Privacy Policy

CONTENTS

1. General Information
2. Contact Details of the Controller and the Data Protection Officer
3. Use of Data on Our LinkedIn Channel
4. Data Processing When Visiting Our Website
4.1 Delivery of the Website and Contact Form
4.2 Cookies and Services
4.2.1 General information on cookies and similar technologies
4.2.2 Data Processing in Connection with the Cookie Management Tool
4.2.3 Registration and user login (platform account)
4.2.4 Request a demo
4.2.5 Use of Google Analytics
4.2.6 Use of Google Ads (incl. Remarketing/Retargeting and Conversion Measurement)
4.2.7 LinkedIn social media plugins and LinkedIn Insight Tag
4.2.8 Links to Social Networks and External Content
4.2.9 Use of Google Tag Manager5. Processing of customer and contract data
6. Processing of data from business information providers and public registers
7. Disclosure of Data to Third Parties or Other Recipients
8. Surveys, Newsletters, and Advertising for Similar Products
9. Data Retention Period
10. Data Security
11. Your Rights as a Data Subject

In this Privacy Notice, we explain how we collect, use, and store personal data. When you access certain services (for example, by using our contact form), personal data may be collected.
In all cases, we comply with the applicable European data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

transact.digital GmbH
Neue Rothofstrasse 13-19
60313 Frankfurt am Main / Germany

Phone: +49 69 66779969
E-mail: info@transact.digital

HSDK GmbH

Attn.: Dirk Schell, Data Protection Officer
Eschersheimer Landstraße 42
60322 Frankfurt am Main / Germany

Phone: +49 69 870092860
Email: privacy@transact.digital

We use the platform and services provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”), to publish our information and updates.
If you choose to use our LinkedIn page, you do so at your own responsibility. This applies in particular when using interactive features such as liking or commenting on posts. We have no control over the type and scope of data collected and processed by LinkedIn. In addition, you may contact us via direct message on LinkedIn. In this case, your personal data are processed based on our legitimate interest in responding to your inquiry, communicating with you, and promoting our services (legal basis: Article 6(1)(f) GDPR).

When visiting a LinkedIn page, LinkedIn collects various types of personal data, including your IP address and other information stored in the form of cookies on your device. LinkedIn uses these data to compile statistical information about the use of LinkedIn pages. The data collected about you in this context are processed by LinkedIn and may be transferred to countries outside the European Union. Further information on data protection at LinkedIn can be found in LinkedIn's Privacy Policy: https://www.linkedin.com/legal/privacy-policy

When you access our website, your internet browser automatically transmits the following data to our web server for technical reasons:

• IP address
• Date and time of the server request
• URL of the requested file
• Amount of data transmitted
• Operating system
• Information about the browser type and version used
• Name of the internet service provider
• Website from which our site was accessed
• Pages visited on our website

The collection, processing, and use of the above data are carried out for the purpose of enabling the use and delivery of our website. Additional purposes include IT system security and technical administration. The legal basis for this processing is Art. 6(1)(f) GDPR, with our legitimate interest arising from the aforementioned purposes.

If you choose to use our contact or service forms, the information you provide will be used solely to process your request and to perform any services you may have requested. We only collect and process additional personal data when necessary to provide specific services or if you have given us your express consent - for example, by filling out a form, sending us an email, commissioning services, or submitting inquiries. The legal bases for this processing are Art. 6(1)(b) and Art. 6(1)(f) GDPR.

Cookies are small text files that are stored on your end device via the browser you use when visiting a website and can be retrieved again upon a subsequent visit. In addition, comparable technologies (e.g., local storage, pixels, or tags) may be used that store information on your end device or enable the retrieval of such information. The use of such technologies may be technically necessary in order to ensure basic functionalities and the security of the website (e.g., for session management), or it may serve purposes of statistical analysis, reach measurement, the integration of external content, or marketing purposes. Cookies may be set only for the duration of a session (so-called session cookies) or may remain stored on your end device for a specified period of time (so-called persistent cookies). You may restrict or disable the storage of cookies at any time via your browser settings and delete cookies that have already been stored; in such cases, the functionality of the website may be fully or partially limited.

We use the consent management platform of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (“Usercentrics”) to obtain, administer, and document your consent (or any withdrawal thereof) for the use of cookies and comparable technologies on our website. When you access our website, Usercentrics processes, in particular, your consent status (granting and/or withdrawal), your IP address, information about your browser and device, the date and time of your visit, and (where applicable) approximate geolocation data. For purposes of consent documentation and recognition, Usercentrics also stores a consent cookie and/or comparable identifiers on your device. The use of Usercentrics is necessary to enable us to comply with our legal obligations relating to consent management and documentation under data protection law (Art. 6(1)(c) GDPR) and - where the storage of or access to information on your end device is concerned - under the applicable cookie rules (in particular, § 25 TDDDG). We have entered into a data processing agreement with Usercentrics pursuant to Art. 28 GDPR. You may adjust or withdraw your consent at any time via our consent management settings; such withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal. The data collected via Usercentrics will be stored until you delete the consent cookie/identifier or until the purpose for storage no longer applies, unless statutory retention obligations require continued retention.

To provide access to our platform and to enable the use of its secured features, we process personal data in connection with the creation, administration, and use of user accounts and login sessions. When you register for an account (or when an account is created for you within the scope of a business relationship), we process in particular account and identification data (e.g., name, business email address, organization/company, role or function, account settings), authentication data (e.g., login credentials and - where applicable - multi-factor authentication information), and usage and access data generated in the course of login and platform use (e.g., login time stamps, IP address, device and browser information, session identifiers, and log data relating to security events).

Such processing is carried out for the purposes of establishing, performing, and administering the contractual relationship with you and/or implementing pre-contractual measures, including the provisioning and management of user access, license and account administration, billing and invoicing (where applicable), customer support, and service-related communication (Art. 6(1)(b) GDPR). In addition, we may use the contact details provided during registration, in particular your email address, to inform you about material changes to the scope of our services, relevant technical updates, or other information necessary for the proper provision and maintenance of the platform.

Furthermore, we process the above data to ensure the security, stability, and integrity of the platform, to manage user sessions, to prevent and detect misuse, fraud, and unauthorized access, and to assert or defend legal claims (Art. 6(1)(f) GDPR; our legitimate interest lies in the secure and reliable operation of the platform and in protecting our systems, users, and business operations). Where the storage of or access to information on your end device is strictly necessary for the provision of the platform and its login and session functionality (e.g., technically required cookies or comparable technologies for authentication and session management), such processing is carried out in accordance with the applicable statutory provisions governing strictly necessary technologies (in particular, § 25(2) TDDDG).

We retain account-related data for as long as your user account remains active. Upon deactivation or deletion of the account, the data will be deleted or anonymized without undue delay, unless further retention is required to comply with statutory retention obligations or is necessary for the establishment, exercise, or defense of legal claims. Security- and access-related log data are retained for a limited period proportionate to their purpose and are subsequently deleted or anonymized, unless continued retention is required in a specific case (e.g., for the investigation of security incidents).

If you submit a “Request a demo” inquiry, we process the personal data you provide in order to handle your request, to contact you, and to arrange and conduct the requested demonstration of our platform. Depending on the input fields and the content of your message, this may include in particular your name, business contact details (e.g., email address and/or telephone number), company/organization, role or function, and any additional information you voluntarily provide (e.g., intended use case, questions, scheduling preferences). We process this information for the performance of pre-contractual measures taken at your request and, where applicable, for the initiation and/or performance of a contract (Art. 6(1)(b) GDPR). In addition, we may document and retain the communication associated with your inquiry to ensure efficient processing, to maintain proper records of business communications, and to assert or defend legal claims (Art. 6(1)(f) GDPR; our legitimate interest lies in the orderly handling and traceability of requests and in the protection of our business operations). Your data will be accessed internally only by those persons who are responsible for processing your request and, where necessary, by service providers acting as processors (e.g., providers of hosting, communication, or customer relationship management tools) under a data processing agreement pursuant to Art. 28 GDPR. We retain the data collected in the context of demo requests for as long as necessary to process your inquiry and complete the related follow-up; thereafter, it will be deleted or anonymized without undue delay, unless statutory retention obligations apply or continued retention is necessary for the establishment, exercise, or defense of legal claims. If, in the course of your demo request, we intend to use your contact details for marketing communications beyond the handling of your specific request, this will only occur where permitted by applicable law and, where required, on the basis of your prior consent, which you may withdraw at any time with effect for the future.

This website uses Google Analytics, a web analytics service provided for users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics enables us to analyze and evaluate the use of our website, to compile reports on website activity, and to derive insights that help us improve the performance, security, and user experience of our online offering.

Google Analytics uses cookies and comparable technologies (e.g., tags and identifiers) that are stored on, or access information on, your end device and thereby enable the analysis of your use of the website. In this context, the following categories of data may be processed in particular: online identifiers (including cookie IDs), information about your device and browser (e.g., operating system, browser type/version, language settings), usage data (e.g., pages viewed, click paths, interactions, time stamps, referrer URL), and - where technically required - your IP address. We have enabled IP anonymization (IP masking), meaning that within the European Union and the European Economic Area your IP address is generally truncated prior to further processing; only in exceptional cases may the full IP address be transmitted to a Google server in the United States and truncated there.

We use Google Analytics with the “User-ID” feature. This allows us to assign a unique, pseudonymous identifier to one or more sessions and to analyze user interactions across devices, provided that you have logged into a user account and have consented to the use of analytics technologies. In addition, we use Google Signals. Google Signals enables cross-device analysis and provides aggregated reports on demographic characteristics and interests of users who are signed into a Google account and have enabled personalized advertising. This may also allow us to measure the effectiveness of our marketing activities across devices and, where applicable, to use remarketing features within Google Ads. The data collected in this context is aggregated and does not allow us to directly identify individual users.

On our behalf, Google will process the above information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website and internet usage. Google processes the relevant data for these purposes as our processor within the meaning of Art. 28 GDPR; we have concluded a corresponding data processing agreement with Google. Please note that, depending on the configuration and the technical integration, processing may also involve Google LLC in the United States and, consequently, a transfer of personal data to a third country. Where such transfers occur, they are carried out on the basis of an adequacy decision (where applicable) and/or appropriate safeguards, in particular the EU Standard Contractual Clauses, supplemented by additional measures where required. Notwithstanding such safeguards, it cannot be excluded that authorities in third countries may access data under certain circumstances.

The use of Google Analytics, including the User-ID feature and Google Signals, is carried out only with your prior consent. The legal basis for this processing is Art. 6(1)(a) GDPR in conjunction with the applicable provisions governing the storage of and access to information on end devices (in particular, § 25(1) TDDDG). You may withdraw your consent at any time with effect for the future via our consent management settings; withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal. In addition, you may prevent the storage of cookies by selecting the appropriate settings in your browser software or delete cookies that have already been stored; however, please note that in this case you may not be able to use all features of this website to their full extent. Where provided by Google, you may also use browser-based opt-out mechanisms (e.g., the Google Analytics opt-out add-on).

We store and process Google Analytics data only for as long as it is necessary for the above purposes and in accordance with the retention settings configured in Google Analytics; data will be deleted or anonymized once it is no longer required and no overriding statutory retention obligations apply.

We use Google Ads, a service provided for users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to promote our offerings and to measure the effectiveness of our advertising campaigns. For this purpose, Google may set cookies or use comparable technologies (e.g., tags and identifiers) on your end device and process information about your interaction with our website and with our advertisements (in particular, online identifiers such as cookie IDs, device and browser information, IP address, referrer URL, pages visited, time stamps, and interaction events). Where you access our website via a Google advertisement, Google may also record that you clicked on the advertisement and were redirected to our website; we generally receive only aggregated reports and statistics and do not receive information that would allow us to directly identify you.

Where Google Ads Remarketing/Retargeting is enabled, we may additionally use the information collected to display interest-based advertisements to you on other websites and services within the Google advertising network. In this context, Google may assign your browser or end device to a pseudonymous identifier and recognize it on other websites. If you are signed into a Google account, Google may associate the relevant information with your Google account in accordance with Google's own settings and policies; we do not have control over such association.

The use of Google Ads (including remarketing and conversion measurement) is carried out only with your prior consent. The legal basis is Art. 6(1)(a) GDPR and - where the storage of or access to information on your end device is concerned - § 25(1) TDDDG. You may withdraw your consent at any time with effect for the future via our consent management settings. In addition, you may restrict or disable cookies via your browser settings and you may also adjust advertising preferences directly with Google (e.g., for personalized advertising). Depending on the configuration, processing may involve Google LLC in the United States and therefore may entail a transfer to a third country; such transfers are carried out on the basis of an adequacy decision (where applicable) and/or appropriate safeguards (in particular, the EU Standard Contractual Clauses), supplemented by additional measures where required.

We integrate certain functionalities of the LinkedIn network (social media plugins, e.g., buttons/embedded content) and use the LinkedIn Insight Tag (pixel) on our website, each provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). These LinkedIn features are activated and loaded only if you have provided your prior consent via our consent management settings; unless and until you consent, no connection to LinkedIn is established as part of these features. Once activated, LinkedIn may process, in particular, your IP address, device and browser information, referrer URL, pages visited, time stamps, interaction and event data, and online identifiers (e.g., cookie IDs), and may associate such data with your LinkedIn account if you are logged in. Social media plugins enable interaction with LinkedIn content and may allow LinkedIn to compile usage profiles for advertising, market research, and the optimization of its services; the Insight Tag allows us to measure the effectiveness of our LinkedIn advertising (conversion measurement), to generate aggregated reports and insights (including demographics and reach statistics), and - where enabled - to retarget website visitors with interest-based ads on LinkedIn and within LinkedIn's advertising ecosystem. For the collection of data on our website and its transmission to LinkedIn via the Insight Tag, LinkedIn and we act as joint controllers within the meaning of Art. 26 GDPR; LinkedIn is solely responsible for subsequent processing of the transmitted data for its own purposes. The processing is based on your consent pursuant to Art. 6(1)(a) GDPR and - where the storage of or access to information on your end device is concerned - § 25(1) TDDDG; you may withdraw your consent at any time with effect for the future via our consent management settings. Please note that LinkedIn may also process personal data in countries outside the EEA (in particular, the United States); where a transfer to a third country occurs, it is carried out on the basis of an adequacy decision (where applicable) and/or appropriate safeguards (in particular, EU Standard Contractual Clauses), supplemented by additional measures where required. You can also manage your advertising preferences and, where available, opt out of retargeting directly via LinkedIn's privacy and advertising settings.

This website uses hyperlinks to social networks (e.g., LinkedIn). These are displayed as the corresponding logos, which are stored on our own systems. When our website is first accessed, no data are transmitted to the respective providers. When you click on the logos of these providers, you are redirected to the provider's respective website. Further data about you may be processed there. Once the connection has been established, we no longer have any control over the type and scope of data collected and processed by the provider; information on this can be found in the privacy policies of the respective providers. In particular, if you are logged into a social network and visit our presence on that social network, the provider may associate this visit with your user account.

Our presences on social networks serve to maintain a comprehensive online presence. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of those networks.

When you visit one of our social media presences, we and the operator of the respective social network are jointly responsible for the data processing operations triggered during that visit. You may therefore exercise your rights in principle both against us and against the operator of the respective social network. Please note, however, that despite the joint responsibility, we have only limited influence over the data processing activities carried out by the respective providers.

Data collected directly by us through a social network are deleted from our systems once you request deletion, withdraw your consent to storage, or the purpose of storage no longer applies. Stored cookies remain on your device until you delete them. We have no influence over the duration of data storage by the operators of the social networks for their own purposes. Where data are transferred to the United States, such transfer is based on the EU Commission's Standard Contractual Clauses. Further information can be found in the privacy policies of the respective providers.

LinkedIn
https://de.linkedin.com/legal/privacy-policy

We use Google Tag Manager on our website, a tool operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager allows us to centrally manage and control various website tags. It serves as an administrative tool that enables the implementation and updating of so-called tags (small code snippets) on our website without the need to modify the source code directly. Tags are often used for different purposes, such as analyzing user behavior through Google Analytics.

Google Tag Manager itself does not collect any personal data. It functions as a container that manages other tags. When you visit our website, the tags integrated via the Tag Manager may transmit data such as your IP address, usage information, or other device-related data to the respective services. Depending on the tag, this data processing may take place, for example, to analyze user behavior, improve website functionality, deliver targeted advertising, or for statistical purposes.

The use of Google Tag Manager is based on our legitimate interest in ensuring the efficient and flexible management of our website tools (Article 6(1)(f) GDPR) or on your consent, given by accepting all cookies in our cookie banner (Article 6(1)(a) GDPR).

Further information on Google's data processing and the functionality of Google Tag Manager can be found in Google's Privacy Policy: https://policies.google.com/privacy

In the course of establishing, performing, and terminating our business relationships, we process personal data of our customers and their authorized users (including contact persons, account administrators, other designated users, and interested persons submitting inquiries) to the extent necessary for contractual and related administrative purposes. This includes, in particular, master and contact data (e.g., name, business contact details such as e-mail address, telephone number, and fax number, organization/company, role or function), contractual and account data (e.g., contractual terms, subscription or license information, user administration details, support entitlements), as well as billing and payment-related information (e.g., invoicing details, billing address, tax-related information, and payment status). Such processing is carried out primarily for the performance of a contract and for the implementation of pre-contractual measures (Art. 6(1)(b) GDPR), for compliance with applicable legal obligations (e.g., commercial and tax law retention and documentation requirements) (Art. 6(1)(c) GDPR), and - where appropriate - to safeguard our legitimate interests, in particular the orderly administration of customer relationships, the prevention and investigation of misuse or fraud, and the establishment, exercise, or defense of legal claims (Art. 6(1)(f) GDPR).

Where you use our platform via a registered user account, the processing of account and access data described in the section “Registration and user login (platform account)” complements this contractual processing; similarly, information submitted through a “Request a demo” inquiry may be processed as part of pre-contractual communications and, where applicable, transitioned into customer and contract administration if a business relationship is established. We disclose customer and contract data only to the extent necessary to internal recipients responsible for customer administration and to carefully selected service providers acting as processors pursuant to Art. 28 GDPR (e.g., hosting, IT, communication, and accounting-related service providers), and - where legally required - to public authorities. Customer and contract data are retained for the duration of the contractual relationship and, thereafter, for as long as necessary to comply with statutory retention periods and/or to establish, exercise, or defend legal claims; following expiry of these periods, the data will be deleted or anonymized in accordance with applicable law.

In the course of providing and operating our platform, we may process certain personal data relating to individuals who are associated with companies and other organizations (e.g., managing directors, directors, officers, authorized representatives, shareholders, or other persons listed in official registers and digital business networks like LinkedIn). This processing takes place exclusively in a business-related context and serves to enable our customers - typically professional users such as investors, corporates, advisory firms and other organizations - to identify, screen, and assess potential investment or acquisition candidates and to obtain a structured overview of relevant company and market information.

The personal data processed for these purposes is not necessarily collected directly from the data subject. Rather, it may be obtained from specialized business information providers and from publicly accessible, authoritative sources, in particular commercial and company registers (such as the German Commercial Register), as well as related official publications and comparable public registers. These sources are used to ensure that the information made available on our platform is based on structured, recognized, and regularly maintained datasets.

Depending on the content provided by the respective source and the corporate context, we may process in particular:

• identification and role-related information (e.g., name, corporate function or position, representation powers);
• register-based company information relating to individuals (e.g., appointments, changes in management, shareholding information as recorded in official registers);
• professional or business contact and reference data, where available and relevant in a corporate context; and
• company-related indicators and contextual information made available by the above sources (e.g., information on corporate structures and, where provided in a business context, certain company-related economic or risk indicators). We do not process such information for the purpose of assessing individuals in their private capacity; the processing is limited to information that arises from or is directly connected with a professional or corporate environment.

We process the above data to provide, operate, and further develop the functionality of our platform, including the ability to search, filter, structure, and present company-related information, and to support our customers in conducting business-related screening and evaluation activities in the context of investment, mergers and acquisitions, and other corporate transactions. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interests - and, where applicable, those of our customers - lie in facilitating informed business decisions, enhancing transparency in professional markets, and providing an efficient, secure, and reliable platform for the retrieval and analysis of company-related information. Where relevant, the provision of the platform to our customers is also linked to the performance of a contract (Art. 6(1)(b) GDPR); however, the processing of data relating to third parties obtained from external sources is typically based on Art. 6(1)(f) GDPR.

Access to the information made available via our platform is generally restricted to authorized users (e.g., our customers and their authorized users) and is governed by contractual arrangements and technical access controls. In addition, we may disclose personal data to service providers acting on our behalf as processors pursuant to Art. 28 GDPR (e.g., hosting, IT, maintenance, and security service providers), solely to the extent necessary for the operation, maintenance, and security of the platform. Any transfers of personal data to recipients in third countries are carried out in accordance with Art. 44 et seq. GDPR and based on appropriate safeguards (e.g., adequacy decisions and/or EU Standard Contractual Clauses), as further described in this Privacy Policy.

We process and retain the data only for as long as it is necessary for the purposes described above, including maintaining the relevance and functionality of the platform's datasets. Where applicable, data will be deleted or anonymized once it is no longer required for these purposes, unless further retention is required to comply with statutory retention obligations or is necessary for the establishment, exercise, or defense of legal claims. Where feasible and appropriate, we also implement measures to update information based on source updates and to review and correct data where inaccuracies are identified.

While automated procedures may be used to technically structure, match, and display information efficiently (e.g., for search, filtering, or categorization purposes), we do not carry out automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you. Any business, investment, or transaction-related decisions are made by our customers or other relevant stakeholders and not by our platform.

Depending on the context and the specific processing activity, personal data may be disclosed to different categories of recipients in the course of operating our website, providing our platform, and maintaining our business relationships.

• Disclosures required by law and in the context of legal enforcement.
  In certain circumstances, we may be legally obliged to disclose personal data to competent public authorities, courts, or other governmental bodies (e.g., in response to binding legal requests, statutory reporting obligations, or where disclosure is required for the prevention, investigation, or prosecution of criminal offences or to respond to unlawful attacks on our IT systems). The legal basis for such disclosures is Art. 6(1)(c) GDPR. We may also disclose data where necessary to establish, exercise, or defend legal claims (Art. 6(1)(f) GDPR).
• Service providers (processors).
  For the operation, maintenance, and security of our website and platform, we engage carefully selected service providers (e.g., hosting and content delivery, IT and security service providers, consent management providers, technical service provider in connection with the consent banner and - where enabled - analytics and advertising technology providers). To the extent such providers process personal data on our behalf, they do so as processors under a data processing agreement pursuant to Art. 28 GDPR and, where applicable, in compliance with the requirements for international transfers under Art. 44 et seq. GDPR. The relevant service providers and the nature of their processing are described in the respective sections of this Privacy Policy.
• Platform recipients (authorized users / customers).
  As part of providing our platform, certain information made available within the platform may be accessible to authorized users, i.e., our customers and their authorized users, subject to contractual arrangements and technical access controls. This may include company-related information that can, depending on the context, also contain personal data relating to individuals in a professional or corporate capacity (e.g., names and functions of corporate representatives as reflected in register-based or business information datasets). Such disclosures are made for the purpose of providing the contracted platform services and enabling business-related screening and analysis (typically based on Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR, as further described in the relevant sections of this Privacy Policy, including the section addressing data obtained from business information providers and public registers).
• Other disclosures.
  Apart from the foregoing, we disclose personal data to third parties only if (i) you have given your explicit consent (Art. 6(1)(a) GDPR), (ii) the disclosure is necessary for the performance of a contract with you or for pre-contractual measures taken at your request (Art. 6(1)(b) GDPR), or (iii) another legal basis permits the disclosure.
• International data transfers.
  Depending on the services used and the recipients involved, personal data may be transferred to countries outside the European Economic Area (EEA). In such cases, we ensure that any transfer is carried out in accordance with Art. 44 et seq. GDPR and is subject to appropriate safeguards, such as adequacy decisions (where applicable) and/or the EU Standard Contractual Clauses, supplemented by additional measures where required.

To ensure that our services meet your expectations, we may use your email address, which you provided during registration, inquiry, order, via professional networking platforms such as LinkedIn, or at trade fairs and comparable business events, to conduct customer satisfaction surveys. As an existing customer, we may also send you email advertisements for products similar to those you have previously purchased from us, even without prior consent. The legal basis for this processing is our legitimate interest in improving our services pursuant to Article 6(1)(f) GDPR.

You may object to this use of your data at any time. To do so, you can send a message to the contact details provided in Section 2 or use the unsubscribe link included in each newsletter.

We store personal data only for as long as is necessary to fulfill the respective purposes for which they were collected. The duration of storage is determined according to the following criteria:

• Withdrawal of consent: Where processing is based on your consent pursuant to Article 6(1)(a) GDPR, data will be stored until you withdraw your consent.
• Necessity for contractual or business purposes: Personal data will be stored for as long as they are required to fulfill a contractual relationship or to carry out pre-contractual measures (Article 6(1)(b) GDPR) or for as long as our legitimate interest in storage exists (Article 6(1)(f) GDPR).
• Legal retention obligations: Data may be stored beyond this period if required by statutory obligations, particularly in connection with tax or commercial retention requirements (Article 6(1)(c) GDPR).
• Platform operation and security: In connection with registration, login, and the use of our platform, we may retain certain technical access and security-related records (e.g., login events, session information, and other security logs) for a limited period to ensure the security, stability, and integrity of our systems and to prevent and investigate misuse or security incidents (Article 6(1)(f) GDPR). Such records are deleted or anonymized once they are no longer necessary for these purposes, unless further retention is required in a specific case.
• Consent documentation: Where we are required to document the granting or withdrawal of consents (e.g., via our consent management solution), we retain the relevant records for as long as necessary to demonstrate compliance with applicable legal requirements (Article 6(1)(c) GDPR, in conjunction with Article 7(1) GDPR, and - where applicable - § 25 TDDDG).
• Business communications and customer administration: We may retain business correspondence and administrative documentation (including communications relating to demo requests, onboarding, customer support, and account administration) for as long as this is necessary for the proper handling and documentation of the business relationship and for evidentiary purposes (Article 6(1)(b) GDPR and/or Article 6(1)(f) GDPR), subject to applicable statutory retention requirements.
• Platform datasets from external sources: Where personal data forms part of the structured datasets used to provide our platform (e.g., names and corporate roles as reflected in register-based or business information), such data may be retained and, where appropriate, periodically updated for as long as necessary to provide the platform services and to maintain the quality, relevance, and integrity of the datasets (typically Article 6(1)(f) GDPR; where applicable also Article 6(1)(b) GDPR in the context of providing services to our customers). Data will be deleted or anonymized where it is no longer required for these purposes, subject to applicable legal requirements.
• Backups and disaster recovery: For technical and security reasons, personal data may remain in backup and recovery systems for a limited period. Such backup copies are subject to restricted access and are overwritten or deleted in accordance with our backup and recovery cycles, unless a longer retention is required in a specific case.

Once the relevant storage purpose no longer applies and any statutory retention periods have expired, personal data will be deleted without delay, unless further storage in a restricted (blocked) form is necessary due to legal obligations or for the establishment, exercise, or defense of legal claims.

You have the right, pursuant to Article 21(1) GDPR, to object at any time to processing based on legitimate interests under Article 6(1)(f) GDPR. In such cases, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

We place great importance on the protection of your personal data and have therefore implemented technical and organizational measures (TOMs) to ensure an appropriate level of security in accordance with legal requirements, particularly the General Data Protection Regulation (GDPR). These measures are designed to maintain the confidentiality, integrity, and availability of the data we process and to protect them against unauthorized access, loss, destruction, or manipulation.

This website uses SSL and/or TLS encryption to protect the transmission of data between your end device and our systems. Encrypted connections can be identified by the use of the “https” protocol and the lock symbol displayed in your browser's address bar. Data transmitted via such encrypted connections is protected against unauthorized access during transmission.

Where necessary, the technical and organizational measures are updated to reflect the state of the art in order to continue ensuring the protection of your data.

You have the right at any time to request, free of charge, information about the purpose, scope, origin, and recipients of the personal data stored about you (Article 15 GDPR). You also have the right to request the correction of inaccurate or incomplete data (Article 16 GDPR).

In accordance with data protection regulations, you also have the right to the deletion of your personal data, provided that the requirements of Article 17 GDPR (“right to be forgotten”) are met, as well as the right to restrict the processing of your personal data pursuant to Article 18 GDPR.

Furthermore, you have the right to object at any time to the processing of your personal data (Article 21 GDPR) if such processing is based on Article 6(1)(e) or (f) GDPR. This applies in particular to processing carried out for direct marketing purposes.

You also have the right to data portability, meaning that you may receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or request that those data be transferred to another controller, provided the conditions of Article 20 GDPR are met.

If you believe that the processing of your personal data violates data protection laws or that your rights have otherwise been infringed, you have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR.

In addition, you have the right to withdraw your consent to the processing of your personal data at any time with effect for the future, for example by sending an informal notice by email or in writing to the contact details provided above (Article 7(3) GDPR). The lawfulness of processing carried out on the basis of your consent before its withdrawal remains unaffected.