are required. The Google Tag Manager does not access this information We only use the Google Tag Manager to display Google Ads (formerly Google AdWords) for the purpose of our Search Engine Marketing activities.

For more information about the Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

3. Tracking Pixel by WiredMinds

Description of data processing

Our Website uses the tracking pixel technology of WiredMinds GmbH (www.wiredminds.de), Lindenspürstraße 32, 70176 Stuttgart ("WiredMinds") to analyse visitor behaviour.

In this process, data is collected, processed and stored, from which usage profiles are created under a pseudonym. Where possible and reasonable, these usage profiles are completely anonymised. Cookies may also be used for this purpose. Cookies are small text files that are stored in the visitor's internet browser and serve to recognise the internet browser. The data collected, which may also include personal data, is transmitted to WiredMinds or collected directly by WiredMinds. WiredMinds may use information left behind by visits to the websites to create anonymised usage profiles. The data obtained in this way will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned, and it will not be merged with personal data about the bearer of the pseudonym. Insofar as IP addresses are recorded, they are immediately anonymised by deleting the last number block.

Further information on the protection of your personal data at WiredMinds can be found at: https://wiredminds.de/datenschutz/.

Legal basis and purpose of data processing

Since we, as website and service operator, have a great interest in this analysis of user behaviour in order to optimise both, our Website and services, as well as our requests placed there and our advertising, we ask you to give your consent to the use of WiredMinds and the storage of the cookies required for this on the basis of Art. 6 Section 1 lit. a GDPR. We also use WiredMinds on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 Section 1 lit. f. GDPR as well as the interest in targeting our users who have already shown interest in our Website or who have certain characteristics (e.g. interests in certain topics or products, which are determined on the basis of the Websites visited) with advertising. Studies show that such user-related advertising is more interesting for users than advertising without a personal reference.

Duration of storage / right of objection and elimination

The collection, processing and storage of data by WiredMinds can be revoked at any time with effect for the future by clicking on the following link: Exclude tracking.

Alternatively, you can also set your cookie preferences via the usercentrics cookie management system we have integrated on our Website.

IV. Further Information on Procedures, Plug-Ins and Tools Used

1. SSL or TLS encryption

This Website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. YouTube

Description of data processing

We may from time to time use content or services provided by YouTube LLC, 901 Cherry Ave. San Bruno, California, CA 94066, United States (hereinafter referred to as "YouTube"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, which is offered in Europe by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"), to include video content on our website using a plugin.

Our YouTube videos are all embedded in "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos some of your data might be transferred, as described in the following. We have no influence on this data transfer.

If you want to play the videos integrated on our Website or Services by using the YouTube plugin (by clicking the play button), your IP address will be sent to YouTube, since YouTube cannot send the video content to your browser without the IP address. The IP address is therefore required for viewing. In addition, the YouTube server receives information about which subpage of our online platform you have visited.

If you are logged in to your YouTube account as a YouTube member, you also allow YouTube to assign your usage behavior directly to your personal profile when playing our videos. However, we have no influence on the scope and further use of the data collected and processed by YouTube.

The following cookies are used by YouTube:

This list cannot claim to be exhaustive, as YouTube is constantly changing its choice of cookies.

According to Google, an evaluation of user data by Google in the context of YouTube is carried out in particular (even for users who are not logged in) to provide advertising tailored to your needs and to inform other users of the social network about your activities on our Website or Services. You have the right to object to the creation of these user profiles, whereby you have to contact YouTube to exercise this right.

For more information about YouTube's data processing practices, please refer to the YouTube privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Legal basis and purpose of data processing

YouTube is used on the basis of our legitimate interests under Art. 6 para. 1 lit. f GDPR to make video content available on our Website or Services.YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, we can't do without interesting videos. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, the embedded videos make our website easier to find on the Google search engine.

Duration of storage / possibility of objection and removal

In order to prevent the assignment described above, please log out of your YouTube profile before playing our video content. You have further possibilities to limit the processing of your data in the general settings of your Google Account. In addition to these tools, Google also offers specific privacy settings for YouTube. You can learn more about this in the Google Privacy Guide for Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

4. Integration of Google Maps Content

Description of data processing

We integrate Google Maps, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which is offered in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, via an API interface to display interactive maps and to create directions on our website.

In order for Google Maps to fully provide their service, the company needs to collect and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the Google Maps websites. We can only inform you about this, but cannot influence it. Each time you call up Google Maps, Google sets at least one cookie (name: NID) in order to process user settings and data when displaying the page on which the Google Maps component is integrated. This provides Google with information such as your IP address or the fact that you accessed the corresponding sub-page of our website. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising. As a rule, this cookie is not deleted by closing the browser, but expires after a certain period of time, unless you delete it manually beforehand.

The following cookies are used by Google Maps:

This list cannot claim to be complete, as Google is constantly changing its choice of cookies.

If you are logged into your Google user account during use, the aforementioned data will be directly assigned to your account in accordance with your usage agreement with Google. If you do not wish this assignment, you must log out of your Google user account before using the Google Maps functions.

Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet your needs. According to Google, such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website.

We do not receive this data ourselves and do not arrange for it to be collected. In the event of requests for information and the assertion of user rights, we would like to point out that these can most effectively be asserted with Google as the provider of Google Maps and the body responsible for this. Only the providers have access to the users' data and can take appropriate measures and provide information directly.

Legal basis and purpose of data processing

The integration of Google Maps is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR in a simple and intuitive display of interactive (land) maps, to visually display geographical information (our location, directions) and to provide an option on our Website that makes it easier for our users to find us.

Duration of storage / possibility of objection and removal

To prevent the aforementioned assignment to your Google user account, log out of your Google profile before you start using the Internet. You have further options to restrict the processing of your data in the general settings of your Google account. You can find out more about this in the guide to data protection in Google products from Google (https://policies.google.com/technologies/product-privacy?hl=de&gl=de) as well as the data protection information from Google (https://www.google.de/intl/de/policies/privacy/).

V. Links to Websites of Other Provider

Our Website may contain links to other websites. We have no influence whatsoever on the content or design of other providers' websites. The statements in this data protection declaration therefore do not apply to external providers to whose offers or content we merely link with.

If you are forwarded via links from our Website to other websites, please inform yourself there about the respective handling of your data.

VI. Online presences on social networks and platforms

Description of data processing

We maintauin further Online Presences within social networks and/or industry networks (Facebook, Twitter or LinkedIn) (hereinafter also "SN") and platforms (e.g. YouTube) and links to them from our website. By clicking on the respective link-buttons (recognizable by the respective logos of the social networks or platforms) you will be forwarded to the respective online presence of the SN. The purpose of these online presences is to communicate with active customers, interested parties and users and to inform them about our services.

When entering the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Since the use of SN takes place outside of our Website or Services, we have no influence on this, unless otherwise stated below. However, we would like to point out that when using the above mentioned platforms and networks to which we link, data may also be processed in the USA by those SN companys and may also be processed by the respective operators for market research and advertising purposes, including the creation of user profiles. If you are logged in to the respective networks and platforms, they may also store cookies on your device that tracks your use of our Platform or Services, as well as additional information on your usage behavior.

Unless otherwise stated in our Privacy Policy, we process the data of users only if they communicate with us within the social networks and platforms, e.g. write comments or send us messages.

In order to make it easier for you to find information about the respective data processing and the possibilities of objection of the respective operators, we refer below to the data protection declarations and information of the operators of the respective networks.

Legal basis and purpose of data processing

We process your personal data only in the context of a direct contact with us via the respective SN or interaction with our presence there or its content. Unless otherwise stated in our privacy policy, we process the users' data on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR for the effective information of users and communication only if they communicate with us within the social networks and platforms (e.g. when users write posts on our Online Presences or send us messages). If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

Insofar as personal data are processed in connection with our appearance on a SN and the respective SN alone decides on the purposes and means of the processing, the respective SN is otherwise the sole controller of the processing. Please check carefully which personal data you share with us via a SN appearance. If you would like to avoid SN processing personal data you have provided to us, please contact us by other means.

Duration of storage / possibility of objection and removal

If you are a member of one of the SN on which we maintain online presences and do not want the SN to collect data about you via our service and link it to your data at the SN, you have to log out of your SN before visiting our service. For a detailed description of the respective processing operations, information on the duration of the storage of data by the respective SN and the opt-out options, please refer to the information provided by the providers linked below.

Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.

Facebook

We maintain a Facebook Company Page ("Fanpage") on the SN of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Together with us, Facebook Ireland is jointly responsible for the collection of data from visitors to our Fanpage. Therefore, we have entered into a Joint Controller Agreement with Facebook pursuant to Art. 26 GDPR, as well as agreed to additional data processing conditions:

"Controller Addendum": https://www.facebook.com/legal/controller_addendum

"Data processing conditions": https://www.facebook.com/legal/terms/dataprocessing/update

We remain responsible for providing our user with at least the above and subsequent information on our joint responsibility with Facebook. The data privacy information from Facebook required under Art. 13 para. 1 lit. a and lit. b GDPR can be found in Facebook’s Privacy Policy at https://www.facebook.com/about/privacy.

Facebook Inc, Menlo Park, California, USA (hereinafter: “Facebook Inc.”) also collects and uses so-called Page Insights for analysis purposes. Page Insights is a summary of data that allows both us and Facebook Inc. to understand how our users interact with our Website or Services. Page Insights may be based on personal information collected in connection with our users' visits or interactions with our Website or Services. For this purpose, we have concluded the "Controller Addendum" with Facebook, which regulates in particular which security measures Facebook takes within the framework of the Page Insights and how Facebook answers user queries. The purposes for which the collection and transmission of personal data which constitutes a joint processing is carried out, are described in detail in Facebook’s terms of use referred to in the Controller Addendum above.

Data collected when users visit our "Fanpage" otherwise includes information about the types of content users view or interact with, or the actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data described in detail under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy)).

However, we share responsibility for the Insights pages by maintaining the Facebook Company Page and have agreed with Facebook Ireland that Facebook Ireland is responsible for fulfilling the rights of data subjects under Articles 15-20 of the GDPR with respect to personal data stored by Facebook Ireland following joint processing. Therefore, we have an obligation to notify Facebook if we receive data protection-related requests for Pages Insights. Please note that we forward requests regarding Page Insights to Facebook Ireland. For further information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and the ways in which data subjects can exercise their rights against Facebook Ireland, please refer to the Facebook Ireland Privacy Policy at https://www.facebook.com/about/privacy.

The evaluation of the data collected via Page Insights serves to improve our Website and Services, as well as for advertising purposes. We maintain our Facebook Fanpage for the purpose of communication and simple channeling of contact requests from Facebook users. The collection of this data and its further processing is in our legitimate interest and in the legitimate interest of Facebook Inc. in accordance with Art. 6 para. 1 lit. f GDPR.

We would like to point out that we cannot switch the Page-Insights technology on or off. Therefore we have to forward corresponding requests to Facebook-Ireland for the most part, unless we have collected data ourselves. If you do not want Facebook Inc. to collect your data, please do not use our Facebook Fanpage and/or use your browser settings to prevent cookies from being set and/or log out of Facebook while you are using our Website or Services.

Privacy Policy:

https://www.facebook.com/about/privacy/ https://www.facebook.com/legal/terms/information_about_page_insights_data

Possibility of objection:

https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

LinkedIn

LinkedIn is a service of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy ,

Possibility of objection:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

YouTube

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland

Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de

Possibility to object: https://adssettings.google.com/authenticated

VI. Active Use of Our Website

1. Contact Form and E-mail Contact

Description of Data Processing

Our Website contains several contact forms that can be used for electronic contact. If a user makes use of this option, the data entered in the respective input mask is transmitted to us and stored.

The following data is in the form "Become a partner":

• Name (required)
• Company (required)
• Email (required)
• Phone number (required)

The following data is in the forms "Contact form", "Download the Datasheet", "Webinar Registration" and "Leave a Request":

• Name (required)
• Phone (required)
• Email (required)
• Message (optional)

The following data is in the forms "Get help", "Request a demo" and "Request solution brief":

• Name (required)
• Phone (required)
• Email (required)
• Company (required)
• Message (optional)

The following data is stored in the form "Apply".

• Name (required)
• Phone (required)
• Email (required)
• Upload your CV (required)

At the time of sending your message via one of our contact forms, the following data will also be stored:

• the IP address of the user
• the date and time of registration

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

If a solution to your problem reported via the support form or an answer to a question is only possible with the involvement of other partners or service providers, we will pass on the information associated with the enquiry / incident to them.

Legal Basis and Purpose of Data Processing

The legal basis for the processing of data transmitted in the course of sending a contact form request or an e-mail is Art. 6 para. 1 lit. f GDPR. If the contact form request or the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR (e.g. when using the webinar registration form).

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The user's details may also be stored in our customer relationship management system (CRM software) or comparable enquiry organisation on the basis of our legitimate interests.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of Storage / Right to Object and Erasure

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified and that no legal requirements call for longer storage.

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In this event, all personal data stored in the course of contacting us will be deleted unless legal requirements require longer storage.

All personal data stored in the course of contacting us will be deleted in this case, unless legal regulations require longer storage.

2. Newsletter

Description of data processing

We would like to inform our customers and interested parties at regular intervals about our products, services, webinars, innovations or news at Protelion by e-mail or other electronic notifications (hereinafter referred to as "Newsletter"). We require your e-mail address for this purpose. Further information may be requested in the respective newsletter registration forms in order to provide you with personalised content tailored to your interests.

You can subscribe to our Newsletter by using the corresponding function of a subscription form to subscribe to our newsletter, or during a registration process by ticking a box (so-called opt-in). For this purpose, we provide various options on our Websites or in the context of registration or order interfaces to register for our (possibly topic-specific) newsletters. The details to the respective contents of the newsletters are described concretely in the respective registration form. This description is relevant for your consent.

Following your registration, you will receive an e-mail from us in which you will be asked to confirm your newsletter subscription once again (so-called double opt-in procedure). This confirmation is necessary to exclude the possibility that someone else has misused your e-mail address to subscribe to our newsletter at a different address. Only when you activate the hyperlink sent to your email address will the newsletter be sent to your email address.

For verification purposes, the IP address and the registration date ("timestamp") are stored in addition to your e-mail address and name for the newsletter dispatch.

Legal basis and purpose of the data processing / data recipient

The legal basis for the dispatch of newsletters is the consent given by you as the recipient pursuant to (Art. 6 Section 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 Section 2 no. 3 UWG), or if consent pursuant to § 7 Section 3 UWG (German Law Against Unfair Trade (“Gesetz gegen Unlauteren Wettberwerb”) is not required for existing customers, on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 Section 1 lit. f GDPR in conjunction with § 7 Section 3 UWG.

The logging of the registration procedure is based on our legitimate interests pursuant to Art. 6 Section 1 lit. f GDPR in a secure and targeted newsletter system that meets both our business sales interests and the ideas and needs of the recipients, as well as the verifiability of the consents given.

Duration of storage / right of objection and erasure

You can object to the dispatch of the newsletter at any time or withdraw your consent to receive the newsletter in whole or in part. You will find an unsubscribe link at the end of each newsletter. You can also contact us directly using the contact details provided at the beginning of this Privacy Policy

By unsubscribing the newsletter, the business communication is not affected. Your data will be stored by us for the purpose of contract processing, our support and services, software updates or registration for events. In addition, we reserve the right to store the necessary proofs until the statutory limitation periods have expired in order to provide evidence of a legally compliant newsletter mailing.

3. Use of the Protelion Partner Portal

Description of data processing

After completing a registration process, we offer customers the possibility of submitting support enquiries to us or requesting support services via our Partner Portal using a login area provided for this purpose, as well as increasing access to customer-specific information. For partners, we offer a Partner Portal for this purpose.

The Partner Portal can be accessed via our website. We inform the respective users of the necessary password within the scope of the business transaction. The access data required for the login will be stored by us when a corresponding user account is created. The following personal data is provided by the user for this purpose or as part of the registration process:

• Company Name
• Salutation
• First name
• Surname
• E-mail address
• Mobile phone number

We only use the mobile phone number to activate two-factor authentication. The access data required for login (email address and password) are stored by us when a corresponding user account is created. In order to complete the registration process, the user receives an activation link to the email address provided by him/her, which he/she must then click on. Alternatively, the user can copy the link and call it up via the address line of his web browser.

For technical reasons, a limited amount of data (so-called connection data) is collected each time the Partner Portal is accessed. This data is technically necessary in order to establish and carry out a connection between the user's terminal device and our servers. Furthermore, this data is necessary to maintain the session after a login and to prevent unauthorised access to this session. Within the scope of each registration process and the use of the customer portal or the Partner Portal, we or the hosting service provider we use store the IP address and the time of the respective user action (timestamp), internet service provider, web browser and operating system used or the respective version information, language settings, referrer URL and the name of the website accessed.

After logging into the Partner Portal, a cookie is set which is required to maintain the session and to protect the session. To use the Partner Portal, you must allow this cookie in your web browser.

If a solution to a problem reported via the Partner Portal or an answer to a question is only possible with the involvement of other partners or service providers, we will pass on the information associated with the enquiry / incident to them.

Legal basis and purpose of the data processing / data recipient

The legal basis for the processing of data processed in the course of registration and use of the Partner Portal as well as enquiries made via this or downloads used, is Art. 6 Section 1 lit. b GDPR due to the intended conclusion and implementation of a contract. Furthermore, Art. 6 Section 1 lit. f GDPR is relevant, as the processing of personal data in connection with our Partner Portal serves to enable an effective possibility for contact enquiries and communication with our respective responsible sales and support teams, as well as the administration, processing and resolution of enquiries received via it and the secure connection between the end devices of the users and our servers.

Duration of storage / right of objection and erasure

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the registration input mask, this is usually the case when the respective usage process has ended.

All personal data stored in the course of contacting us will be deleted at the latest if no legal requirements necessitate longer storage (for example, legal warranty periods in connection with support requests).

4. Applications at Protelion

Description of data processing

On our website, under the heading "Jobs", we inform you from time to time about vacancies at Protelion and, if applicable, about the possibility of completing internships or apprenticeships with us, or working with us as part of a dual study programme or as a student trainee.

If you send us your application as a result or as part of a speculative application, we regularly process personal and contact data such as: First and last name, address, e-mail address, telephone number, date of birth.

In addition, we process the data that you send us with your application documents (CV, photographs, certificates, etc.). Which of the data provided to us is processed in detail depends largely on the position to be filled. At the very least, we require data regarding your previous educational/professional background, your qualifications, your skills and personal details in order to be able to assess whether your application is suitable for the vacant position. The processing of your data in this context is usually absolutely necessary for the preparation and completion of the application procedure. If you do not provide us with any or sufficient data, this may result in us not being able to consider you as an applicant for the vacancy, having to reject you as an applicant or no longer being able to carry out the application procedure.

We do not require any information from you that is not usable under the General Equal Treatment Act under German law or any other national or international equal treatment law. Please also do not forward us any confidential information or trade secrets of your former or current employer.

We provide your data to those employees or organisational units that need it to fulfil our contractual and legal obligations or to process or pursue our legitimate interests, significantly the HR department and the management level of the specialist department within which the position is to be filled.

Pursuant to § 164 section 1, sentence 4 of the German Social Code, Book IX (“SGB IX”), we are obliged to inform the relevant representative body for severely disabled persons of every incoming application from persons with a severe disability and to provide the relevant data of the applicant.

Legal basis and purpose of the data processing / data recipient

Personal data is primarily processed for the purpose of personnel selection to fill vacancies in order to initiate an employment contract (Art. 6 para. 1 lit. b GDPR, or Art. 88 GDPR in conjunction with § 26 BDSG).

Based on a consideration of interests, data processing may go beyond the actual initiation of an employment contract in order to protect our legitimate interests in the selection of personnel and the assessment of whether an applicant and the vacant position are a good match (Art. 6 para. 1 lit. f GDPR). This is permissible unless your interests or fundamental rights and freedoms require the protection of personal data. Data processing to protect legitimate interests takes place, for example, when using job boards, recruitment agencies, service providers to carry out recruiting procedures.

CVs, certificates and other data you provide to us may contain particularly sensitive information about mental or physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union or political party memberships or sex life. If you voluntarily provide us with such special personal data (see Art. 9 para 1 GDPR), the processing is carried out under the additional conditions of Art. 9 para 2 GDPR.

Duration of storage / right of objection and erasure

Severely disabled applicants have the right to refuse the involvement of the competent representative body for severely disabled persons in accordance with § 164 section 1 sentence 8 SGB IX and thus prevent notification to this body. Please inform us as part of the application if you refuse the involvement of the competent representative body for severely disabled persons.

If you are rejected after the end of the application process or withdraw your application beforehand, we will store your data for a period of 6 months from this point onwards in order to be able to meet any obligations to provide evidence under the Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz “AGG”) and to defend ourselves against any legal claims.

In the event of a successful application, we store the applicant data provided in the personnel file for the purpose and for the duration of the employment relationship.

C. Contractual relationships with Customers and Business Partners

I. Am I obliged to provide data?

If you contact us with questions about our services, enter into contractual negotiations with us, accept one of our offers or have other contractual agreements with us, we process the personal data you provide in this context. Which data is processed in detail depends largely on the relevant objects of purchase or the services which you obtain from us or which you enquire about. In this context, the processing of your data is usually absolutely necessary for the preparation, conclusion and execution of the contract. If you do not provide us with this data, this may mean that we have to refuse to conclude a contract or to execute the order or that we would no longer be able to perform an existing contract.

If we use data in the context of initiating or fulfilling a contract with a customer, business or cooperation partner, our interest in handling your data lies in enabling and maintaining the exchange with the customer or the respective business or cooperation partner, typically in the context of a contractual or other relationship. If you act as a contact person - typically in your function as an employee at these companies - you usually do not have an overriding opposing interest, insofar as this interaction with us is part of your area of responsibility, so that a right to object is regularly ruled out.

However, you are not obliged to give your consent to data processing with regard to data that is not relevant to the performance of the contract or that is not required by law.

II. Communication

In principle, we collect the necessary data from you ourselves in personal contact. However, you can of course also contact us by telephone, fax, post or alternatively via our e-mail address provided (see imprint) or the e-mail addresses of our employees made known to you. In the latter case, the personal data transmitted by e-mail will be stored. Please note that communication by e-mail is not encrypted for technical reasons.

Your data will be used for the processing of the conversation and the follow-up of the respective enquiry or meeting content. The processing of your data is based on Art. 6 para. 1 lit. b GDPR if the communication is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.

In all other cases, the processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective processing of enquiries addressed to us.

In this context, the data will not be passed on to third parties unless it is necessary for the pursuit of our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR).

III. Data processing in the context of sales

Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the service with which you commission us, in particular for the performance of our contracts or pre-contractual measures, as well as all activities required for the operation and administration of Protelion.

The resulting purposes of data processing are primarily based on the specific activities and individual services agreed with you and may include, among other things, consulting activities or activities in the context of managing sales processes (e.g. compiling documents, sending Protelion product or event information, provision of services by Protelion) or the accompaniment of sales negotiations and contract conclusions.

Further details on the scope, purpose of data processing and recipients of your data can be found in the respective contract documents and associated terms and conditions.

As far as necessary in the context of our operational processes, we process your data in connection with our services beyond the actual performance of the contract in order to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR).

We may be subject to specific legal obligations in connection with the offer or provision of our services, such as requirements under tax legislation. The purposes of processing your data may therefore include, among others, the fulfilment of control and reporting obligations under tax law, customs or export regulations, and the assessment and management of risks. The data processing necessary for this is based on Art. 6 para. 1 lit. c GDPR .

IV. Transmission of data

Depending on the scope of the service, your data or documents may be passed on to public authorities or private service providers or persons with whom we regularly cooperate, both in the enquiry or offer phase and in the contract implementation phase (see Part A, Section V).

D. Miscellaneous

Due to the further development of our Website or our offers as well as due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access the current data protection declaration on our Website at any time and print it, if necessary.