DATA PROTECTION INFORMATION

This data protection notice provides information about the processing of personal data both via the "datin" app and the associated website at https://datin.io in accordance with Article 12 ff. of the GDPR (EU General Data Protection Regulation).

When using the app, as well as when visiting or using the website, personal data is processed. Personal data refers to all information relating to an identified or identifiable natural person.

The following information is intended to inform you about what personal data we process when you use the app or website and how we handle this data. In addition, we inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to safeguard our legitimate interests, also about our legitimate interests.
   
You can access this privacy policy at any time at under the menu item "Privacy" within the app or website .

1. Contact details of the controller and general information on data processing

A.1. Name and contact details of the controller

The controller responsible for the collection and use of personal data within the meaning of data protection law is

datin GmbH
Roonstraße 23a
D-76137 Karlsruhe
Germany

represented by the managing director Dr. Nikolay Takvor Garabedian
Email: info@datin.io

A.2. Contact details of the data protection officer

We are not obliged to appoint a data protection officer and have not voluntarily appointed one. You can contact us at any time regarding data protection using the contact details above.

A.3. General information on the purposes and legal basis for the processing of personal data

Your data is collected in connection with your use of the app or your visit to the website for the purpose of

• to enable us to display the app/website to you,
• to ensure the security of our web server and our information technology systems,
• to advertise our services to you as a customer,
• to offer you our services as a customer,
• to identify you as our customer, if necessary,
• if necessary, to correspond with you,
• if necessary, for invoicing or processing a contract concluded with you.

We also use your data to inform you about other similar services offered by our company.

In general, the following applies to the legal basis for our processing of personal data:

·       Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis for the processing of personal data.

• When processing personal data that is necessary for the performance of a contract with you, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies if the processing is necessary for the implementation of pre-contractual measures, for example in the case of orders, offers, contract negotiations.
• Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) (c) GDPR serves as the legal basis.
• In the event that your vital interests or those of another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
• If the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, this is done on the legal basis of Art. 6 (1) (e) GDPR.
• If processing is necessary to safeguard a legitimate interest of ours or of a third party and your interests, fundamental rights, and freedoms do not outweigh this interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

Depending on the category of data involved, we process personal data for the following purposes and on the basis of the respective legal basis specified in the General Data Protection Regulation (GDPR):

Website user data
We generally collect and process data from users of our website in a non-personal manner. In exceptional cases, we can only assign data to specific individuals if the user contacts us directly—for example, by contacting us via a web form—and discloses their data. The IP address is processed anonymously. If, in exceptional cases, personal data is affected, we process it to protect our legitimate interests on the basis of Art. 6 (1) (f) GDPR. Our legitimate interests in this sense are our interest in the security and integrity of our website and the data on our web server (in particular, fault and error detection, as well as tracking unauthorized access), as well as marketing interests and interests in statistical surveys (to improve our website and our services and offers). After weighing up the interests involved, we have come to the conclusion that data processing is necessary to safeguard the aforementioned legitimate interests and does not outweigh your interests or fundamental rights and freedoms that require the protection of personal data.

App user data/customer data
App users are also our customers who have concluded a user agreement with us for the use of the app. We collect and process the data of our app users to ensure that only paying customers use our app. We process this data for contract processing in accordance with Art. 6 (1) (b) GDPR and – with regard to our customers' employees who are authorized to use the app under the customers' contract – to safeguard our legitimate interests on the basis of Art. 6 (1) (f) GDPR. In addition to ensuring legitimate use, our legitimate interests include our interest in the security and integrity of the app and the data on our web server (in particular, fault and error detection, as well as tracking unauthorized access), as well as our interest in statistical surveys (to improve the app and our services and offerings). After weighing up the interests involved, we have come to the conclusion that data processing is necessary to safeguard the aforementioned legitimate interests and does not outweigh the interests or fundamental rights and freedoms of users who require the protection of their personal data.

A.4. General information on data deletion and storage

We generally delete or block personal data as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which we as the controller are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
   
Specifically, this means:
If we process personal data on the basis of consent to data processing (Art. 6 (1) (a) of the General Data Protection Regulation, or GDPR for short), GDPR), processing ends when you revoke your consent, unless there is another legal basis for processing the data, which is the case if we are still entitled to process your data for the purpose of fulfilling the contract at the time of revocation or if the data processing is necessary to safeguard our legitimate interests (see below).

If, in exceptional cases, we process the data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) within the framework of a prior assessment, we will store it until the legitimate interest no longer exists, the assessment comes to a different conclusion, or you have effectively lodged an objection in accordance with Art. 21 GDPR (see the visually highlighted "Note on special right of objection" under C.).

If we process the data for the purpose of fulfilling a contract, we store the data until the contract has been finally fulfilled and settled and no further claims can be asserted under the contract, i.e. until the statute of limitations has expired. The general limitation period under Section 195 of the German Civil Code (BGB) is three (3) years. However, certain claims, such as claims for damages, only become time-barred after 30 years (see Section 197 BGB). If there is justified reason to assume that this is relevant in individual cases, we will store the personal data for this period. The aforementioned limitation periods begin at the end of the year (i.e., on December 31) in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and the identity of the debtor, or should have become aware of them without gross negligence.

We would like to point out that we are also subject to statutory retention obligations for tax and accounting reasons. These require us to retain certain data, which may include personal data, for a period of six (6) to ten (10) years as evidence for our accounting purposes. These retention periods take precedence over the above-mentioned deletion obligations. The retention periods also begin at the end of the relevant year, i.e., on December 31.

A.5. Sources of personal data

The personal data we process comes primarily from the data subjects themselves, for example when they use our app or website and transmit information such as their IP address or device information to our web server via their end device.

Only in exceptional cases may the personal data we process also originate from third parties, for example when a person acts on behalf of a third party.

1. Processing of personal data via the app

We collect and use users' personal data in connection with the use of our app only to the extent necessary to verify eligibility for use, to provide a functional app, and to provide our content and services. The collection and use of our users' personal data is generally carried out for the purpose of contract processing, for legitimate interests (in particular fraud prevention, ensuring legitimate use, provision of the service) or with the user's consent.

B.1. Data collected automatically when using the app

When you use the app, we automatically collect certain data that is necessary for the use of the app. This data is stored in the server's log files. This includes:

• Date and time of access to the app,
• Date and time of app content downloads (for statistical purposes),
• File(s) retrieved,
• Amount of data retrieved/sent,

• URL (address) of the referring website (referrer),

• User agent string (browser, browser version, operating system, operating system version, and
• the user's IP address (during data transmission / storage only for the respective session / deletion after a maximum of 24 hours).

This data is processed separately from other data. This data is not processed together with other personal data of the user. It is not possible for us to assign this data to a specific person.

Purposes of data processing: The temporary processing of the data by the system is necessary in order to provide you with the service and the associated functions, to improve the functions and performance characteristics of the app, and to prevent and eliminate misuse and malfunctions. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the app. We also use the data to optimize our offering and the app and to ensure the security of our information technology systems. The data is not evaluated for marketing or statistical purposes in this context.

Legal basis for data processing: This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between the customer and us pursuant to Art. 6 (1) (b) GDPR for the use of the app, or (2) we have a legitimate interest in ensuring the functionality and legitimate and error-free operation of the app and in being able to offer legitimate users a service that is in line with the market and their interests. Our assessment has shown that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR do not outweigh this interest.

Duration of storage: The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the app, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after 24 hours at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that we can no longer assign them to the calling end device and thus no longer have any personal reference.

Right to object and removal: The collection of data for the provision of the app and the storage of data in log files is essential for the operation of the app. Consequently, there is no right of objection on the part of the user.

B.2. Hosting of the app by AWS

The app and its components are hosted by Amazon Web Services (AWS) EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg. It has been agreed with AWS that data processing will take place within the EU or the EEA (data center in Frankfurt, Germany), i.e., no data transfers to third countries will take place.

In addition, we have concluded a data processing agreement with AWS in accordance with Art. 28 (3) GDPR.

Purpose of data processing: Hosting is essential to ensure the necessary availability of the app.

Legal basis for data processing: This data processing is justified by the fact that the processing is necessary for the performance of the contract between the customer and us pursuant to Art. 6 (1) (b) GDPR for the use of the app. In addition, we have a legitimate interest in hosting the app on a highly available and secure system in order to offer customers and users the most comprehensive availability possible. Our assessment showed that the rights and interests in the protection of the user's personal data within the meaning of Art. 6 (1) (f) GDPR do not outweigh this.

Duration of storage: The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected, which, with regard to the hosting of the app itself, is only the case when the app as such is no longer offered.

Right to object and right to erasure: Hosting the app is an essential functionality for the operation of the app and cannot be disabled. Consequently, the user has no right to object or request erasure in this case.

B.3. Use of the service provider neo4j.com

We use the services of the service provider Neo4j Germany GmbH, Westendstraße 28, 60325 Frankfurt am Main, Germany, for the processing and storage of personal data generated when the user uses the app. Data processing takes place in Frankfurt, Germany.

We have concluded a data processing agreement with the provider in accordance with Art. 28 (3) GDPR.

Purposes of data processing: The service provider is used to store the data generated by the customer or user themselves in the context of app use. Storage is necessary in order to perform the main functionality of the app, namely knowledge and data management.

Legal basis for data processing: This data processing is justified by the fact that the processing is necessary for the performance of the contract between the customer and us pursuant to Art. 6 (1) (b) GDPR for the use of the app. In addition, we have a legitimate interest in being able to store the data generated by the user themselves in order to enable the main functionality of the app. Our assessment showed that the rights and interests in the protection of the user's personal data within the meaning of Art. 6 (1) (f) GDPR do not outweigh this here.

Duration of storage: The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected, which is the case when the app is no longer used by the specific user (e.g., due to termination of the user agreement with us). Irrespective of this, the user can delete the data themselves at any time during use.

Right to object and right to erasure: With regard to the data stored by the customer or user themselves in the course of using the app, they have the option of removing the data from the host's systems themselves at any time and thereby terminating data processing.

B.4. Processing of the time zone during data entry

The app processes and stores the time zone during the user's data entry, which is taken from the user's browser in order to provide the data entry with a valid timestamp.

Purpose of data processing: The system processes the time zone in order to provide the data entries with a valid timestamp, thereby making it easier for the user to manage and track the data entries.

Legal basis for data processing: This data processing is justified by the fact that the processing is necessary for the performance of the contract between the customer and us pursuant to Art. 6 (1) (b) GDPR for the use of the app. In addition, we have a legitimate interest in being able to offer the app with this useful and helpful function for the user. Our assessment showed that the rights and interests in the protection of the user's personal data within the meaning of Art. 6 (1) (f) GDPR do not outweigh this.

Duration of storage: The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected, i.e., when the user independently removes the respective data entry, which the user can do at any time.

Right to object and right to erasure: The recording of the time zone is a mandatory functionality for the operation of the app and cannot be disabled. Consequently, the user has no right to object or erase this data.

B.5. Use of third-party services WorkOS, Inc.

We use the services of the third-party provider WorkOS, Inc., 548 Market St, PMB 86125, San Francisco, CA 94104, USA, to operate the app.

We require the service provider to handle the login. The service provider stores the user name and password in order to manage the login to the app.

Purpose of data processing: The processing of usernames and passwords is essential in order to check authorization for use of the app through login management and thus verify authorization.

Legal basis for data processing: This data processing is justified by the fact that the processing is necessary for the performance of the contract between the customer and us pursuant to Art. 6 (1) (b) GDPR for the use of the app. In addition, we have a legitimate interest in providing the app with login management in order to allow only authorized use. Our assessment showed that the rights and interests in the protection of the user's personal data within the meaning of Art. 6 (1) (f) GDPR do not outweigh this.

Duration of storage: The login data is deleted as soon as it is no longer necessary for the purpose for which it was collected, i.e., when the user is no longer authorized to use the app.

Right to object and right to erasure: The processing and comparison of login data is a mandatory functionality for the operation of the app and cannot be disabled. Consequently, the user has no right to object or request erasure in this case.

B.6. Use of cookies by us and third-party providers

When you use the app, so-called cookies are used. These are small text files that are stored on your device (PC, smartphone, tablet, etc.). When you open the app, at least one cookie will be stored on your device. This cookie contains a characteristic string of characters that enables the device to be uniquely identified when the app is opened again.

Cookies are used to make the app usable in the first place or to ensure the security and integrity of the app (strictly necessary cookies) or to make the app more user-friendly (non-strictly necessary cookies).

In addition, cookies from third-party providers may be used. These cookies could also enable an analysis of the surfing behavior of users. If this is the case, we will inform you separately in this or specific privacy policy notices directly in the information about the respective third-party tools (such as analysis tools, plugins, etc.). For example, analysis tools (such as Google Analytics) set their own cookies for analysis purposes (see below).

When you access our app, you will be informed about the use of cookies that are not strictly necessary and your consent to the processing of personal data used in this context will be obtained. If no information is provided, no cookies that are not strictly necessary will be used.

Specifically, the service provider WorkOS sets a session cookie to monitor the login status of the respective user. We are able to read this cookie and thus find out the logins, email address, and name of the user. However, we only use this if it is absolutely necessary to obtain this information in individual cases, e.g., if there is concrete suspicion of misuse.

Purpose of data processing: The purpose of using strictly necessary cookies is to enable users to use desired or expressly requested functions of the website. Some functions cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected by strictly necessary cookies is not used to create user profiles.

The use of non-essential cookies is generally for the purpose of improving the quality of our website and its content. Analysis cookies, for example, tell us how the website is used and enable us to continuously optimize our offering.

Legal basis for data processing : The following applies to strictly necessary cookies: The legal basis for storing strictly necessary cookies on your device and accessing them is Section 25 (2) No. 2 TDDDG. The legal basis for further processing of personal data using the information stored in the cookie is Art. 6 (1) (f) GDPR, i.e. a legitimate interest on our part. Our legitimate interest lies in the purposes mentioned above. For cookies that are not strictly necessary, the legal basis for storing cookies that are not strictly necessary on your device and accessing them is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of personal data using cookies that are not strictly necessary is the consent given at the same time in accordance with Art. 6 (1) (a) GDPR.

Duration of storage: Some of the cookies we use are deleted after the end of the app session (so-called session cookies). Other cookies may remain on your device and enable us or third-party providers to recognize your browser the next time you visit (persistent or static cookies). If we have stored the cookies based on your consent, we will terminate further data processing upon your revocation. Otherwise, we store the data collected on the basis of an overriding legitimate interest until the legitimate interest no longer exists, the weighing of interests leads to a different result, or you have effectively objected in accordance with Art. 21 GDPR (see "Note on special right of objection" below). We regularly check whether the legitimate interest still exists.

Right to object and removal option: Cookies are stored on your device and transmitted from there to our app. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time.

B.7. Data and knowledge management / User as controller

The main functionality of the app is to enable users to manage and structure their scientific know-how and related data, thereby simplifying and optimizing workflows and processes. Insofar as the user uploads, stores, links, and thus processes personal data, the user is responsible for this data processing and we act solely as a processor of this data. In this respect, we conclude a data processing agreement in connection with the use of the app, which regulates our role as a processor when using the app.

This also applies to the user's ability to search the following public databases within the app and store information from them in the app:

• https://pubchem.ncbi.nlm.nih.gov/
• https://terminology.tib.eu/ts/ (Germany)

1. Processing of personal data via the website

We collect and use users' personal data in connection with the use of our website only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data is generally only carried out with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and/or the processing of the data is permitted by law.

The host provider hosting the website on its server is Amazon Web Services (AWS) EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, Luxembourg (see B.3. above).

C.1. Provision of the website and creation of log files

Every time the website is accessed, our system automatically collects data and information for technical reasons. This is stored in the server's log files. This includes:

• Date and time of access,
• URL (address) of the referring website (referrer),
• Web pages accessed by the user's system via our website,
• User's screen resolution,
• file(s) accessed and notification of the success of the access,
• Amount of data sent,
• the user's Internet service provider,
• browser, browser type and browser version, browser engine and engine version,
• operating system, operating system version, operating system type, and
• the anonymized IP address and the user's Internet service provider.

This data is processed separately from other data. This data is not processed together with other personal data of the user. It is not possible for us to assign this data to a specific person.

Purposes of data processing
The temporary processing of the data by the system is necessary to enable the content of our website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data helps us to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Legal basis for data processing
The temporary storage of data and log files is based on the legal basis of Art. 6 (1) (f) GDPR. Our overriding legitimate interest in this data processing lies in the aforementioned purposes.

Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Right to object and right to erasure
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object here . However, the user can terminate the use of the website at any time and thus prevent the further collection of the aforementioned data.

1. Data processing relating to the app and website

D.1. Encryption of data transmissions

The app and the website, and thus all data transmissions via them, are encrypted according to the SSL standard (https protocol) with TLS 1.2/1.3.

D.2. Transfer of personal data to a third country

By downloading the app from the providers' stores (Apple for the App Store or Google for the Play Store), personal data may be transferred to the United States of America (USA). The data transfer is not carried out by our app and not on our behalf, but only due to the fact that the providers exclusively operate the online platforms where the apps can be downloaded.

These are the following companies:

• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA ("Google") as the provider of the Play Store for Android devices.
• Apple, Inc. One Apple Park Way, Cupertino, California, USA, 95014 as the provider of the App Store for Apple and iOS devices.

Both companies rely on the European Commission's EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) for data transfers from the EU to the US.

Google LLC is also certified under the EU-U.S. Data Privacy Framework (PDF), meaning that data transfers to the US are also permitted under the European Commission's adequacy decision regarding the US.

 In addition, the following applies:

We do not intend to do so, but cannot completely rule out the possibility that personal data may be processed outside the EEA (European Economic Area). Countries outside the EEA are also referred to as "third countries."

For the US, there is an adequacy decision by the EU pursuant to Art. 45 (1) GDPR, which certifies that the US has an adequate level of data protection, meaning that data transfers to the US are generally permitted. The prerequisite for this is that the third-party providers from the USA have certified themselves under the EU-U.S. Data Privacy Framework (DPF). This is generally the case for the US providers we have selected. This means that data transfers to these third-party providers are permitted without further ado.

All companies that are considering transferring data to a third country and that may transfer personal data to a third country for which there is no EU adequacy decision, or US companies that are not certified under the EU-U.S. Data Privacy Framework (DPF), have provided sufficient guarantees for data transfers within the meaning of the GDPR and the European Court of Justice (ECJ) through a binding agreement on the EU Standard Contractual Clauses (EU SCC) cf. Article 46(2)(c) GDPR) with us and by agreeing to additional data security measures, sufficient guarantees for data transfer within the meaning of the GDPR and the European Court of Justice (ECJ) and are subject to regulations that are fundamentally comparable to the EU level of data protection. Data transfer to these companies is therefore generally permissible (cf. Art. 44 ff. GDPR).

In addition, in the case of order processing with these companies, corresponding order processing agreements have been concluded to secure the data and our rights to issue instructions.

1. Your rights

If your personal data is processed, you are the "data subject" and you have the following rights in relation to us as the controller:

E.1.     Right to information

You have the right to obtain confirmation from us free of charge as to whether we are processing personal data concerning you. If this is the case, you have the right to obtain information about this personal data and further information, which you can find in Art. 15 GDPR. You can contact us by mail or email for this purpose.

E.2.     Right to rectification

You have the right to request that we correct any inaccurate personal data concerning you without delay. You also have the right—taking into account the above-mentioned purposes of processing—to request the completion of incomplete personal data, including by means of a supplementary statement. You can contact us by mail or email for this purpose.

E.3.     Right to erasure

You have the right to request the immediate erasure of personal data concerning you if one of the conditions of Art. 17 GDPR is met. You can contact us by post or email for this purpose.

E.4.     Right to restriction of processing

You have the right to request that we restrict processing if one of the conditions of Art. 18 GDPR applies. You can contact us by mail or email for this purpose.

E.5.     Right to notification

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

E.6.     Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that the requirements of Art. 20 GDPR are met. You can contact us by mail or email for this purpose.

E.7.     Right to object to processing based on legitimate interest and to direct marketing

Insofar as we process personal data on the basis of Art. 6 (1) (f) GDPR (i.e., on the basis of legitimate interests), you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation. If we cannot demonstrate compelling legitimate grounds for further processing that outweigh your interests, rights, and freedoms, or if we process the data in question from you for the purpose of direct marketing, we will no longer process your data (cf. Article 21 GDPR). You can contact us by mail or email for this purpose.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

E.8.     Right of withdrawal of consent

You have the right to withdraw your consent to the collection and use of personal data at any time with effect for the future. You can contact us by mail or email for this purpose. This does not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal.

E.9.     Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Unless the decision is necessary for the conclusion or performance of a contract between you and us, it is authorized by Union or Member State law to which we are subject and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests, or the decision is made with your explicit consent.

We do not engage in such automated decision-making.

E.10.   Voluntary provision of data
If the provision of personal data is required by law or contract, we will generally point this out when collecting the data. In some cases, the data we collect is necessary for the conclusion of a contract, namely if we would otherwise be unable to fulfill our contractual obligations to you or would be unable to fulfill them sufficiently. You are under no obligation to provide personal data. However, failure to provide such data may mean that we are unable to perform or offer a service, action, measure, or similar that you have requested, or that it is not possible to conclude a contract with you.

E.11.   Right to lodge a complaint with a supervisory authority

Without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the member state of your place of residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates data protection law.

Status of our privacy policy: November 11, 2025