Privacy Statement for Business Partners

We, Technodyne International Limited (a wholly owned subsidiary of TGE Gas Engineering GmbH), take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context with your visit to our company website and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Data Protection Act 2018.

I. Who is responsible for the data processing and who is the data protection officer?

Technodyne International Limited
Black Horse House
8-10 Leigh Road
Eastleigh, Hampshire
SO50 9FH
England
Contact: https://www.technodyne.co.uk/contact.html

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, email address or telephone number.

III. Which of my personal data is processed?

Within the scope of the business relationship with you or your employer, we only process the personal data of you that is related to the business relationship. This can be in detail:

• Contact details, including your name, email address and telephone number

• Customer history data

• Experience and knowledge

• Data on possible compliance and export control violations of company executives

• Your personal images in the form of video transmissions inside TGE´s company buildings (the video material will not be stored)

IV. What purposes are pursued with the processing of my personal data and on what legal basis is this done?

In the following, we provide you with an overview of the purposes and legal bases for processing your personal data within the scope of the business relationship with you:

1. Data processing for the purpose of fulfilling the contract within the scope of the business relationship

We process your personal data for the preparation and performance of the business relationship. The purposes depend on the specific contract and include in particular:

• Inclusion in the database management of our customer management system

• Communication with contact persons of our business partners

• Preparation, conclusion and processing of contracts

• Preparation of offers, order confirmations and invoices

Data processing is based on Art. 6(1)(b) GDPR if a business relationship exists or is to be entered into with you personally. If, on the other hand, you are acting on behalf of a third party, in particular your employer, the data processing is based on Art. 6(1)(f) GDPR, provided this is compatible with your fundamental rights and freedoms, see the further explanations under section IV. No. 4.

We delete the data when it is no longer required for the purposes we pursue in preparing and implementing the business relationship and no other legal grounds, in particular statutory or contractual retention periods, apply.

2. Consent

Under certain circumstances, we also process your personal data on the basis of a declaration of consent submitted by you. The purpose pursued with the processing results from the content of the respective declaration of consent. This may apply in the following cases:

• Use of image data in the context of publications on the internet, intranet and when directly addressing customers

The data processing is based on Art. 6(1)(a) GDPR.

You can revoke your consent at any time. However, please note that this revocation only has an effect for the future, namely the lawfulness of the processing of the data already carried out on the basis of your consent up to the time of the revocation is not affected by the revocation.

We delete the data if it is no longer required for the purposes we are pursuing, the storage period specified in the consent has expired or you have revoked the consent and there is no other legal basis. If the last case applies, we will delete your data when this other legal basis no longer applies.

3. Compliance with legal obligations

We may also process your personal data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law. The purposes of the processing result from the respective legal obligation. As a rule, processing is carried out in order to comply with state control and information obligations.

In this respect, the data processing is carried out on the basis of Art. 6(1)(c) GDPR.

We delete the data after the legal obligation no longer applies, unless other legal bases, in particular legal or contractual retention periods, apply. If the last case applies, we will delete your data when this other legal basis no longer applies.

4. Processing for the protection of legitimate interests

Where necessary, we also process your personal data to safeguard our legitimate interests. We will only process your personal data if, after balancing our interests with respect to your fundamental rights and freedoms, we consider that our interests are overridden. This may apply in the following cases:

• Review of business partners with regard to possible compliance and export control violations by functionaries

• Video transmission of the entrance area

• Invitation to events, especially information events

• Information about our products/our company

Our legitimate interests here consist in the pursuit of the aforementioned purposes.

In addition, data processing takes place on this basis if you are acting for a third party, in particular your employer, within the scope of the purposes mentioned under section IV. No. 1 for a third party, in particular your employer. In this case, our legitimate interests lie in handling our business relationship with this third party.

The data processing is carried out on the basis of Art. 6(1)(f) GDPR.

We delete the data when it is no longer required for the purposes we are pursuing and no other legal basis applies. If the last case applies, we will delete your data when this other legal basis no longer applies.

V. Is my personal data also collected from third parties?

In the majority of cases, we collect personal data directly from you. However, in some constellations we also receive your personal data from third parties:

• From our business partners or from your business partners or your employer’s business partners

• From your employer, if applicable

If necessary, we will inform you about this in more detail in a separate form.

VI. Does automated decision-making or profiling take place?

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

VII. Do I have to provide my personal data?

Within the framework of the business relationship, you must provide those personal data that are necessary for the preparation and implementation of the business relationship and the fulfilment of the associated contractual or legal obligations or which we are legally obliged to process. Without this data, we may not be able to carry out the business relationship.

VIII. Who has access to my personal data and which recipients receive it?

Within our company, only those departments and the employees working there who absolutely need such access to fulfil their functions or tasks have access to your personal data.

We will only share your personal data with external recipients if there is a legal justification for doing so or you have consented to it. External recipients can be:

• Processors: Service providers that we use to provide services, for example in the area of human resources or for the maintenance of our IT systems. These processors are carefully selected and regularly checked by us to ensure that your personal data is in good hands. The service providers may only process your personal data for the purposes specified by us.

• Public authorities: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.

• Private bodies: Private bodies to whom we transfer your personal data on the basis of a legal provision, for example lawyers, tax advisors and other companies or bodies contacted for the preparation and implementation of the business relationship.

IX. Is a transfer of my personal data to third countries intended?

If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we will ensure prior to the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g. through an adequacy decision by the European Commission or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained.

You can obtain from us an overview of the recipients in third countries and a copy of the concrete agreed arrangements to ensure the adequate level of data protection. Further information on the EU-U.S. and Swiss-U.S. Privacy Shield can be found at https://www.privacyshield.gov.

X. How long will my personal data be stored?

For the storage period of your personal data, please refer to the respective chapter on data processing under section IV.

XI. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or

for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

XII. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.

Privacy Statement for Applicants

We, Technodyne International Limited (a wholly owned subsidiary of TGE Gas Engineering GmbH), take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context with your visit to our company website and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Data Protection Act 2018.

I. Who is responsible for the data processing and who is the data protection officer?

Technodyne International Limited Black Horse House 8-10 Leigh Road Eastleigh, Hampshire SO50 9FH England Contact: https://www.technodyne.co.uk/contact.html

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number.

III. Which of my personal data are processed?

As part of the application process, we only process the personal data from you that is related to your application and that is necessary to determine your professional and personal skills in relation to the vacant position. These are in detail:

• Contact data, including your name, private address, private telephone number

• Data on your origin, including your nationality and citizenship, place and date of birth

• Data on your marital status

• Data on your qualifications/training

• Data on your references

• Data on any further training measures and additional qualifications

• Certificates

• Experience and Knowledge

If provided by you, the data processing may also include special categories of personal data, such as:

• Religious confession

• Severely disabled status

You determine the scope of the personal data by submitting your data.

This also applies to any other personal data you provide.

We add the following data to your application documents during the application process:

• Notes on the course of the interview

• Publicly accessible job-related information, e.g. profile details in professional social media networks (e.g. Xing)

IV. What are the purposes of the processing of my personal data and what is the legal basis for this?

In the following, we provide you with an overview of the purposes and legal bases for processing your personal data as part of the application process at our company:

1. Data processing for the purposes of the employment relationship

We process your personal data that we receive from you for the purpose of processing your application for a specific job advertisement or as an unsolicited application exclusively for the purpose of deciding on the establishment of an employment relationship.

The legal basis for processing your data is Art. 88 (1) GDPR in conjunction with § 26 Section (1) sentence 1 BDSG, according to which personal data of employees may be processed for purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship.

We process your personal data that constitute special categories of personal data (see section III.) on the basis of Art. 88 para. 1 GDPR in conjunction with. § 26 Section (3) BDSG. We only process this data if it is necessary for the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection law, or if you have given your consent explicitly related to this data and there is no reason to assume that your legitimate interest in the exclusion of processing outweighs this. This is particularly relevant in the following cases:

• Assessment of work ability

• Exercise of work protection and work safety

• Payment of church tax

The employee data we hold was provided by you when you applied for employment.

We delete the data when it is no longer required for the purposes we pursue in preparing, implementing or terminating the employment contract and no other legal grounds, in particular statutory or contractual retention periods, apply.

Insofar as there is an employment relationship between you and us, we may, pursuant to Art. 88 (1) GDPR in conjunction with. § 26 Section (1) BDSG, we may further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement). We will then inform you separately.

2. Consent

We also process your personal data on the basis of your declaration of consent, namely if we are unable to consider your application at present, but if necessary for other positions in our company which, in our estimation, correspond to your training, knowledge and experience on the basis of the personal data you have provided. The purpose results from the content of this consent given in each case.

The data processing is based on Article 6(1)(a) GDPR.

In cases where you have to provide data for this purpose, we expressly point this out. Without the provision, we would not be able to fulfil your request covered by the consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

We delete the data if it is no longer required for the purposes we are pursuing or you have revoked your consent and no other legal basis applies. If the last case applies, we delete the data after the other legal basis no longer applies.

3. Fulfilment of legal obligations

We may also process your employee data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law. The purposes of the processing result from the respective legal obligation. As a rule, processing is carried out in order to comply with state control and information obligations.

The data processing is based on Article 6 (1) (c) GDPR.

We delete the data after the legal obligation no longer applies and insofar as no other legal basis, in particular legal or contractual retention periods, apply.

4. Processing for the purposes of legitimate interests

Where necessary, we also process your personal data to protect our legitimate interests. In doing so, we pursue the purpose of defending ourselves against asserted legal claims from the application process. Our legitimate interest then lies, for example, in the burden of proof in proceedings under the General Equal Treatment Act.

We only process your personal data if this is compatible with your fundamental rights and freedoms. The data processing is based on Article 6 (1) (f) GDPR.

We delete the data when it is no longer necessary for the purposes we pursue and no other legal basis applies.

V. Is my personal data also collected from third parties?

In the majority of cases, we collect personal data directly from you.

In some constellations, however, we also receive your personal data from third parties:

• Applicant data via recruiters/personnel service providers

• Profile details via professional social media networks (e.g. Xing, LinkedIn)

• Data on references in the case of concrete information (e.g. former employer)

This is done in the aforementioned constellations for the purpose of supporting the search for qualified applicants and also to address applicants who are not actively looking for a job and want to be found by potential employers.

We delete the data when the purposes pursued for us are no longer necessary and no other legal basis applies.

VI. Is there any automated decision making or profiling?

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

VII. Do I have to provide my personal data?

You are not obliged to provide us with personal data. However, the provision of personal data is necessary for the conclusion of a contract of employment with us. If you do not provide us with personal data when applying, we will therefore not be able to enter into an employment relationship with you.

VIII. Who has access to my personal data and which recipients receive it?

Within our company, only those departments and employees working there who absolutely need such access to fulfil their functions or tasks have access to your application data. These are generally:

• Employees of the human resources department

• Responsible managers in the case of promising applications

• Colleagues from the department concerned involved in the decision in the case of promising applications

We will only disclose your personal data to external recipients if there is a legal justification for doing so or you have consented to the transfer. External recipients can be:

• Processors: Service providers that we use to provide services, for example in the area of human resources or for the maintenance of our IT systems. These processors are carefully selected and regularly checked by us to ensure that your personal data is in good hands. The service providers may only process your personal data for the purposes specified by us.

• Public authorities: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.

• Private bodies: Private bodies to whom we transfer your personal data on the basis of a legal provision, for example lawyers, tax advisors and other companies or bodies contacted for the preparation and implementation of the business relationship.

IX. Is a transfer of my personal data to third countries intended?

If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we ensure before the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g. by means of an adequacy decision of the European Commission, suitable guarantees such as self-certification of the recipient for the EU-U.S. Privacy Shield or agreement on so-called EU standard contractual clauses). (e.g. through an adequacy decision of the European Commission, through suitable guarantees such as a self-certification of the recipient for the EU-U.S. Privacy Shield or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained.

You can obtain an overview of the recipients in third countries and a copy of the concretely agreed arrangements to ensure the adequate level of data protection from us. Further information on the EU-U.S. and Swiss-U.S. Privacy Shield can be found at https://www.privacyshield.gov.

X. How long will my personal data be stored?

In the event that we do not recruit you, we will store your personal data in the form of your cover letter and CV for further six months after the application process has been completed. The other personal data will be deleted immediately after the application process has been completed.

In the event that we are unable to consider you in the current application process, but would like to include you in our applicant pool for a future position, we will ask you for your corresponding declaration of consent. With your declaration of consent, we would retain your application documents for a period of two years and delete them at the end of this period, unless you revoke the declaration of consent beforehand. In the event of a revocation, we will delete your personal data immediately.

If you are hired by us, we will add your application documents to our personnel file, where they will be stored for the duration of the employment relationship. After termination of the employment relationship, the processing of your application and employee data will be restricted. The data is usually deleted ten years after the end of the employment relationship with us.

XI. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

XII. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.

Privacy Statement for Visitors of TGE

We, Technodyne International Limited (a wholly owned subsidiary of TGE Gas Engineering GmbH), take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context with your visit to our company website and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Data Protection Act 2018.

I. Who is responsible for the data processing and who is the data protection officer?

Technodyne International Limited
Black Horse House
8-10 Leigh Road
Eastleigh, Hampshire
SO50 9FH
England
Contact: https://www.technodyne.co.uk/contact.html

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number.

III. Which of my personal data are processed?

As part of your on-site visit, we only process the personal data from you that is related to that visit. This can be in detail:

• Contact details, including your name, email address and telephone number, as well as any other contact details you provide to us, e.g. as part of handing over a business card

• Information related to the COVID-19 pandemic (symptoms present, contact with infected persons, recent visit to a “hot spot”)

• Your personal images in the form of video transmissions (the video material will not be stored)

• Your usage data processed in connection with a use of the guest WLAN (e.g. IP address, terminal device information)

• Visitor management information (surname, first name, time of arrival and leave)

IV. What are the purposes of processing my personal data and what is the legal basis?

In the following, we provide you with an overview of the purposes and legal basis for the processing of your personal data in the context of your on-site visit:

1. Data processing for the purpose of initiating a contract

We process your personal data for the preparation of a potential business relationship. The purpose includes in particular the following data processing:

• Recording of business card data in our administration system and forwarding to the respective contact person within TGE.

The data processing is based on Art. 6 (1) (b) of the GDPR if a business relationship is to be entered into with you personally. If, on the other hand, you are acting on behalf of a third party, in particular your employer, the data processing is based on Art. 6 (1) (f) GDPR, provided this is compatible with your fundamental rights and freedoms, see the further explanations under No. IV. No. 4.

We delete the data when it is no longer required for the purpose we are pursuing of preparing a potential business relationship and no other legal grounds, in particular statutory or contractual retention periods, apply. If the last applies, we will delete your data when this other legal basis no longer applies.

2. Compliance with legal obligations

We may also process your personal data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law. The purposes of the processing result from the respective legal obligation. As a general rule, processing is carried out in order to comply with state control and information obligations.

In this respect, the data processing is based on Art. 6 (1) (c) GDPR.

We delete the data after the legal obligation ceases to apply, unless other legal bases apply. If the last applies, we will delete your data when this other legal basis no longer applies.

3. Processing for the protection of legitimate interests

Where necessary, we also process your personal data to safeguard our legitimate interests. We only process your personal data if, after weighing our interests in carrying out the processing against your possibly conflicting interests, fundamental rights and freedoms, we consider that our interests prevail. We pursue the following interests, which are also the respective purposes:

• Ensuring safety by monitoring the entrance

• Ensuring the health protection of our employees

• Tracking visitors and visiting hours to investigate potential crimes as well as to comply with organisational measures in connection with ensuring a sufficient level of data protection

• Protection and security of IT resources

In addition, data processing takes place on this basis if you are acting for a third party within the framework of the purposes mentioned under no. IV. No. 1, in particular your employer. In this case, our legitimate interest lies in entering into a potential business relationship with this third party.

The data processing is carried out on the basis of Art. 6 (1) (f) GDPR.

We delete the data when it is no longer required for the purposes we are pursuing and no other legal basis applies. If the last applies, we will delete your data when this other legal basis no longer applies.

4. Processing for reasons of public interest in the field of public health

In order to protect our employees from infection with COVID-19 and to contain the COVID-19 pandemic, we process your health data, such as information on the existence of symptoms.

The data is processed on the basis of Article 9 (2) (i) GDPR in conjunction with Section 22 (1) no. 1 (c) BDSG.

We delete the data when it is no longer required for the purposes we are pursuing and no other legal basis applies. If the last applies, we will delete your data when this other legal basis no longer applies.

V. Is my personal data also collected from third parties?

We mainly process the personal data that we receive directly from you during your on-site visit. In some constellations, we also obtain your personal data from third parties, for example:

• Internet Service Provider

• Information on your contact details provided by persons working for you (e.g. employers)

If necessary, we will inform you about this in more detail in a separate form.

VI. Does automated decision-making or profiling take place?

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

VII. Do I have to provide my personal data?

During the on-site visit, you must provide the personal data required to enter the TGE premises. Specifically, this is the Covid-19 pandemic information and the visitor management information. Without this data, we will not be able to grant you access or allow you to stay as planned. As you are in the video surveillance system’s field of vision when you enter our business premises, the processing of your image material is unavoidable (the image material is not stored).

VIII. Who has access to my personal data and which recipients receive it?

Within our company, only those departments and the employees working there who absolutely need such access to fulfil their functions or tasks have access to your personal data. These are generally employees from:

• Front-Office

• IT-Department

• HR-Department

• Data Protection and Compliance

We will only share your personal data with external recipients if there is a legal justification for doing so or you have consented to it. External recipients can be:

• Processors: Service providers that we use to provide services, for example in the area of human resources or for the maintenance of our IT systems. These processors are carefully selected and regularly checked by us to ensure that your personal data is in good hands. The service providers may only process your personal data for the purposes specified by us.

• Public authorities: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.

• Private bodies: Private bodies to whom we transfer your personal data on the basis of a legal provision, for example lawyers, tax advisors and other companies or bodies contacted for the preparation and implementation of the business relationship.

IX. Is a transfer of my personal data to third countries intended?

Your personal data will not be transferred to third countries.

X. How long will my personal data be stored?

For the storage period of your personal data, please refer to the respective chapter on data processing under section IV.

XI. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

XII. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.