Data privacy

nformation according to

Art. 13, 14 and 21 of the General Data Protection Regulation (DSGVO) and other data protection laws.

1./ Who is responsible for data processing and whom can I contact?

Our data controller is:

Name: Stabeau GmbH

Address: Mundsburger Damm 2

Telephone: +49 04107 8775973

E-mail: info@stabeau.com

Our data protection officer can be reached at:

Address: Mundsburger Damm 2

Phone: +49 04107 8775973

E-mail: datenschutz@stabeau.com

2./ What do we process your data for and on what legal basis? / Can you refuse collection?

Our website collects a series of general data and information with each call by you or an automated system. This general data and information is stored in the log files of our server. The types and versions of browsers used, the operating system used by the accessing system, the website from which an accessing system accesses our website, the sub-websites accessed via an accessing system on our website, the date and time of access to the website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information that serve to avert danger in the event of attacks on our IT systems may be recorded. When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to correctly deliver the content of our website, to optimise the content of our website as well as the advertising for it, to ensure the long-term functionality of our IT systems and the technology of our website, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, these anonymously collected data and information are, on the one hand, statistically evaluated by us and, on the other hand, evaluated with the aim of increasing the data protection and data security of our enterprise so as to ultimately ensure an optimal level of protection for the personal data we process (Article 6 (1) (f) of the Data Protection Regulation). The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

2.1 For the fulfilment of contractual obligations / on the basis of consent For the fulfilment of contractual obligations / on the basis of consent (Art. 6 para. 1 a, b DSGVO)

We use personal data (e.g. name, address, e-mail address, telephone number, nationality, gender, company name, identification data, tax ID if applicable, customer number, SCHUFA score, Coface score) that you voluntarily provide to us in connection with the conclusion of a contract or the initiation of the conclusion of a contract (e.g. for an application, to contact you via e-mail) on the basis of the associated consent (Art. 6 para.1 a DSGVO). This data is then processed by us in accordance with the legal provisions (e.g. the BDSG, the TMG and the DSGVO). The personal data transmitted to the data controller is determined by the respective input mask used for registration or contacting or by your decision as to which information you would like to provide to us. We process the data that is necessary for the performance of a contract or for the implementation of pre-contractual measures (e.g. to answer your questions about our services) (Art. 6 para.1 b DSGVO). Without providing the personal data, we cannot fulfil our contractual obligations (e.g. invoicing, providing our advisory services, asserting and/or defending claims, correspondence with you). Nor will we be able to answer your queries.

2.2 Within the framework of the balancing of interests (Art. 6 para. 1 f DSGVO)

Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties (e.g.):

- Consultation of and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness or default risks and the need for

for garnishment protection accounts or basic accounts;

- Examination and optimisation of procedures for needs analysis and direct customer contact;

- Advertising or market and opinion research, provided you have not objected to the use of your data;

- Ensuring IT security and the IT operation of our company;

- Prevention and investigation of criminal offences;

- For the operation of our website (including the integration of social plug-ins);

- Measures for business management and further development of services and products.

2.2 Within the framework of the balancing of interests (Art. 6 para. 1 f DSGVO)

Insofar as necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties (e.g.):

- Consultation of and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness or default risks and the need for

for garnishment protection accounts or basic accounts;

- Examination and optimisation of procedures for needs analysis and direct customer contact;

- Advertising or market and opinion research, provided you have not objected to the use of your data;

- Ensuring IT security and the IT operation of our company;

- Prevention and investigation of criminal offences;

- For the operation of our website (including the integration of social plug-ins);

- Measures for business management and further development of services and products.

The processing is necessary to protect the legitimate interests of us (pursuant to Article 6 (1) f DSGVO) and is justified by a balancing of interests in our favour. We will only use your data to advertise our services if you have initially consented to this (Art. 6 para.1 a DSGVO) and your consent has not been revoked.

3./ Who works with the data?

3.1

The personal data is used exclusively by the offices involved in the processing of the contract, by the employees in our company and their secretariats.

3.2

Processors used by us (Art. 28 DSGVO, basis for this: Art. 6 para.1 a and b DSGVO) may also receive data for these purposes (hosters, telephone providers). These are companies in the categories IT services, logistics, printing services, telecommunications, debt collection, advice and consulting as well as sales and marketing. We store the data received mainly on our own servers, but also in part on servers of specialised service providers within Germany.

3.3

Furthermore, we pass on your personal data to authorities (e.g. state data protection commissioners) third parties, insofar as this is necessary in the context of the processing of the contract concluded between us (Art. 6 para. 1 b DSGVO). We would like to point out that the lawyers working for our company are bound to secrecy by law; data will not be passed on to third parties unless this is necessary for the processing of the contract or you have separately agreed to this.

3.4

No data will be passed on to third parties who are not involved in the processing of the contract. In particular, personal data will not be passed on to a third country or an international organisation.

4./ How long will your data be stored?

4.1

To the extent necessary, we process and store your personal data only for the period of time required to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which the controller is subject. In this context, we are subject to various statutory storage and documentation obligations, which result from the German Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG) and the German Money Laundering Act (GwG), among others. Section 147 of the AO, for example, stipulates a retention obligation of up to ten years. If you have given your consent to the processing of personal data (Art. 6 para. 1 a DSGVO), we will delete this data at the latest as soon as you revoke your consent and insofar as there is no other legal basis for the processing.

4.2

If you have given your consent to the processing of personal data (Art. 6 para. 1 a DSGVO), we will delete this data at the latest as soon as you revoke your consent and insofar as there is no other legal basis for the processing.

4.3

If the purpose for storing the data no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, insofar as they are no longer required for the performance of the contract or the initiation of the contract.

5./ Is there any automated processing?

We do not make any decision within the meaning of Art. 22 DSGVO which is based exclusively on automated processing - including profiling - and/or which produces legal effects vis-à-vis you or similarly significantly affects you.

6./ What data protection rights do you have?

You have the right to information according to Art. 15 of the GDPR, the right to correction according to Art. 16 of the GDPR, the right to deletion according to Art. 17 of the GDPR, the right to restriction of processing according to Art. 18 of the GDPR, the right to data portability according to Art. 20 of the GDPR and the right to object to the processing of your data according to Art. 21 of the GDPR. Consent to the processing of data can be revoked at any time (Art. 7 DSGVO).

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 DSGVO), compare section 7./.

The revocation / your request should be addressed to:

Name: Stabeau GmbH

Address: Mundsburger Damm 2

Telephone: +49 04107 8775973

E-mail: info@stabeau.com

Alternatively, you can also contact our data protection officer.

7 / Right of complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the country where you are currently residing or where your place of work is located or in the place where an alleged infringement has been committed, if you believe that the processing of personal data concerning you violates the GDPR.

8./ Data protection during job applications and the application process

We collect and process the personal data of applicants for the purpose of processing the application procedure (Art. 6 para.1 a and b DSGVO). The processing may also take place electronically. This is particularly the case if an applicant sends corresponding application documents to the data controller by electronic means, for example by e-mail. If you enter into an employment relationship with us, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two (2) months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

9./ Use of cookies

We use cookies (basis to make the visit to our website attractive and to enable the use of certain functions. These are small text files that are stored on your computer. Cookies are used (e.g.) in a supportive manner:

- when saving default settings such as the language or location;

- in the optimisation of integrated video ads,

- to record your browser settings in order to display our website optimally on your screen, or

- when detecting misuse of our websites and services (e.g. through multiple registrations).

The use is made to protect our legitimate interest in the optimisation and economic operation of our website (Art. 6 para.1 f DSGVO). Most of the cookies used are deleted from the hard disk again after the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognise your computer on your next visit (so-called long-term cookies). These cookies are used to greet you with your user name and make it unnecessary to re-enter your password or fill in forms with your data for subsequent orders. External third parties are not permitted to collect, process or use personal data via our website using cookies. You can set your browser to inform you when cookies are set. You can then decide on a case-by-case basis whether to accept cookies or to generally exclude the acceptance of cookies. If you do not accept cookies, the functionality of our website may be limited.

When you first enter our website, you will be asked whether you agree to the integration of cookies. If you do not agree, the cookies will not be used for your visit. In this case, we again use a cookie ("CookieDisallowed") to ensure that the cookies are removed during your visits (also in the future). This cookie has a term of 30 days; after expiry, the cookie will be deleted on your next visit to our website, at your choice, or the term will be renewed.

10 / Use of Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - hereinafter "Google"). Google uses cookies for this purpose. The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. If IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within member states of the EU or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data is processed to protect our legitimate interest in the optimisation and economic operation of our website (Art. 6 para.1 f DSGVO). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of the data generated by the cookie and related to the use of our website by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link (the current link is: http://tools.google.com/dlpage/gaoptout?hl=de). Further information on Google Analytics can be found at: http://www.google.com/intl/de/analytics/privacyoverview.html.

In view of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form in order to exclude direct personal references.

Further information and Google's privacy policy can be found at: www.google.de/policies/privacy/. Google is certified under the Privacy Shield agreement and thus offers an adequate level of data protection in accordance with Art. 45 DSGVO. Further information on this can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

11./ Google maps

We use the interactive map of google maps, a service of Google, on our website. When you visit our website, Google receives the information that you have called up the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you have the option of completely deactivating Google Maps by switching off the JavaScript application in your browser. You will then no longer be able to use Google Maps on our website. The data is processed to protect our legitimate interest in the optimisation and economic operation of our website (Art. 6 para.1 f DSGVO). Further information as well as Google's privacy policy can be found at: www.google.de/policies/privacy/. Google is certified under the Privacy Shield agreement and thus offers an adequate level of data protection in accordance with Art. 45 DSGVO. Further information on this can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

12 / Encryption

We use SSL or TLS encryption to protect the transmission of confidential data. You can recognise this, for example, by the fact that there is a "https://" in the address line of your browser.

13./ Declaration of acknowledgement of the data protection declaration

I/we have taken note of the "Information on data protection". I/we am/are aware that my/our data required for processing, administration and settlement will be processed in accordance with the DSGVO and that the data collected in the course of contract processing will be forwarded to the bodies listed above.

*Abbreviations

DSGVO - Basic Data Protection Regulation

BDSG - Federal Data Protection Act

TMG - German Telemedia Act

GwG - Money Laundering Act

HGB - German Commercial Code

KWG - German Banking Act

AO - Fiscal Code