Privacy policy.

1. Introduction

The following information is intended to provide you, as a 'data subject', with an overview of how your personal data is processed by us and your rights under data protection legislation. In general, you can use our websites without providing any personal data. However, if you wish to make use of specific services offered by our company via our website, the processing of personal data may become necessary. If such processing is required and there is no legal basis for it, we will generally obtain your consent.

The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to FTAPI Software GmbH. This privacy notice is intended to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller responsible for processing, we have implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, e.g. by telephone or post.

You too can take simple and easy steps to protect your data from unauthorised access by third parties. We would therefore like to give you a few tips on how to handle your data securely:

• Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

• Only you should have access to your passwords.

• Ensure that you use your passwords for one account only (login, user or customer account).

• Do not use the same password for different websites, applications or online services.

• When using publicly accessible or shared IT systems in particular: always log out of any website, application or online service after logging in.

• Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should include a mix of upper and lower-case letters, numbers and special characters.

2. Controller

The controller within the meaning of the GDPR is:

FTAPI Software GmbH

Steinerstr. 15f, 81369 Munich, Germany

Telephone: +49 (0)89 230 6954 0

Email: info@ftapi.com

Representatives of the controller: Daniel Niesler, Ari Albertini

3. Data protection officer

You can contact our data protection officer at:

Carsten Knoop

Telephone: 05221 87292-01

Fax: 05221 87292-49

Email: datenschutz-ftapi@audatis.de

You may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

This privacy notice is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our aim is to make this privacy notice easy to read and understand for the general public, as well as our customers and business partners. To achieve this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this privacy notice:

4.1. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

4.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

4.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

4.6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

4.7. Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4.8. Recipient

A recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

4.9. Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4.10. Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

5. Legal basis for processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG, formerly TTDSG) serves as our legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or third party. In that case, the processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. In this respect, it considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).

Our services are generally intended for adults. Persons under the age of 16 may not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect it and do not pass it on to third parties.

6. Disclosure of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

• You have given your explicit consent pursuant to Article 6(1)(a) GDPR;

• The disclosure is permissible under Article 6(1)(f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;

• There is a legal obligation for the disclosure pursuant to Article 6(1)(c) GDPR; or

• It is legally permissible and necessary for the performance of a contract with you pursuant to Article 6(1)(b) GDPR.

In order to protect your data and to enable data transfers to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's standard contractual clauses. If these standard contractual clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) GDPR may serve as a legal basis for data transfers to third countries. This does not apply if the European Commission has issued an adequacy decision under Article 45 GDPR for the respective third country.

7. Technology

7.1 SSL/TLS encryption

To ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from 'http://' to 'https://' and by the lock symbol in your browser line.

We use this technology to protect the data you transmit.

7.2 Data collection when visiting the website

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information or do not give consent for processing requiring consent, we only collect the data that your browser transmits to our server (in so-called server log files). Our website collects a series of general data and information each time you or an automated system accesses a page. This general data and information are stored in the server’s log files. Collected may be:

• The browser types and versions used,

• The operating system used by the accessing system,

• The website from which an accessing system reaches our website (so-called referrer),

• The sub-pages accessed via an accessing system on our website,

• The date and time of access to the website,

• A truncated Internet protocol address (anonymised IP address), and

• The Internet service provider of the accessing system.

We do not draw conclusions about your identity from the use of this general data and information. Rather, this information is required to:

• Deliver the content of our website correctly,

• Optimise the content of our website as well as its advertising,

• Ensure the long-term viability of our IT systems and website technology, and

• Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyberattack.

Therefore, this data and information are analysed statistically and also evaluated with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed above.

7.3 Encrypted payment transactions

If there is an obligation to transmit your payment data to us after the conclusion of a fee-based contract, this data is required for payment processing.

Payment transactions using the common means of payment (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from 'http://' to 'https://' and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

7.4 Cloudflare (Content Delivery Network)

Our website uses functions of Cloudflare. The provider is Cloudflare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA.

Cloudflare offers a globally distributed Content Delivery Network with DNS. Technically, the transfer of information between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyse the traffic between user and our websites to detect and ward off attacks. Additionally, Cloudflare may store cookies on your computer for optimisation and analysis purposes.

You can configure your browser to notify you when cookies are set, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to enable the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.

We have concluded a data processing agreement with Cloudflare based on the GDPR and EU standard contractual clauses. Cloudflare collects statistical data about visits to this website. The access data includes: the name of the accessed website, file, date and time of retrieval, volume of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), IP address and the requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security, and optimisation of the offering.

If you have consented to the use of Cloudflare, the legal basis for processing is Article 6(1)(a) GDPR. Furthermore, we have a legitimate interest in using Cloudflare to make our online offering more secure and efficient. The corresponding legal basis is Article 6(1)(f) GDPR. The personal data is stored as long as it is required to fulfil the processing purpose and is then deleted.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision under Article 45 GDPR exists, allowing personal data to be transferred without additional guarantees.

More information can be found at: https://www.cloudflare.com/privacypolicy/

7.5 Hosting by Hetzner

We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).

When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Hetzner’s servers.

The use of Hetzner is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the reliable presentation, provision, and security of our website.

We have concluded a data processing agreement pursuant to Article 28 GDPR with Hetzner. This is a contract required by data protection law, which ensures that Hetzner only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Further information on Hetzner’s privacy policy can be found at: https://www.hetzner.com/de/rechtliches/datenschutz

8. Cookies

8.1 General information about cookies

Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar device) when you visit our website.

The cookie stores information that arises in connection with the specific device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a defined period. If you return to our site to use our services, it is automatically recognised that you have already visited us and which entries and settings you made so that you do not have to re-enter them.

We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you return. The cookies set in this way are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

8.2 Legal basis for the use of cookies

The data processed by cookies, which are required for the proper functioning of the website, are necessary for the purposes of our legitimate interests and those of third parties in accordance with Article 6 (1) lit. f) GDPR.

For all other cookies, you will have given your consent via our opt-in cookie banner in accordance with Article 6 (1) lit. a) GDPR.

8.3 Borlabs Cookie (consent management tool)

We use the WordPress plugin “Borlabs Cookie” by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Borlabs Cookie collects data generated by end users using our website with the help of cookies. When an end user gives consent, the following data, among others, are automatically recorded:

• Cookie duration

• Cookie version

• Domain and path of the WordPress site

• Selection made in the cookie banner

• UID (a randomly generated ID)

The consent status is also stored in the end user's browser so that the website can automatically read and comply with the user’s consent for all subsequent page requests and future sessions for up to 12 months. The consent data (consent and withdrawal of consent) are stored for three years. The storage duration corresponds to the regular limitation period pursuant to § 195 BGB. The data are then deleted immediately.

The functionality of the website cannot be guaranteed without the processing described above. The user has no right to object as long as there is a legal obligation to obtain the user’s consent for certain data processing operations, pursuant to Article 7 (1), 6 (1) sentence 1 lit. c) GDPR.

The data collected are not passed on to Borlabs GmbH, nor does the company have access to them.

Further information can be found at: https://de.borlabs.io/borlabs-cookie

9. Content on our website

9.1 Contacting us / contact form

When you contact us (e.g. via contact form or email), personal data are collected. The specific data collected via a contact form can be seen directly in the respective form. These data are stored and used solely for the purpose of responding to your enquiry and the associated technical administration.

The legal basis for data processing is our legitimate interest in responding to your request in accordance with Article 6 (1) lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6 (1) lit. b) GDPR.

Your data will be deleted once your enquiry has been conclusively dealt with, provided that there are no statutory retention obligations. This is the case when the circumstances indicate that the matter has been fully clarified.

9.2 Application management / job board

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically, particularly if an applicant submits relevant application documents to us electronically, for example by email or via a web form on the website.

If we conclude an employment or service contract with an applicant, the submitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. If no contract is concluded, the application documents will be automatically deleted two months after the rejection decision is communicated, provided that there are no other legitimate interests on our part opposing the deletion.

A legitimate interest in this sense could be, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Article 6 (1) lit. b), Article 88 GDPR in conjunction with § 26 (1) of the German Federal Data Protection Act (BDSG).

10. Newsletter distribution

10.1 Newsletter for existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via email. According to § 7 (3) of the German Act Against Unfair Competition (UWG), we do not need to obtain separate consent from you for this.

Data processing is based solely on our legitimate interest in personalised direct advertising in accordance with Article 6 (1) lit. f) GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent.

You have the right to object to the use of your email address for advertising purposes at any time with effect for the future by notifying the controller mentioned at the beginning. You will only incur transmission costs according to the basic rates. After receiving your objection, the use of your email address for advertising purposes will cease immediately.

10.2 Promotional newsletter

On our website, you have the opportunity to subscribe to our company’s newsletter. The personal data that are transmitted to us when subscribing to the newsletter are determined by the input form used for this purpose.

We regularly inform our customers and business partners about our offers via newsletter. You can only receive the company’s newsletter if:

You have a valid email address, and

You have registered for the newsletter.

For legal reasons, a confirmation email using the double opt-in procedure is sent to the email address you initially provided for newsletter registration. This confirmation email serves to verify whether the owner of the email address has authorised the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by your internet service provider (ISP) at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace any (potential) misuse of your email address at a later time and therefore serves our legal protection.

The personal data collected during newsletter registration are used exclusively for sending our newsletter. Newsletter subscribers may also be informed by email if necessary for the operation of the newsletter service or for registration purposes, for instance in the event of changes to the newsletter offer or technical circumstances.

No personal data collected as part of the newsletter service are passed on to third parties. The subscription to our newsletter can be cancelled at any time. You may revoke your consent to the storage of personal data given to us for the newsletter at any time. A corresponding link for this purpose is included in every newsletter. You may also unsubscribe directly via our website or notify us in another way.

The legal basis for data processing for the purpose of newsletter distribution is Article 6 (1) lit. a) GDPR.

10.3 Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format, enabling log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns.

Using the embedded tracking pixel, the company can determine whether and when you opened an email and which links within the email you clicked.

The personal data collected via tracking pixels in newsletters are stored and evaluated by us to optimise newsletter distribution and better tailor the content of future newsletters to your interests. These personal data are not passed on to third parties.

You may revoke your specific, double opt-in consent at any time. Upon revocation, we will delete the relevant personal data. Cancelling the newsletter subscription is automatically interpreted as revocation.

This analysis is carried out in accordance with Article 6 (1) lit. f) GDPR based on our legitimate interests in personalised advertising, market research and/or a demand-oriented design of our website.

10.4 Mailchimp

Our email newsletters are sent via the technical service provider Intuit Inc., The Rocket Science Group, LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to whom we transmit the data you provided when registering for the newsletter. This transfer is carried out as part of a data processing agreement with Mailchimp.

Please note that your data are usually transferred to a Mailchimp server in the USA and stored there.

Mailchimp uses this information on our behalf to send and statistically analyse the newsletters. For this purpose, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This allows us to determine whether a newsletter has been opened and which links have been clicked, if any. Technical information is also collected (e.g. time of retrieval, IP address, browser type, and operating system). These data are used solely for the statistical evaluation of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the recipients' interests.

The use of the service provider is based on our legitimate interest in accordance with Article 6 (1) lit. f) GDPR and on a data processing agreement pursuant to Article 28 GDPR.

The legal basis for processing your personal data in connection with the newsletter is your consent under the double opt-in procedure pursuant to Article 6 (1) lit. a) GDPR. This consent can be revoked at any time.

Additionally, Mailchimp may use the data in accordance with Article 6 (1) lit. f) GDPR based on its own legitimate interest in optimising and tailoring its services, as well as for market research, such as determining from which countries recipients come. Mailchimp does not use the data of our newsletter recipients to contact them directly or pass them on to third parties.

If you wish to object to data processing by Mailchimp, you must unsubscribe from the newsletter.

This US company is certified under the EU-U.S. Data Privacy Framework. Thus, an adequacy decision pursuant to Article 45 GDPR exists, which permits the transfer of personal data without additional guarantees or measures.

You can view Mailchimp’s privacy policy here:

https://mailchimp.com/legal/privacy/

11. Our activities on social networks

In order to communicate with you on social media and inform you about our services, we maintain active profiles on various platforms. When you visit one of our social media pages, we are jointly responsible with the respective platform provider, within the meaning of Article 26 GDPR, for the data processing triggered during this visit.

We are not the original provider of these platforms, but merely use them within the framework of the opportunities provided by the respective providers.

We therefore point out that your data may be processed outside the European Union or the European Economic Area. This could pose data protection risks for you, such as difficulties in exercising your rights (e.g. access, erasure, objection). Additionally, social media providers often use the data for advertising or user behaviour analysis without our ability to influence this. If user profiles are created by the platform provider, cookies are often used or the usage behaviour is linked to your own member profile.

These data processing operations are carried out on the basis of our legitimate interest and that of the respective platform provider pursuant to Article 6 (1) lit. f) GDPR in communicating with you and providing information about our services. If you are required to give consent to the providers for data processing, the legal basis is Article 6 (1) lit. a) GDPR in conjunction with Article 7 GDPR.

Since we have no access to the providers' data records, we recommend exercising your rights (e.g. access, rectification, deletion) directly with the respective provider.

You can find more information about the data processing on the following platforms:

11.1 Facebook

Joint controller in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy: https://www.facebook.com/about/privacy

11.2 LinkedIn

Joint controller in Europe:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

11.3 X (Twitter)

Joint controller in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy Policy: https://twitter.com/privacy

Access your data: https://twitter.com/settings/your_twitter_data

11.4 XING (New Work SE)

Joint controller in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

Data access for XING members: https://www.xing.com/settings/privacy/data/disclosure

11.5 YouTube

Joint controller in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy Policy: https://policies.google.com/privacy

12. Web analytics

12.1 Meta Pixel (formerly Facebook Pixel)

This website uses the “Facebook Pixel” provided by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Meta”). If explicit consent is granted, user behaviour can be tracked after a user has viewed or clicked on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimise future advertising efforts.

When visiting the website, the following data may be processed by the Meta Pixel:

• IP address

• Device information

• Browser history

• Interactions on our website (e.g. page views, clicks, conversions)

These data are stored and processed by Meta, which may link them to your Facebook profile and use them for its own advertising purposes in accordance with Meta’s data usage policy: https://www.facebook.com/about/privacy/. This allows Meta and its partners to display ads on and off Facebook. A cookie may also be stored on your device for these purposes.

The collected data are stored by Meta for 180 days and then deleted, unless you visit the website again within that period.

These processing activities only take place with your explicit consent in accordance with Article 6 (1) lit. a) GDPR.

This US company is certified under the EU-U.S. Data Privacy Framework. Therefore, an adequacy decision under Article 45 GDPR exists, allowing the transfer of personal data without further guarantees or measures.

12.2 LinkedIn Analytics

Our website uses LinkedIn’s retargeting tool and conversion tracking, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

For this purpose, the LinkedIn Insight Tag is integrated into our website. This tag enables LinkedIn to collect statistical data about your visit and usage of our website and to provide us with aggregated reports. Additionally, it allows for the display of interest-specific and relevant offers and recommendations after you have viewed certain services, information, or offers on our website. The related information is stored in a cookie.

The following data are generally collected and processed:

• IP address

• Device information

• Browser information

• Referrer URL

• Timestamp

These processing operations are carried out exclusively with your explicit consent in accordance with Article 6 (1) lit. a) GDPR. Your data are stored until you withdraw your consent.

During processing via LinkedIn, data may be transferred to the USA and Singapore. This US company is certified under the EU-U.S. Data Privacy Framework. An adequacy decision under Article 45 GDPR therefore exists. Additional safeguards are implemented through the use of Standard Contractual Clauses (SCCs), which ensure a level of data protection equivalent to the GDPR. If these safeguards are deemed insufficient, consent pursuant to Article 49 (1) lit. a) GDPR is obtained from you.

Further information on LinkedIn’s privacy policy can be found at:

https://de.linkedin.com/legal/privacy-policy

12.3 Pardot

Our website uses the Pardot Marketing Automation System (Pardot MAS), a software solution supported by Salesforce and provided by Pardot LLC, 950 E Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA. It is used to track and evaluate visitor movements on our website. The processing of personal data by Pardot MAS takes place exclusively on our behalf and according to our instructions.

Pardot MAS uses cookies—text files stored on the user’s device—to enable analysis of website usage. You can configure your browser to inform you when cookies are being set and to only allow cookies on a case-by-case basis, exclude the acceptance of cookies in certain cases or in general, and enable automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.

When you visit our website, Pardot MAS tracks your click path and creates an individual usage profile using a pseudonym. Cookies are used for this purpose, enabling your browser to be recognised.

These processing activities are carried out solely with your explicit consent in accordance with Article 6 (1) lit. a) GDPR.

Further information on Pardot can be found at:

https://www.salesforce.com/de/company/privacy/

13. Advertising

13.1 Google Ads (AdWords) remarketing/retargeting

We use Google Ads on this website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This allows us to advertise this website in Google search results and on third-party websites. For this purpose, Google sets a cookie in your browser, which enables interest-based advertising based on the pages you visit, using a pseudonymous cookie ID.

Any further data processing will only take place if you have consented to Google linking your web and app browser history with your Google Account and using data from your Google Account to personalise the ads you see online. If you are logged into your Google Account while visiting our website, Google uses your data together with Google Analytics data to create and define target groups for cross-device remarketing. In this case, Google temporarily links your personal data with Google Analytics data to form target audiences.

These processing activities only occur with your explicit consent under Article 6 (1) lit. a) GDPR.

Google LLC, the parent company, is certified under the EU-U.S. Data Privacy Framework. This constitutes an adequacy decision in accordance with Article 45 GDPR, allowing data transfers without additional safeguards.

You can view Google Ads’ data protection policies and additional information at:

https://www.google.com/policies/technologies/ads/

13.2 Google Ads with conversion tracking

We use Google Ads with conversion tracking on this website, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads is an online advertising service that allows advertisers to place ads in Google's search engine results and the Google Display Network. Advertisers can define specific keywords so that ads are only displayed when a user searches using relevant terms. Ads are distributed across relevant websites via an automated algorithm.

The purpose is to promote our website by displaying interest-based advertising on third-party sites and within Google's search results, as well as to display external advertisements on our site.

If you reach our website via a Google ad, a conversion cookie is stored on your device. This cookie expires after thirty days and does not identify you personally. It enables us and Google to track whether certain pages (e.g. shopping cart) have been visited, and whether purchases were completed.

The data and information collected via the conversion cookie are used by Google to create visitor statistics for our website. These statistics help us determine the number of users referred via Ads and assess the effectiveness of each ad. We do not receive any information that personally identifies users.

The cookie may store pages visited and transmit data, including your IP address, to Google servers in the USA. Google may pass this data on to third parties.

This processing only occurs with your explicit consent in accordance with Article 6 (1) lit. a) GDPR.

Google LLC is certified under the EU-U.S. Data Privacy Framework, meaning data transfers may take place without additional guarantees.

You can find Google’s privacy policy at:

https://www.google.de/intl/de/policies/privacy/

13.3 Google Ads with enhanced conversions

This website uses Google Ads with enhanced conversions, provided by Google Ireland Limited.

Google Ads is an online advertising service for placing ads in Google search results and across the Google Display Network. The aim is to promote our website through targeted advertising on third-party sites and search engine listings, as well as through third-party ads on our own website.

If you access our website via a Google ad, a conversion cookie will be stored on your device. This cookie expires after thirty days and is not used for personal identification. It tracks whether users complete certain actions such as visiting a purchase confirmation page.

We also use Google Ads’ enhanced conversions feature. This involves transmitting personal data we collect (e.g. phone numbers, email addresses) to Google. These are matched with Google Ads events to improve conversion tracking.

Each time our website is visited, personal data including your IP address is transmitted to Google in the USA. Google may pass this data on to third parties.

These processing operations only occur with your explicit consent in accordance with Article 6 (1) lit. a) GDPR.

Google LLC is certified under the EU-U.S. Data Privacy Framework. This provides a valid legal basis for data transfers without further measures.

You can find Google's privacy policies and additional information at:

https://www.google.de/intl/de/policies/privacy/

https://support.google.com/adspolicy/answer/9755941?hl=de&ref_topic=7012636

13.4 Google Ads – Additional information on Consent Mode, basic implementation

Under the Digital Markets Act, Google is required to obtain user consent before processing user data for personalised advertising. Google complies with this requirement via its “Consent Mode”. Website operators are responsible for implementing this functionality to prove that user consent has been properly collected.

Google offers two implementation options: basic and advanced.

We use the basic implementation method of Google Consent Mode. A connection to Google is only established and Google code executed if you have given your consent to the use of Google Ads (see above). If consent is not given, Google only receives information that no consent has been provided. The Google code is not executed, and no Google Ads cookies are set.

13.5 Google Ads – Additional information on Consent Mode, advanced implementation

As part of the Digital Markets Act, Google must obtain user consent before processing data for personalised advertising. This is implemented via “Consent Mode”, which must be properly configured on the website to ensure that user consent is obtained and documented.

We use the advanced implementation method of Google Consent Mode. If you consent to the processing of data in connection with the use of Google Ads (as outlined above), a connection to Google is established, Google Analytics cookies are set, and the relevant processing operations are carried out.

If you do not give consent, no Google Ads cookies are set. However, a unique “ping ID” is generated and transmitted to Google. The Google code is executed, but only limited user data are transmitted to Google, including:

• IP address

• Browser details

• Visited URL

• No personalised user ID is assigned.

If you have consented to the use of Google Ads with Consent Mode in advanced implementation, the legal basis for processing is Article 6 (1) lit. a) GDPR. In addition, the use of Google Analytics 4 with advanced Consent Mode is also based on our legitimate interest under Article 6 (1) lit. f) GDPR in obtaining conversion data without building user profiles, thereby improving efficiency.

13.6 LinkedIn Ads

This website uses LinkedIn Ads, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

This service allows us to advertise our company within the LinkedIn social network. For this purpose, LinkedIn places a cookie in your browser that enables interest-based advertising based on your browsing behaviour.

This processing is carried out exclusively with your explicit consent in accordance with Article 6 (1) lit. a) GDPR. Your data are deleted once they are no longer necessary for the purposes for which they were collected or if you withdraw your consent.

In the course of processing via LinkedIn, data may be transferred to the USA and Singapore. LinkedIn is certified under the EU-U.S. Data Privacy Framework. Therefore, an adequacy decision under Article 45 GDPR exists. In addition, standard contractual clauses (SCCs) are used as additional safeguards to ensure GDPR-level data protection. Where SCCs are not sufficient to guarantee adequate protection, we will obtain your consent in accordance with Article 49 (1) lit. a) GDPR.

More information on LinkedIn’s privacy policy is available at:

https://de.linkedin.com/legal/privacy-policy

14. Partner and affiliate programmes

14.1 DoubleClick

This website uses components of DoubleClick by Google, a brand of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. DoubleClick offers specific online marketing solutions for advertising agencies and publishers.

DoubleClick transmits data with each impression, click, or other activity to the DoubleClick server. Each of these transmissions triggers a cookie request to your browser. If your browser accepts this request, DoubleClick places a cookie on your IT system. The purpose of the cookie is to optimise the display of advertising. It is used, for example, to display user-relevant ads, generate reports on ad campaigns, or improve them. It also helps to prevent repeated display of the same advertisement.

DoubleClick uses a cookie ID necessary for technical processing. For example, the cookie ID is required to display an ad in a browser. It also helps DoubleClick identify which ads have already been shown in a browser, to avoid duplicates. Moreover, DoubleClick can record conversions using the cookie ID.

A DoubleClick cookie does not contain any personal data. However, it may include additional campaign identifiers. These identifiers serve to determine which campaigns you have previously interacted with.

Each time a page of this website containing a DoubleClick component is accessed, your browser is prompted to transmit data to Google for online advertising and commission billing purposes. Through this technical process, Google becomes aware of data that can also be used to prepare commission statements. Google can, for example, track which links on our website you clicked.

These processing operations only occur with your explicit consent in accordance with Article 6 (1) lit. a) GDPR.

Google LLC, the parent company in the United States, is certified under the EU-U.S. Data Privacy Framework. As such, a valid adequacy decision under Article 45 GDPR exists, allowing data transfers without further guarantees or additional measures.

You can view DoubleClick by Google's privacy policy at:

https://www.google.com/intl/de/policies/

15. Plugins and other services

15.1 Getty Images

This website integrates components from Getty Images. The service provider is Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines, Dublin 18, Ireland. Getty Images International is part of the Getty Images group headquartered at 605 5th Avenue South, Suite 400, Seattle, Washington 98104, USA.

Getty Images is a US-based image agency that provides photographs and other media content. Various clients—including website operators, editorial teams from print and broadcast media, and advertising agencies—license content from Getty Images.

Getty Images allows for the (potentially free) embedding of images. Embedding refers to the integration of specific external content (e.g. text, video, or image files) from another website into one’s own website. This is done using an embedding code. Once this code is implemented, the external content from Getty Images is displayed as soon as the website is accessed.

Further information on embedding can be found at:

https://www.gettyimages.de/resources/embed

When the embedding code is used, your IP address is transmitted to Getty Images. Additionally, Getty Images may collect the URL of the accessed page, browser type, browser language, date and time of access, and which subpages you visited or links you clicked. These interactions can be stored and analysed by Getty Images.

This data processing takes place only with your explicit consent in accordance with Article 6 (1) lit. a) GDPR.

Getty Images is certified under the EU-U.S. Data Privacy Framework, and therefore a valid adequacy decision exists under Article 45 GDPR, which allows data transfers without additional guarantees.

You can view Getty Images’ privacy policy here:

https://www.gettyimages.de/enterprise/privacy-policy

15.2 Google Maps

We use Google Maps (API) on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, part of the Google group headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Maps is a web service used to display interactive maps for visual presentation of geographical information. For example, it can display our physical location and help you plan your journey.

When you access a page on which a Google Maps map is embedded, your IP address and information about your use of the service are transmitted to Google servers in the USA and stored—provided you have given consent under Article 6 (1) lit. a) GDPR. Google Maps also loads Google Web Fonts, Photos, and Google Stats, which may involve further data transmission.

If you're logged in to your Google account, your data may be associated with your personal profile. If you do not want this association, you must log out before using the map. Even without logging in, Google stores data as usage profiles and evaluates them.

If you do not consent to the future transmission of your data to Google, you can deactivate JavaScript in your browser. However, this will disable Google Maps functionality on the website.

Google LLC is certified under the EU-U.S. Data Privacy Framework, so data transfers are covered by an adequacy decision under Article 45 GDPR.

Terms of use:

https://www.google.de/intl/de/policies/terms/regional.html

Additional terms for Google Maps:

https://www.google.com/intl/de_US/help/terms_maps.html

Privacy policy:

https://www.google.de/intl/de/policies/privacy/

15.3 Google Tag Manager

We use Google Tag Manager on this website, provided by Google Ireland Limited.

Google Tag Manager allows us to manage website tags (i.e. code snippets embedded in HTML elements) via a user interface. This enables us to track, for instance, which buttons or links were clicked and what content was found most engaging.

The tool may trigger other tags, which in turn may collect data. However, Google Tag Manager itself does not access this data. If you have opted out of tracking at the domain or cookie level, it will apply to all tracking tags implemented via Google Tag Manager.

These processes only take place with your explicit consent under Article 6 (1) lit. a) GDPR.

Google LLC is certified under the EU-U.S. Data Privacy Framework, meaning no additional safeguards are required for data transfers.

Further information:

https://www.google.com/intl/de/policies/privacy/

15.4 YouTube videos in enhanced privacy mode (YouTube-NoCookies)

Some subpages of our website contain links or embedded content from YouTube, operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

As a general rule, we are not responsible for the content of external websites linked from our own. However, please note that if you follow a YouTube link, YouTube will process user data (such as personal information and IP addresses) according to its own privacy policies and may use them for commercial purposes.

We embed some YouTube videos directly within our web pages. These videos appear as part of the browser window using the enhanced privacy mode offered by YouTube. This mode ensures that no cookies are placed on your device when the video is simply displayed. However, when the embedded video is played, your IP address and potentially other data are transferred to YouTube—especially which of our pages you visited.

These data cannot be linked to your identity unless you are already logged into a Google account. If you are logged in, the data will be directly associated with your account. You can avoid this by logging out before accessing the video.

Once playback begins, YouTube may store cookies that do not contain personally identifiable data, unless you are logged into a Google service. These cookies can be prevented by configuring your browser accordingly.

By requesting the video, you are giving your consent to the setting of the associated cookies under Article 6 (1) sentence 1 lit. a) GDPR.

YouTube (Google LLC) is certified under the EU-U.S. Data Privacy Framework, providing a valid legal basis under Article 45 GDPR for data transfer to the USA.

Privacy policy:

https://www.google.de/intl/de/policies/privacy/

15.5 YouTube Images

When visiting our website and using the YouTube Images service, we collect various personal data:

Technical data: IP address, browser type and version, operating system, referrer URL, and server request timestamp

Usage data: Information about service usage, such as viewed or downloaded images

Communication data: Details you provide via communication, such as email addresses and enquiry content

Purpose of processing:

Providing and improving the “YouTube Images” service

Analysing service usage to optimise our offerings

Responding to user enquiries and communication

Meeting legal obligations

Legal basis:

Data processing is based on your consent in accordance with Article 6 (1) lit. a) GDPR.

Data sharing:

Your personal data will only be shared with third parties if you have expressly consented.

Retention period:

Data will be stored only for as long as necessary to fulfil the intended purposes or as legally required.

15.6 Matomo Cloud

We use Matomo Cloud, a web analytics service, to analyse user behaviour on our website and improve the user experience. Data are stored on servers hosted by Matomo, acting as our data processor, and are processed exclusively according to our instructions.

Scope of data processing:

• IP address: Anonymised by removing the last two octets (e.g. 192.168.xxx.xxx) to prevent personal identification

• Usage data: Visited pages, session duration, referrer URL, click behaviour, and technical info (device type, OS, screen resolution, etc.)

• Cookies: Used to analyse usage patterns without storing personal data

Legal basis:

Processing is based on our legitimate interest under Article 6 (1) lit. f) GDPR, in analysing and optimising website usage.

Data storage and recipients:

Data are stored within the EU. Matomo Cloud acts as a data processor and is not permitted to share data with third parties.

Retention period:

Anonymised data are stored for 12 months, after which they are automatically deleted.

16. Your rights as a data subject

16.1 Right to confirmation

You have the right to obtain confirmation from us as to whether personal data concerning you are being processed.

16.2 Right of access – Article 15 GDPR

You have the right to receive, at any time and free of charge, information about the personal data stored about you and to receive a copy of this information, in accordance with legal requirements.

16.3 Right to rectification – Article 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. You also have the right, considering the purposes of the processing, to request the completion of incomplete personal data.

16.4 Right to erasure – Article 17 GDPR

You have the right to request the immediate deletion of personal data concerning you if one of the statutory grounds applies and the processing or storage of such data is not required.

16.5 Right to restriction of processing – Article 18 GDPR

You have the right to request restriction of processing if one of the legal conditions is met.

16.6 Right to data portability – Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, provided the processing is based on your consent pursuant to Article 6 (1) lit. a) GDPR or Article 9 (2) lit. a) GDPR, or on a contract under Article 6 (1) lit. b) GDPR, and the processing is carried out by automated means.

You also have the right to request that the personal data be transmitted directly from one controller to another, where technically feasible and provided that the rights and freedoms of others are not adversely affected.

16.7 Right to object – Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is based on Article 6 (1) lit. e) (public interest) or lit. f) (legitimate interest) GDPR. This also applies to profiling based on these provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the establishment, exercise, or defence of legal claims.

In individual cases, we may process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling related to direct marketing. If you object to processing for direct marketing purposes, we will stop processing your personal data for these purposes.

Additionally, you have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, unless the processing is necessary for a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.

16.8 Right to withdraw data protection consent

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

16.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

17. Routine erasure and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage, or as required by legal regulations applicable to our organisation.

When the storage purpose no longer applies or a prescribed retention period expires, personal data will be routinely blocked or erased in accordance with legal requirements.

18. Duration of personal data storage

The retention period for personal data is based on the statutory retention period. After expiration of that period, the corresponding data are routinely deleted, provided they are no longer required for contract performance or contract initiation.

19. Currency and amendment of this privacy policy

This privacy policy is currently valid and dated July 2024.

Due to the ongoing development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed at any time on our website under:

https://www.ftapi.com/en/privacy-policy

This privacy policy was created with the assistance of the data protection software: audatis MANAGER.