Privacy Policy

Updated on 31 May 2023

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the offers, contractual services, websites, mobile applications, functions and content associated with it, as well as external online presences (hereinafter collectively referred to as "online offer").

Section I - Responsible party and overview of data processing activities

RESPONSIBLE
Exceed Your Limits FZCO
Silicon Oasis Dubai
DDP Building A2 Unit 101
United Arab Emirates

TRN 104023547300003

The data controller is also referred to below as "we" or "us".

CONTACT DETAILS DATA PROTECTION OFFICER:

Email: hello@eyl-marketing.de

DESCRIPTION OF OUR CORE SERVICES:

Exceed Your Limits FZCO offers comparison services on the Internet. Interested parties can submit comparison requests for specific products and services. The comparison requests are then forwarded to companies, intermediaries or other providers of those products or services (collectively, "Providers"), who in turn may submit offers to the prospective customers.

By submitting the comparison request (by clicking on the "Offers)

Compare" button), the interested parties agree that we may process their name as well as their contact and inquiry data in order to process their

to process their request, prepare it for quotation, and transmit it to selected suppliers.
REVOCATION OPTION:
Consent may be revoked at any time informally, e.g. by e-mail to hello@eyl- marketing.de or by letter to Exceed Your Limits FZCO, Silicon Oasis Dubai
DDP Building A2 Unit 101, United Arab Emirates, with effect for the future.

Page 1 of 27

TYPES OF DATA PROCESSED:

  • Inventory data (e.g., names, addresses).
  • Contact data (e.g., e-mail addresses, telephone numbers).
  • Content data (e.g., settlement request information).
  • Contract data (e.g., content of settlement requests, mediated providers).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).
  • Applicant data (e.g., names, contact information, qualifications, application documents).

PROCESSING OF SPECIAL CATEGORIES OF DATA (ART. 9(1) DSGVO):

As a general rule, no special categories of data are processed, except for health data when these are supplied by users to the processing, e.g., with information on desired settlement offers (e.g., information on mobility aids).

CATEGORIES OF DATA SUBJECTS:

  • Interested parties.
  • Providers, business partners.
  • Visitors and users of the online offer.
  • In the following, we also refer to the data subjects collectively as "users".

In the following, we also refer to the data subjects collectively as "users".

PURPOSE OF PROCESSING:

  • Provision and performance of comparison and mediation services.
  • Provision of the online offer, its contents and functions.
  • Provision of contractual services, service and customer care.
  • Responding to contact requests and communicating with users.
  • Marketing, advertising and market research.
  • Security measures.

AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES (ART. 22 DSGVO):

We do not make automated decisions in individual cases.

Page 2 of 27

Section II - Data subject rights, legal basis and general information

Rights of the data subjects

You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

You have the right, in accordance with Art. 17 of the GDPR, to request that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to request a restriction of the processing of the data.
You have the right to obtain the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that they be transferred to other data controllers.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.

Right of withdrawal

You have the right to revoke your consent in accordance with Art. 7 (3) DSGVO with effect for the future.

Right of objection

You may object to the future processing of data relating to you in accordance with Article 21 of the GDPR at any time. In particular, you may object to processing for direct marketing purposes.

Cookies and right to object in direct marketing

We use temporary and permanent cookies, i.e. small files that are stored on the user's device (for an explanation of the term and its function, see the "Definitions of terms" section of this privacy statement). In part, the cookies serve security purposes or are necessary for the operation of our online offer (e.g., for the display of the website) or to store the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which users are informed in the course of the privacy statement.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that you may then not be able to use all the functions of this website.

Page 3 from 27

Exclusively automated data processing

In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.

We inform you that we do not carry out any exclusively automated data processing.

Deletion of data and archiving obligations

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 DSGVO. Unless explicitly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Changes and updates to the privacy policy.

We ask you to regularly check the content of our privacy policy. We will amend the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Relevant legal basis

In accordance with Art. 13 DSGVO, we will inform you of the legal basis for our data processing. If the legal basis is not stated in the privacy statement, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art. 6 (1) (b) DSGVO, the legal basis for processing to comply with our legal obligations is Art. 6 (1) (c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1) (d) DSGVO.

The basis for commercial communications outside of business relationships, in particular via mail, telephone, fax and e-mail are contained in § 7 UWG.

Page 4 from 27

Security of data processing

We make security measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, entry into, and disclosure of the data, and ensuring its availability and separation from other data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and the response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software, and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 of the GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.
Employees are bound to secrecy with regard to data protection, and are instructed and made aware of possible liability consequences.

Disclosure and transfer of data

If, in the course of our processing, we disclose or transfer data to other persons and companies (processors or third parties) or otherwise grant them access to the data, this will only be done on the basis of a legal authorization (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 DSGVO.

If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on the basis of an order processing agreement.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only be done if it is necessary for the performance of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow the processing of data in a third country if the special requirements of Art. 44 et seq. DSGVO are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Page 5 from 27

Section III - Processing operations

The following is an overview of the processing activities we undertake, which we have broken down into further areas of activity. Please note that the areas of activity are for guidance only, and that processing activities may overlap (e.g., the same data may be processed in more than one process).
For the sake of clarity and comprehensibility, you will find the frequently repeated terms in section IV of this privacy statement.

Core area of data processing

This section provides you with information about our core services and tasks, such as answering inquiries and providing our contractual services as well as the ancillary tasks associated with them.

Comparison and mediation services

We process the information provided by interested parties as part of the comparison request for the purpose of establishing, implementing and, if necessary, terminating a contract for the mediation of up to three offers from providers of the products or services you have requested. The mediation of offers is free of charge and non-binding. We use the contact data of the interested parties to specify your inquiry with them by telephone and to suggest suitable providers to them on the basis of the specified inquiry. In addition, we ask interested parties at a later date whether they have already received three offers from the selected providers.

By submitting the comparison request (by clicking on the "Compare Offers" button), interested parties agree that we may process their name, contact and request data in order to process their request, prepare it for quotation and transmit it to selected providers.
Depending on availability, we provide our interested parties (or customers) with a free appointment service (dates) in the respective product area, which enables them to contact the providers (or partners) effectively. Here, we set concrete dates between interested parties and suppliers. The basis for this is a comparison of the appointment requests (entries) of the interested party with the appointment availability of the selected providers, which is necessary for the purpose of contract implementation, and in the case of appointments that do not materialize, a corresponding feedback including information on the cause (e.g.: cancellation and reason for cancellation) by the providers.

The consent can be revoked at any time informally, e.g. by e-mail to datenschutz@eyl- marketing.de or by letter to EXCEED YOUR MIND SOFTWARE TRADING L.L.C., Dubai Investment Park First, Office No. 2060249, P.O.. Box No. 11800, with effect for the future.
We log the entries in the comparison form in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with the legal accountability obligations (Art. 5 para. 2 DSGVO).

  • Processed data: Inventory data, communication data, contract data, content data, usage/metadata; Within the scope of logging, the time of requesting the comparison request, as well as the time of confirming the confirmation link and the IP address are stored.

Page 6 of 27

  • Special Categories of Personal Data: Health data, insofar as this is necessary for the mediation.
  • Data subjects: prospective customers, online users or website visitors.
  • Purpose of processing: provision of contractual services, customer service,
  • logging.
  • Basis for processing: Art. 6 para. 1 lit. b (contract for the mediation of
  • settlement inquiries) and c (legally required logging/archiving).
  • DSGVO.
  • Necessity / interest in processing: The data are necessary for the justification and fulfillment of the contractual obligations.
  • and fulfillment of the contractual services as well as the fulfillment of legal
  • legal obligations to provide evidence.
  • External disclosure and purpose: Provider, for the purpose of submitting offers
  • to the interested parties in the context of the settlement.
  • Processing in third countries: No.
  • Deletion of data: The data will be kept in accordance with the law

and contractual agreements (§ 35 BDSG in conjunction with Art. 18 DSGVO). The data will initially be kept only as long as they are required for the fulfillment of the contractual purposes. In particular, the data is required to process normal and regular service requests or information on the status of the contract within the scope of business activities, for the purposes of which the data is stored in the active system for up to six months. In addition, the data will be stored within the regular statutory period of limitation (§§ 195,199 BGB) for a period of three years from the end of the contractual relationship, if this data may be required on the basis of past business experience and industry-specific business transactions, in order to be able to process any warranty and compensation claims or similar complaints and queries and to provide the necessary evidence, in particular with regard to the permissibility of the processing of the data under data protection law. In this case, the processing of the data will be limited solely to the aforementioned purposes in accordance with § 35 BDSG in conjunction with Art. 18 DSGVO. Art. 18 DSGVO. In addition, the data will be stored in accordance with the legal archiving requirements within the meaning of Art. 6 Para. 1 lit. c. DSGVO, i.e. for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 und 4, Abs. 4 HGB (books, records, management reports, accounting vouchers, commercial books, for taxation relevant documents, etc.) and 6 years according to § 257 Abs. 1 Nr. 2 und 3, Abs. 4 HGB (commercial letters). Even in the case of legally required archiving, processing is restricted to this purpose alone. The necessity of storing the data is implemented in ongoing processes and is regularly reviewed.

Registration area (customer area)

We offer a closed area for users, which requires verified registration and allows users to manage their requests, as well as their data within the framework of the technical functions available.

  • Processed data: Inventory data, communication data, contract data, content data, usage data, metadata.
  • Data subjects: interested parties, existing customers, third parties.

Page 7 from 27

  • Purpose of processing: provision of contractual services, customer service, making a closed area available.
  • Basis for processing: Art. 6 para. 1 lit. a, Art. 6 para. 1 lit. b. DSGVO.
  • Necessity / interest in processing: The data are necessary to justify and fulfill the contractual obligations.
  • fulfillment of the contractual services.
  • External disclosure and purpose: No.
  • Processing in third countries: No.
  • Deletion of data: We keep the data until the user has given his or her consent.

Verwendung seiner Daten innerhalb des Kundenbereichs widerspricht; im Fall der gesetzlichen Archivierungspflichten erfolgt die Löschung nach deren Ablauf.

Telefonische Qualifizierung

Wir verarbeiten die von den Interessenten und Kunden im Rahmen der Vergleichsanfrage gemachten Angaben für Zwecke der Begründung, Durchführung eines Vertrages zur Vermittlung von Angeboten von Anbietern der von Ihnen angefragten Produkte oder Dienstleistungen. Es kann hierbei notwendig sein, dass eine telefonische Kontaktaufnahme unsererseits erfolgt, um produkt- und dienstleistungsspezifische Besonderheiten mit dem Interessenten oder Kunden zu erörtern.

  • Processed data: Communication/contact data, metadata
  • Data subjects: prospective customers, existing customers.
  • Purpose of processing: provision of contractual services, customer service.
  • Basis for processing: Art. 6 para. 1 lit. b. DSGVO.
  • Necessity / interest in processing: The data is required for the justification and
  • fulfillment of the contractual services and performance.
  • Disclosure external and purpose: Twilio Ireland Limited, 25-28 North Wall Quay.
  • Dublin 1, Ireland; provision and performance of the contractual service.
  • Special safeguards: Order processing contract.
  • Processing in third countries: No.
  • Deletion of data: The storage of the data of the interested parties is the retention of data of the interested parties corresponds to the information on the deletion of data in the context of the above-mentioned processing activity "comparison and mediation services"; otherwise, we delete the contact data if their retention is no longer necessary, which is usually the case 6 months after the last contact; in the case of statutory archiving obligations, the deletion takes place after their expiry.

Replying to inquiries

We process the information in the inquiries that we receive via our contact form and in other ways, e.g. via e-mail, in order to respond to the inquiries. For these purposes, the inquiries may be stored in our customer relationship management (CRM) system or in similar procedures that we use to manage inquiries.

  • Processed data: Inventory data, communication data, contract data, content data, usage data, metadata.
  • Data subjects: interested parties, online users or website visitors, business partners, third parties.
  • Purpose of processing: answering inquiries.

Page 8 from 27

  • Basis for processing: Art. 6 para. 1 lit. b. DSGVO.
  • Necessity / interest in processing: Necessary to respond to the requests.
  • External disclosure and purpose: No.
  • Processing in third countries: No.
  • Deletion of data: The retention of the data of the interested parties is
  • The retention of the data of the interested parties corresponds to the information on the deletion of the data in the context of the above-mentioned processing activity "Comparison and mediation services"; otherwise, we delete the requests if their retention is no longer necessary, which is usually the case 6 months after the last contact; in the case of legal archiving obligations, the deletion takes place after their expiry.
  • Business analyses and market research
  • In order to run our business economically and to be able to identify market trends and the wishes of interested parties and users, we analyze the data we have on business transactions, contracts, inquiries, etc..
    For this purpose, we merge the personal data of prospective customers from registrations and settlement requests with the usage data of customers.
  • Processed data: Inventory data, communication data, contract data, content data, usage data, metadata.
  • Basis for processing: Art. 6 para. 1 lit. f. DSGVO.
  • Data subjects: customers, interested parties, business partners, visitors and users of the online offer.
  • Purpose of processing: business analysis, marketing, advertising, Market research.
  • Nature, scope, functioning of the processing: profiling, first-party cookies.
  • Necessity / interest in processing: increase user-friendliness, Optimization of the offer, business management.
  • Disclosure externally and purpose: The analyses serve us alone and are not
  • disclosed externally, unless they are anonymous analyses with aggregated aggregated values.
  • Processing in third countries: No.
  • Deletion of data: The retention of data of the interested parties is
  • the information on the deletion of data in the context of the above mentioned processing activity "Comparative and intermediation services"; otherwise, the macroeconomic analyses and general tendency determinations are made anonymously, if possible.
  • Processed data: Inventory data, contact data, content data (content of application folder, correspondence, internal comments).
  • Special categories of personal data: Yes, to the extent necessary for the application process or provided by applicants (e.g. health data).
  • Basis for processing: Art. 6 para. 1 lit. b. DSGVO, § 26 BDSG, Art. 28 para. 3 p. 1 DSGVO.
  • Data subjects: Applicants
  • Purpose of processing: implementation of application procedure, selection of applicants.

Page 9 from 27

  • Specific safeguards: Restriction of access to application documents to entities involved in the application process; encrypted transmission.
  • Necessity / Interest in Processing: Requirement of applicant selection, the use of our recruiting tool is based on our legitimate interests, as well as the interests of applicants in the implementation of a fast and effective application process.
  • Processing in third countries: no.
  • Deletion of data: The data provided by the applicants for external online presences

In this section, you will find information about our data processing in the context of operating external online presences, e.g. in social media.

ONLINE PRESENCES IN SOCIAL MEDIA

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within the social networks and platforms, e.g. by posting articles on our online presences or sending us messages.

The links/switching buttons to social networks and platforms (hereinafter referred to as "social media") used within our online offer generally only establish contact between social networks and users when users click on the links/switching buttons and the respective networks or their websites are called up. This function corresponds to the mode of operation of a regular online link. We would like to point out that users' data may be processed outside the European Union. This may result in risks for the users, for example, because it may be more difficult to enforce the rights of the users.

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of the users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers for consent to the data processing (i.e., declare their consent, e.g., by ticking a checkbox or confirming a button), the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

Page 10 from 27

For a detailed description of the respective processing and the possibilities to object (opt-out), we refer to the information of the providers linked below. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Social networks/platforms used by us:

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - privacy policy: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http:// www.youronlinechoices.com.
  • Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) - privacy statement: https://policies.google.com/privacy, opt-out: https:// adssettings.google.com/authenticated.
  • Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - privacy statement/opt-out: http://instagram.com/about/legal/ privacy/.
  • Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland) - privacy statement: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.
  • Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) - privacy statement/opt-out: https://about.pinterest.com/de/ privacy-policy.
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy policy https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - privacy statement/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
  • Necessity / Interest in processing: Expectations of users who are active on the platforms, business interests.

Overview of processing:

  • Data processed: Inventory data, communication data, content data, usage data, metadata.
  • Special categories of personal data: Basically no, unless specified by users.
  • Basis for processing: Art. 6 para. 1 lit f. DSGVO.
  • Data subjects: Users of the social media presences (this may include interested parties and business partners).
  • Purpose of processing: information and communication.
  • Type, scope, mode of operation of the processing: By operators of the respective platforms usually: permanent cookies, tracking, targeting, remarketing, content and behavioral advertising.

Page 11 of 27

  • Necessity / interest in processing: expectations of users active on the platforms, business interests.
  • External disclosure and purpose: To the social networks/platforms.
  • Processing in third countries: No.
  • Deletion of data: The deletion rules of the respective platforms apply.
  • Web server and security
    HOSTING
    The hosting services we use are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services, technical maintenance services.
  • Processed data: Inventory data, contact data, content data, contract data, usage data, meta/communication data.
  • Special categories of personal data: no.
  • Basis for processing: Art. 6 para. 1 lit. f DSGVO.
  • Data subjects: customers, interested parties, visitors to the online offer.
  • Special protective measures: Order processing contract.
  • Processing in third countries: no.
  • Disclosure external and purpose: name, address, web host.
  • Necessity / interest in processing: security, business interests.
  • Deletion of data: The retention of data of the interested parties corresponds
  • to the information on the deletion of data in the context of the above-mentioned processing activity "comparison and mediation services".
  • SERVER LOGS
  • The server on which this online offer is located collects so-called log files each time the online offer is accessed, in which user data is stored. The data is used, on the one hand, for statistical analysis to maintain and optimize server operation and, on the other hand, for security purposes, e.g. to detect potential unauthorized access attempts.
  • Processed data: Usage data and metadata (name of the website accessed, file, date and time of access, amount of data transmitted, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider).
  • Special categories of personal data: no.
  • Basis for processing: Art. 6 para. 1 lit. f DSGVO.
  • Data subjects: customers, interested parties, visitors to the online offer.
  • Purpose of processing: optimization server operation and security monitoring.
  • Necessity / interest in processing: security, business management
  • Interests.
  • Processing in third countries: no.
  • Deletion of data: After 7 days from collection.

Page 12 from 27

  • Processed data: The data flow between web server and users' browser, IP address.
  • Special categories of personal data: no.
  • Basis for processing: Art. 6 para. 1 lit. f DSGVO, Art. 28 para. 3 p. 1 DSGVO.
  • Data subjects: customers, interested parties, business partners, employees and other staff members, employees, website visitors.
  • Special protective measures: Order processing contract.
  • Necessity / interest in processing: user-friendliness, Business interests.
  • Disclosure external and purpose: Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA.
  • Third-party processing: USA.
  • Deletion of data: Only brief intermediate storage as part of delivery.

Embedded content and functions

In this section we inform you which content, software or functions (in short "content") of other providers we embed within the scope of our online offer on the basis of Art. 6 para. 1 lit. f DSGVO (so-called "embedding"). Embedding is done to make our online offer more interesting for our users or for legal reasons, e.g. to be able to present videos or social media contributions at all within our online offer. The embedding may also serve to improve the speed or security of the online offer, e.g. when software elements or fonts are obtained from other sources. In all cases, the data processed includes the usage data and metadata of the users and also the IP address necessarily transmitted to the provider for embedding the content, and the data subjects include the visitors to our online offering. The categories of data subjects include the users of our online offer, customers and interested parties. Further explanations can be found in the definitions of terms, especially regarding the modes of operation and protective measures, at the end of this privacy statement. The deletion of data is governed by the privacy policy of the providers of the embedded content.

SERVICES AND CONTENT FROM GOOGLE

We use the following services and content from the provider Google: YouTube - videos; Google Maps - maps; Google Fonts - fonts; Google - Recaptcha (recognition of bots in form entries).

  • Processed data: Usage data, metadata.
  • Type, scope, mode of processing: perma cookies, third-party cookies, interest-based
  • Cookies, interest-based marketing, tracking.
  • Special safeguards: Pseudonymization, opt-out.
  • Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/authenticated.

Page 13 from 27

  • External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Privacy policy: https://www.google.com/policies/privacy/.
  • Third Party Processing: No.
  • Data deletion: The data will be deleted in accordance with Google's policies.
  • FUNCTIONS AND CONTENTS OF FACEBOOK
  • Within our online offer, functions and contents of the Facebook service may be integrated. This may include, for example, content such as images, videos, or text and buttons that allow users to express their liking of the content, subscribe to the authors of the content, or subscribe to our posts.
  • Processed Data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to data stored by the service (in particular inventory data).
  • Type, scope, mode of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
  • Opt-out: https://www.facebook.com/settings?tab=ads, http:// www.youronlinechoices.com/uk/your-ad-choices/ (EU), http://www.aboutads.info/ choices (US).
  • Disclosure external: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  • Privacy policy: https://www.facebook.com/policy.php.
  • Third party processing: No.
  • Data deletion: The data will be deleted in accordance with Facebook's policies.
  • FUNCTIONS AND CONTENT OF INSTAGRAM
  • Within our online offer, functions and content of the service Instagram may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, the authors of the content or subscribe to our posts.
  • Processed Data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to data stored by the service (in particular inventory data).
  • Nature, scope, functioning of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
  • Disclosure external: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
  • Privacy policy: http://instagram.com/about/legal/privacy/.
  • Third party processing: No.
  • Data deletion: The data will be deleted in accordance with Instagram.

Page 14 from 27

FUNCTIONS AND CONTENTS OF PINTEREST

Within our online offer, functions and contents of the service Pinterest may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, subscribe to the authors of the content or our contributions.

  • Processed data: Processed data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to data stored by the service (in particular inventory data).
  • Type, scope, mode of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
  • External disclosure: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
  • Privacy policy: https://about.pinterest.com/de/privacy-policy.
  • Third-party processing: No.
  • Deletion of data: The data will be deleted in accordance with the Pinterest.

TWITTER FUNCTIONS AND CONTENT

  • Within our online offer, functions and contents of the service Twitter can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, subscribe to the authors of the content or our contributions.
  • Processed Data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to data stored by the service (in particular inventory data).
  • Type, scope, mode of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
  • Opt-out: https://twitter.com/personalization.
  • Disclosure external: Twitter International Company, One Cumberland Place, Fenian.
  • Street, Dublin 2, D02 AX07 Ireland.
  • Privacy Policy: https://twitter.com/de/privacy.
  • Third party processing: No.
  • Deletion of data: The data will be deleted in accordance with Twitter.

FUNCTIONS AND CONTENTS OF XING

Within our online offer, functions and contents of the service Xing can be integrated. This may include, for example, content such as images, videos, or text and buttons with which users can express their liking of the content, subscribe to the authors of the content or our contributions.

Page 15 from 27

  • Processed data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to data stored by the service (in particular inventory data).
  • Type, scope, mode of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
  • Disclosure external: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
  • Privacy policy:https://www.xing.com/app/share?op=data_protection
  • Processing in third countries: no.
  • Deletion of data: The data will be deleted in accordance with Xing's deleted.

LINKEDIN FUNCTIONS AND CONTENT

Within our online offer, functions and contents of the LinkedIn service can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, subscribe to the authors of the content or our contributions.

  • Processed Data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to data stored by the service (in particular inventory data).
  • Type, scope, mode of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
  • Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
  • Disclosure external: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton.
  • Place, Dublin 2, Ireland.
  • Privacy policy: https://www.linkedin.com/legal/privacy-policy
  • Third Party Processing: No.
  • Data deletion: The data will be deleted in accordance with the Instagram LinkedIn.

Marketing

In this section you will find information about the data processing we carry out for the purposes of optimizing our marketing and market research services.

SENDING INFORMATION THROUGH PERSONALIZED NEWSLETTERS

We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletters") only with the consent of the recipients or a legal permission. The subscribers' data is logged, as we are obliged to provide evidence of registrations. Unless the contents of the newsletter are explicitly described during registration, the newsletters contain information about our company and our services and offers, in particular for service areas that the recipient has declared to be of interest to him or her (e.g., if a user declares an interest in a kitchen as part of a consent process). In contrast, notifications that are made in the context of

Page 16 from 27

contractual or business relationships. This includes, for example, the sending of service emails with requested comparative offers or comparable services, technical or organizational information within the scope of our service provision, information on technical and legal changes, queries regarding orders, etc. If we have received your consent to personalized information, we will evaluate your user behavior on our website and within the newsletters we send out and assign it to your user profile maintained by us. We also store information about devices used, opening, clicking and reading behavior in e-mails, as well as subject areas visited within the Internet presence. This information is stored on a per-user basis for technical reasons, but is not used to monitor individual users, but rather to tailor content and offers to users, for example. Information that we should collect in addition to the e-mail address (e.g. name) is used to address the user personally or to adapt the content of the newsletter to the user.

  • Newsletter content: as indicated in the registration form, otherwise information about our services and our company.
  • Processed data: Inventory data (e-mail address), usage data (registration time, confirmation time double opt-in, IP address, opening of the e-mail, time and place, time and click on a link in the newsletter).
  • Special categories of personal data: no
  • Basis for processing: Art. 6 para. 1 lit. a, Art. 7 DSGVO and § 7 para. 2 no. 3
  • UWG, para. 3 (dispatch & performance measurement), Art. 6 para. 1 lit. c in conjunction with. Art. 7 para. 1
  • DSGVO (logging, performance measurement if not part of consent).
  • Data subjects: e-mail recipients
  • Purpose of processing: newsletter dispatch, optimization, proof of consent.
  • Type, scope, mode of operation of the processing: web beacon.
  • Necessity / interest in processing: Only the e-mail information is required for the dispatch of the newsletter.
  • The other information is voluntary and serves to personalize and optimize the content based on the interests of the users; the obligation to prove consent is the reason for logging; performance measurement is based on consent for users whose consent includes performance measurement and otherwise based on legitimate interests in optimizing the content for the users and on business interests.
  • Opt-Out: A cancellation link is provided in each newsletter.
  • Disclosure external and purpose: Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany.
  • Privacy statement: https://emarsys.com/de/datenschutzrichtlinie/.
  • Special safeguards: Order processing contract with Emarsys.
  • Processing in third countries: No.
  • Deletion of data: We may retain unsubscribed email addresses for up to three years based on our years on the basis of our legitimate interests before we delete them for the purpose of sending newsletters, in order to be able to prove consent previously given. The processing of this data will be limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that the former existence of consent is confirmed at the same time. Users may revoke their consent to the storage of their data, their e-mail address and their use for sending newsletters at any time. The revocation can be done via a link in the newsletters, with the

Page 17 from 27

unsubscribe function on our website or by sending an e-mail to: datenschutz@eyl- marketing.de.

COMMUNICATION VIA MESSENGER

We use messenger services for communication purposes and therefore ask you to observe the following information on the functionality of messengers, encryption, use of communication metadata, and your options to object. You may also contact us by alternative means, e.g. by telephone or e-mail. Please use the contact options provided to you or use the specified contact options within our online offer. In the case of encryption, end-to-end of content (i.e. the content of your message and attachments), we point out that the communication content (i.e. the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure that the message content is encrypted. However, we would also like to point out to our communication partners that, although the messenger providers cannot see the content, they can find out that and when communication partners communicate with us and process technical information about the device used by the communication partners and, depending on the settings of their device, also location information (so-called metadata). Notes on legal basis - If we ask communication partners for permission before communicating with them via Messenger, the legal basis of our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communicating via Messengers. Furthermore, we would like to point out that we do not transmit the contact data provided to us to the messengers for the first time without your consent.

Revocation, objection and cancellation - You may revoke your consent at any time or object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion policy (i.e., as described above, after the end of contractual relationships, archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations.

  • Processed data: Inventory data, contact data, usage data, contract data, content data.
  • Basis for processing: Art. 6 para. 1 lit. a, Art. 7 DSGVO in the case of consent, Art. 6 para. 1 lit. b DSGVO in the case of contact in the context of contract processing, Art. 6 para. 1 lit. f DSGVO in connection with legal requirements for advertising communications.
  • Data subjects: Interested parties, business partners.
  • Purpose of processing: promotional communications.

Page 18 from 27

  • Nature, scope, functioning of the processing: Contact is made only with the consent of the contact partners or within the scope of legal permissions.
  • Necessity / interest in processing: Information and business interests.
  • Disclosure external and purpose: Facebook Messenger: Facebook Messenger with end-to-end encryption; service provider: https://www.facebook.com., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com.; Privacy policy: https:// www.facebook.com/about/privacy.; Opt-out: https:// www.facebook.com/settings?tab=ads... Note: The end-to-end encryption of Facebook Messenger requires activation.
  • Processing in third countries: USA.
  • Deletion of data: With objection/ revocation or discontinuation of the
  • The retention of data of the interested parties corresponds to the information on the deletion of data in the context of the above-mentioned processing activity "comparison and mediation services".

COMMUNICATION BY MAIL, E-MAIL, FAX OR TELEPHONE

Sending of information material, telephone contact for settlement and mediation contracts.

  • Processed data: Inventory data, contact data, contract data, content data.
  • Special categories of personal data: no, except health data, which are part of the settlement and mediation service.
  • Basis for processing: Art. 6 para. 1 lit. a, Art. 7 DSGVO in case of consent, Art. 6.
  • Para. 1 lit. b DSGVO in case of contact in the context of contract processing, Art. 6 Para. 1 lit. f DSGVO in connection with legal requirements for advertising communications.
  • Data subjects: Interested parties, business partners.
  • Purpose of processing: Promotional communications.
  • Nature, scope, functioning of the processing: Contact is made only with the consent of the contact partners or within the scope of legal permissions.
  • Necessity / interest in processing: Information and commercial interests.
  • Disclosure external and purpose: No.
  • Processing in third countries: No.
  • Deletion of data: With objection/ revocation or discontinuation of

Authorization bases of contact; the retention of data of the interested parties corresponds to the information on the deletion of data in the context of the above-mentioned processing activity "comparison and mediation services".

Optimization and security

In this section, you will find information on the data processing carried out by us for the purpose of optimizing our online offer. The main purpose of this is to improve the user-friendliness and functionality of our online offering.

Page 19 from 27

FACEBOOK PIXEL

We use the Facebook Pixel to target groups and measure the success of the ads we place on Facebook.

  • Processed data: Usage data, metadata; if users are registered with Facebook, the data is linked to their Facebook profiles and related data (in particular inventory data).
  • Type, scope, mode of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling, custom audiences from website.
  • Special safeguards: Encrypted communication between Facebook and our online offering.
  • Opt-Out: https://www.facebook.com/settings?tab=ads, http:// www.youronlinechoices.com/uk/your-ad-choices/ (EU), http://www.aboutads.info/ choices (US).
  • External disclosure: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  • Privacy policy: https://www.facebook.com/policy.php.
  • Third party processing: No
  • Data deletion: The deletion of data is carried out by Facebook and takes place and is done when the customer's data is deleted as part of the termination process.

GOOGLE TAG MANAGER

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/ tagmanager/use-policy.html.

GOOGLE ANALYTICS

We use Google Analytics for the purposes of range measurement and target group formation.

  • Processed data: Usage data, metadata, customer ID with us (Google receives the customer ID only as a pseudonymous date without the associated inventory data, such as name, address or email of the customer).
  • Type, scope, mode of processing: permanent cookies, third-party cookies, tracking, interest-based marketing, profiling, custom audiences, remarketing.
  • Special protective measures: Pseudonymization, IP masking, conclusion of order processing agreement, opt-out.
  • Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de (browser add-on Google Analytics), https://adssettings.google.com/, https://adssettings.google.com/ authenticated (setting for advertisements).
  • External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Page 20 from 27

  • Privacy policy: https://www.google.com/policies/privacy/
  • Processing in third countries: No.
  • Data deletion: 14 months.

GOOGLE ADWORDS

  • We use Google AdWords to measure the success of the ads we place on Google.
  • Data processed: Usage data, metadata, customer ID with us (Google obtains the customer ID only as a pseudonymous date without the associated inventory data, such as name, address or e-mail of the customer).
  • Type, scope, mode of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling.
  • Special protective measures: Pseudonymization, IP masking, conclusion of order processing agreement, opt-out.
  • Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de (browser add-on Google Analytics), https://adssettings.google.com/, https://adssettings.google.com/ authenticated (setting for advertisements).
  • External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Privacy policy: https://www.google.com/policies/privacy/.
  • Third party processing: No.
  • Data deletion: 14 months.

GOOGLE DOUBLE CLICK

We use Google Double Click to measure the success of the ads we place on Google.

  • Processed data: Usage data, metadata, customer ID with us (Google receives the customer ID only as a pseudonymous date without the associated inventory data, such as name, address or email of the customer).
  • Type, scope, mode of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling.
  • Special protective measures: Pseudonymization, IP masking, conclusion of order processing agreement, opt-out.
  • Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de (browser add-on Google Analytics), https://adssettings.google.com/, https://adssettings.google.com/ authenticated (setting for advertisements).
  • External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Privacy policy: https://www.google.com/policies/privacy/.
  • Third party processing: No.
  • Data deletion: 14 months.

GOOGLE MAPS API

We use the map service of the Google Maps platform on this page.

Page 21 from 27

  • Processed data: Usage data, metadata, IP address.
  • Type, scope, mode of processing: permanent cookies, third-party cookies.

Cookies.

  • Opt-out: If you do not wish Google Maps to collect, process or use data about you via our website, you can opt-out.
  • If you do not wish Google Maps to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display.
  • External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • Privacy policy: https://maps.google.com/help/terms_maps.html.
  • Third Party Processing: No.
  • Deletion of data: The data will be deleted in accordance with

Google's policy.

Section IV - Definitions

This section provides an overview of the terms used in this privacy statement. Many of the terms are taken from the law and defined primarily in Article 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for the purpose of comprehension. The terms are sorted alphabetically.

  • A/B tests - A/B tests are used to improve the usability and performance of online services. For example, users are presented with different versions of a website or its elements, such as input forms, on which the placement of content or labels of navigation elements may differ. Then, based on the users' behavior, e.g., staying longer on the website or interacting more frequently with the elements, it can be determined which of these websites or elements are more likely to meet the users' needs.
  • Affiliate Links - "Affiliate Links" are links that the linking websites use to direct users to websites with product or other offers. The operators of the respective linking websites may receive a commission if users follow the affiliate links and subsequently take advantage of the offers. For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. Therefore, the functionality of affiliate links requires that they are augmented by certain values that become part of the link or are otherwise stored, e.g., in a cookie. The values include, in particular, the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as, for example, advertising material ID, partner ID and categorizations.
  • After-sales - "After sales" are marketing procedures in which, for example, customers of an online store are presented with advertising offers from other providers (which are usually based on the services or products purchased in the online store). In other respects, the way after-sales works corresponds to the way affiliate links work.

Page 22 from 27

  • Aggregated data - Aggregated data is data that cannot be traced back to an individual and is therefore not personal. For example, visit times on a website can be stored as average values.
  • Anonymous data - Anonymity exists when an individual is not at least identifiable from a piece of data by the controller using the means at its disposal. In particular, aggregated data may be anonymous.
  • Processing/processor - A "processor" is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
  • Special Categories of Personal Data - This refers to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data, or data concerning a natural person's sex life or sexual orientation.
  • Data subject/s - See "personal data".
  • Click tracking - "Click tracking" allows the movements of users within an entire online site to be monitored.
  • an entire online offering. Since the results of these tests are more accurate if the user's interaction can be tracked over a period of time (e.g., to see if a user likes to return), cookies are usually stored on the users' computers for these testing purposes.
  • Conversion - "Conversion" or "conversion measurement" refers to a procedure for determining the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then retrieved again on the target website (e.g., we can thus track whether the ads we have placed on other websites have been successful).
  • Cookies - Cookies are small files that are stored on users' computers. Within the cookies, different information can be stored. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online site. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. Such a cookie can store, for example, the contents of a shopping cart in an online store or a login status within a community. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status in a community can be stored if users visit it after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes (see, for example, remarketing). A "third-party cookie" is a cookie offered by a provider other than the party responsible for operating the online offering (otherwise, if it is only the party's cookie, it is referred to as a "first-party cookie").
  • Custom Audiences - We speak of "custom audiences" when target groups are determined for advertising purposes, e.g. display of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it is possible to infer that a user is interested in a particular product or topic.

Page 23 from 27

The user may be interested in advertisements for similar products or for the online store in which he viewed the products. Lookalike audiences" (or similar target groups) are when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used for the purpose of creating Custom Audiences and Lookalike Audiences. "Custom Audiences from Website" means that the target groups are formed on the basis of the visitors to one's own website. "Custom Audiences from File" means that, for example, a list of e-mail addresses is uploaded to the respective advertising network or platform in order to form the target gr

  • Demographic data - Demographic data is general information about groups of people or individuals, e.g., characteristics such as age, gender, place of residence, and social characteristics such as occupation, marital status, or income. Demographic data is collected as part of reach measurement and in online marketing for the purposes of interest-based marketing or for business analyses that are used, for example, to determine target groups.
  • Third Party - A "third party" is any natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.
  • Third Country - Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries that are not members of the European Union (EU) or the European Economic Area (EEA).
  • Consent - "Consent" by a data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
  • Embedding - See "Embedding."
  • Embedding - Embedding (also "embedding") is the use of third-party content or software functions (see plugins).
  • software functions (see plugins) into your own online presence in such a way that they are displayed or executed on this online presence. No copy of the content is created, as it is called up from the original server (e.g. videos, images, posts on social networks, widgets with ratings). When embedding, it is technically necessary for the content provider to collect the IP address of the users in order to output the embedded content in the users' browser. Furthermore, the content provider may store e.g. cookies on the users' devices.
  • Enhanced matching - Enhanced matching is an option of the Facebook pixel that means that inventory data such as phone numbers, email addresses, or Facebook IDs of users are transmitted to Facebook in encrypted form for the creation of target groups for Facebook ads and are only used for this purpose.
  • Error tracking - Error tracking is used, for example, to detect incorrectly executed program code in order to eliminate it and thus ensure the functionality and security of online services.
  • First-party cookies - See "Cookies".

Page 24 from 27

  • Heatmaps - "Heatmaps" are mouse movements of the user, which are summarized to an overall picture, with the help of which it can be recognized, for example, which website elements are preferred and which website elements users prefer less.
  • IP address - The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet. When a user accesses a website on a server, he tells the server his IP address. The server then knows to send the data packets containing the website's content to that address.
  • IP masking - IP masking is a method of deleting the last octet, i.e., the last two digits of an IP address, so that the IP address can no longer be used to uniquely identify an individual. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing.
  • Interest-based marketing or interest and behavioral advertising - Interest and/or behavioral advertising is when profiling is used to determine the potential interest of users in advertisements (Online Behavioral Advertising, or OBA for short). Cookies and web beacons are generally used for these purposes.
  • Lookalike Audiences - See Custom Audiences.
  • Opt-in - The term "opt-in" means registration. If a registration
  • (e.g., by entering an e-mail address in an online form field) is confirmed by sending a confirmation e-mail to the owner of the e-mail address, this is called a double opt-in (DOI).
  • Opt-Ou - The term opt-out means as much as unsubscribe and can represent, for example, an objection (e.g., against tracking) or a cancellation (e.g., for newsletter subscriptions).
  • Opt-Out-Cookie - An "Opt-Out-Cookie" is a small file (see "Cookies") that is stored in your browser and notes that you do not want a tracking service to process your data, for example. The "opt-out cookie" is only valid for the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked.
  • Permanent Cookies - See "Cookies".
  • Personally Identifiable Information - "Personally identifiable information" is
  • any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or a combination of these. (e.g., cookie) or to one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Plugins/ Social Plugins - Plugins (or "social plugins" in the case of social functions) are third-party software functions that are integrated into the online offering. They can be used, for example, to output interaction elements (e.g., a "Like" button) or content (e.g., external comment function or contributions to social networks).
  • Profiling - "Profiling" is any form of automated processing of personal data that consists of the processing of personal data by a third party.

Section 25 from 27

Personal data is used to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include information regarding age, gender, location data and movement data, interaction with websites and their content, shopping behavior, social interactions with other people) (e.g., interests in certain content or products, click behavior on a website, or location). Cookies and web beacons are often used for profiling purposes.

  • Pseudonymization - Pseudonymization means that the processing of personal data is carried out in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately or that it is ensured that the personal data cannot be attributed to an identified or identifiable natural person. it is ensured that the personal data cannot be assigned to an identified or identifiable natural person; i.e. if a cookie stores a precise profile of the computer user's interests (a "marketing avatar", as it were), but not the user's name, then his data will be processed pseudonymously. If the user's name is stored, e.g. as part of his e-mail address, or if his IP address is stored, then the processing is no longer pseudonymous.
  • Reach measurement - Reach measurement is used to evaluate the streams of visitors to an online offering and may include their behavior, interests or demographic information, such as age or gender. With the help of reach analysis, website owners can, for example, identify which types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimize the content of the website to the needs of their visitors. Cookies and web beacons are often used for reach analysis purposes.
  • Remarketing/retargeting - "Remarketing" or "retargeting" is when, for example, the products in which a user is interested on a website are noted for advertising purposes, in order to remind the user of these products on other websites, e.g., in advertisements. Cookies are generally used for profiling purposes.
  • Session cookies - See "Cookies."
  • Single sign-on - "Single sign-on" or "single sign-on authentication" is a procedure that allows the is the term used to describe a procedure that allows users to log on to an online service, including other online services, with the help of a user account. The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. In the course of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that cannot be used by us (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected during authentication, and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, this can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on process is neither visible to us nor stored by us. User

Page 26 from 27

are asked to note that their details stored with us may be automatically matched with their user account with the single sign-on provider, but this is not always possible or actually occurs. For example, if users' email addresses change, users must manually change them in their user account with us. If users decide that they no longer wish to use their user account with the single sign-on provider for the single sign-on procedure, they must cancel this connection within their user account with the single sign-on provider. If users wish to delete their data from us, they must cancel their registration with us.

  • Third-party cookies - See "Cookies".
  • Tracking - The term "tracking" is used when the behavior of users can be traced
  • across several online offers, e.g. for remarketing purposes. The behavioral and interest information collected with regard to the online offers used is stored as user profiles in cookies or on servers of the marketing service providers (e.g. Google or Facebook).
  • Controller - A "controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing - "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.
  • Web beacons - "Web beacons" (or "pixels," "measuring pixels," or "counting pixels") are small, pixel-sized graphics that are embedded in web pages or HTML e-mails. They allow you to determine, for example, whether an email has been opened (at least if image display is enabled in emails) or how often a website is accessed by a user.
  • Widgets - See Embedding.
  • Counting pixels - See Web beacons.

Page 27 from 27

Time to scale your business?

Let’s uncover your growth potential & discuss Your Data
Scale Up now
Home
About Us
Services
Success Stories
Phone
+971 54 341 1273
Email
hello@eyl-marketing.de
Imprint
Privacy Policy
Terms of Service
©  ExceedYourLimits 2023. All rights reserved.