Privacy Policy

We, Privatize GmbH (hereinafter: "we" or "us"), appreciate your visit to our website "privatizegroup.com" and its subdomains (hereinafter collectively: "Website") and your interest in our services. We take the protection of your personal data very seriously.

With this data protection information, we would like to inform you about the processing of your personal data. The term "processing" includes the complete process from the collection, storage, processing and / or disclosure to deletion of your data (hereinafter: "process"). Personal data is all information that relates directly or indirectly to you or other persons (such as name, address, email address, etc.).

1. Name and contact details of the person responsible; contact details of the data protection officer

2. Processing of personal data when using our Website

2.1 General

(1) When you visit our Website, we process the data required to display the Website, namely

• IP address of the requesting computer
• Date and time of the request
• Name and URL of the retrieved file
• Operating system information and its access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request comes
• Browser, language and version of the browser software

(2) This data, insofar as it is personal data, is processed by us on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Our interests consist of ensuring a smooth connection of the Website, an evaluation of system security and stability, and an analysis of unauthorized access or attempted access to the systems.

(3) The deletion of the listed data is automated after a period of seven days.

2.2 Registration of a user account

(1) To use the Privatize platform, you must create a user account. You can register via our website.
During registration you will be asked for your name, email address and password (mandatory fields). After registration, you can log in to your account using your access data. In addition, you can voluntarily enter further information (e.g. your field of activity and your company) for future orders within your account (all together: " User Account Data").

(2) The legal basis for the processing of your User Account Data is Art. 6 para. 1 sentence 1 lit. b GDPR. Accordingly, we are permitted to process your data insofar as this is necessary for the performance of a contract with you or for the implementation of pre-contractual measures. The processing of the User Account Data is necessary for the use of the Privatize platform and thus for the performance of the contract with you.

(3) The data collected and stored by you in the context of the creation of a user account will only be processed by us for as long as is necessary to achieve the purpose of the processing. If you terminate your user account, we will delete your User Account Data after six months, unless we are obliged to retain the data due to legal obligations.

2.3 Login to user account via Website

(1) Each time you log in to your user account, we process your IP address, your authentication data (email address and password) and the time of access to your account (collectively: "Login Data").

(2) The legal basis for the processing of Login Data is Art. 6 para. 1 sentence 1 lit. f GDPR. The temporary storage of Login Data by the system is necessary to control access to the protected area of the user account, to ensure the integrity of the booking system and to prevent misuse or other unauthorized use. This is also our legitimate interest in data processing according to Art. 6 para. 1 sentence 1 lit. f GDPR. Login Data is not passed on to third parties, unless the transfer is necessary for the technical implementation of the login process or for the pursuit of legal claims, or if there is a legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR.

(3) The deletion of the Login Data takes place automatically after a period of seven days.

3. Communication with us

(1) Insofar as you communicate with us via our contact form, email or another channel, we process your personal data for the purpose of processing your inquiry, for example

• Contact details, e.g. name, address, email address and
• Content data of the communication, e.g. subject and message.

(2) The legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. b GDPR. Accordingly, we are permitted to process data insofar as the processing is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures. In all other respects, we base data processing on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Our interests lie in enabling you to contact us and in processing your requests.
Please note that data on the internet generally cannot always be transferred securely. Especially in email traffic, the protection of data exchange cannot be guaranteed. We ask you not to transmit sensitive data to us by email.

(3) The data will be deleted after final processing of your request, unless we are legally or contractually obligated to store the data beyond that.

4. Direct marketing (including newsletter mailing)

4.1 Direct marketing without consent

(1) We reserve the right to use your name and address, if we collect them during registration, also to send you information about our products and services by mail. If you create a user account, we also reserve the right to send you information in the future also by email for similar offers or services. Direct marketing measures without consent are used very sparingly by us.

(2) The legal basis for the data processing for the implementation of direct marketing measures is Art. 6 para. 1 sentence 1 lit. f GDPR, in the case of email advertising in conjunction with Section 7 para. 3 UWG. Our legitimate interests lie in the need to carry out direct marketing measures by directly approaching users for our products and services. These interests outweigh your interests, as we limit the direct marketing measures to an appropriate level and you can object to receiving them at any time.

(3) You may object to the processing of your data for direct marketing purposes by letter and by email at any time by sending a message to the contact data specified in section 1. In doing so, you will not incur any costs other than the transmission costs according to the prime rates. If you object to the processing of your data for direct marketing purposes by mail and email, we will no longer carry out the aforementioned direct marketing measures on the basis of legitimate interests.

4.2 Newsletter with consent

(1) You can also register for a newsletter on our Website by entering your email address in order to receive information about our products and services. We use the support of SendGrid to send the newsletter. SendGrid, Inc, 1801 California Street Suite 500, Denver, CO 80202 (hereinafter: "SendGrid"). SendGrid is a service with which, among other things, the sending of newsletters can be organized and analyzed.

(2) For sending the newsletter, we obtain your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. We use the so-called double opt-in procedure for registration: Only when you click on a confirmation link that is sent to the email address you have provided, will this email address be added to our distribution list.

(3) Insofar as we process your email address on the basis of this consent, you have the right to revoke your consent at any time by sending a message to the contact details listed in section 1 or via a link provided for this purpose in an email sent by us, without this affecting the lawfulness of the processing carried out on the basis of your consent until revocation.

Insofar as you revoke your consent, we will not send you any further newsletters. However, we may store the email address and the receipt of the revocation for a period of up to 3 years on the basis of our overriding legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to be able to prove that consent existed from you in the past and to ensure that you do not receive any further newsletters. In this case, the email address is stored exclusively for the defense of any claims.

5. Google Fonts

(1) Our Website uses so-called web fonts for the uniform display of fonts. The provider is Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland (hereinafter: "Google"). The fonts are hosted locally, i.e. on our servers.

(2) Google Fonts are used in the interest of a uniform presentation of our online offer. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information about Google Fonts at developers.google.com/fonts/faq and in Google's privacy policy at www.google.com/policies/privacy/.

6. Google Analytics

(1) If and to the extent that you have given us your consent, we use functions of the web analytics service Google Analytics on our Website. The provider is Google. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the Website. The information generated by the cookie about your use of our Website is usually transmitted to a Google server and stored there.

(2) The storage of Google Analytics cookies is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this Website.

You can also prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout?hl=en. For more information on how Google Analytics handles user data, please see Google's privacy policy: support.google.com/analytics/answer/6004245hl=en.

7. Recipients of personal data; Third country transfer

In some cases, we use external service providers for the processing of personal data within the scope of order processing according to Art. 28 GDPR (e.g. IT service providers). A further transfer of your data to third parties - unless otherwise explained in the paragraphs above - does not take place.

Your data will only be disclosed, e.g. to supervisory authorities and law enforcement agencies, within the scope of the statutory provisions if it is necessary for the prevention and detection of fraud and other criminal acts or to ensure the security of our data processing systems. Legal bases for this are, depending on the individual case, Art. 6 para. 1 sentence 1 lit. c (fulfillment of legal obligations) or lit. f GDPR (safeguarding legitimate interests).

If personal data is processed in an (non-EU) third country, a comparable level of data protection is ensured with the help of appropriate guarantees in accordance with Art. 44 et seq. of the GDPR. In all other respects, the following applies: When transferring data outside the EU and the European Economic Area to a country which, according to the assessment of the European Commission, has a current adequacy decision, we generally rely on such an adequacy decision (cf. Art. 45 GDPR). For a possible data transfer to other countries, we generally rely on standard data protection clauses (cf. Art. 46 para. 2 lit. c GDPR).

8. Your rights

(1) You have the following rights against us regarding the personal data concerning you:

• Right to information: You can request information about whether we process personal data about you. If this is the case, you have a right to information about this personal data as well as other information related to the processing (cf. Art. 15 GDPR).
• Right to rectification: In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (cf. Art. 16 GDPR).
• Right to erasure or restriction: If the legal requirements are met, you may request the erasure of your personal data (cf. Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR), for example if the processing of this personal data is no longer necessary for the purposes for which we collected it.
• Right to data portability: Under certain conditions, you have the right to receive the personal data concerning you that you have provided to us in a specific format or to transfer this data to another controller (cf. Art. 20 GDPR).

To exercise your aforementioned rights, certain legal requirements must be met. If you have any questions, please do not hesitate to contact us using the contact details given in section 1 above.

(2) RIGHT TO OBJECT (ART. 21 GDPR).

In addition, you have the right to object at any time to the processing of your personal data by us as follows

• i. in the case of direct marketing, at any time; and
• ii. incidentally, for reasons arising from your particular situation, if we process your personal data to protect our legitimate interests on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 para. 1 and 2 GDPR).

We will cease processing your personal data for direct advertising in any case in the event of an objection, and as a rule in the event of data processing for other reasons, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

(3) You may lodge a complaint against the processing of your personal data by us with a data protection authority, in particular in the EU member state in which your habitual residence or place of work is located or where an alleged infringement of applicable data protection laws has occurred (cf. Art. 77 GDPR).

(4) We do not carry out automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR.

9. Adjustments to this privacy policy

We will revise this privacy policy from time to time in order to adapt it to the state of the art or to changes in the legal framework. We therefore recommend that you regularly inform yourself about changes on this page.

Status: June 2023