PRIVACY POLICY

This privacy policy applies to data processing by:

YOC AG

Greifswalder Str. 212

10405 Berlin

Germany

Phone: +49 (0)30 726162 0

Fax: +49 (0)30 726162 222

Email: [email protected]

The Data Protection Officer of YOC AG is:

ePrivacy GmbH

Represented by Prof. Dr. Christoph Bauer

Burchardstraße 14

20095 Hamburg

Germany

Contact: [email protected]

In the context of certain processing operations, a subsidiary of YOC AG may also act as the controller or join YOC AG in this responsibility. Therefore, the terms 'YOC', 'we', or 'us' as used below include both YOC AG and its subsidiaries.

When accessing our website at https://yoc.com, the browser used on your device automatically sends information to the server of our website. This information constitutes personal data according to Art. 4 No. 1 GDPR either by itself or in combination with other data and is temporarily stored in a so-called log file.

The following information is collected and stored without any action on your part and stored until automated deletion:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Browser type and version and other information transmitted by the browser (such as the operating system of your computer, access provider, geographical origin, language settings, etc.).

The mentioned data is processed by us for the following purposes:

• To ensure a smooth connection of the website,
• To ensure convenient use of our website,
• To evaluate system security and stability,
• To detect and prevent attacks on our website, and
• For other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR and Sec. 25 para. 2 No. 2 TDDDG (for technical provision). Our legitimate interest arises from the purposes of data processing listed above. Data processing is necessary for the use of the website.

Furthermore, we use cookies and analytics services when you visit our website. For further explanations, please refer to sections V and VI of this privacy policy.

The retention period is purpose-dependent. As a rule, the data will be deleted when the browser is closed or the cookies are removed.

You can send general inquiries to us via the contact form provided on our website. In doing so, we collect the following personal data in addition to your message:

• Your first and last name,
• the name of your company,
• the country in which your company is headquartered,
• a valid email address, and
• a phone number.

No further personal data is collected unless you voluntarily provide it as part of the message.

Data processing for the purpose of contacting us is carried out at your request and based on Art. 6 para. 1 sentence 1 lit. b GDPR if your request is aimed at concluding a contract with us or to safeguard our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to respond appropriately to inquiries from customers and other persons.

To respond to your inquiry, we use the CRM application provided by HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA ("HubSpot"). The engagement of this service provider is necessary for processing your inquiry. We have concluded a data processing agreement with HubSpot in accordance with Art. 28 para. 3 GDPR. This agreement ensures that the service provider processes personal data in compliance with the GDPR and guarantees the protection of the rights of the data subjects. HubSpot may also process personal data in the USA (for third-country transfers, see section IV).

The personal data collected when using the contact form will be deleted after your inquiry has been dealt with unless we need to retain it due to the nature of your inquiry or we are obliged to store it for a longer period according to Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (under the German HGB or AO).

You have the option to subscribe to a newsletter on our website for news and current offers from YOC. When registering, we collect your first and last name, the company you work for, and an email address. We use this personal data to send you our newsletter. The mailing is based on your request and is based on your consent given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which can be revoked at any time with effect for the future.

You will receive a registration notification by email, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof that the registration was indeed initiated by you.

We send our newsletter using the newsletter service of HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA ("HubSpot"). HubSpot uses the personal data to send and evaluate the newsletters on our behalf. For this purpose, we have concluded a data processing agreement with HubSpot in accordance with Art. 28 para. 3 GDPR. Through this agreement, HubSpot assures that it will process the data in compliance with the General Data Protection Regulation and ensure the protection of the rights of the data subjects. HubSpot may also process personal data in the USA (for third-country transfers, see section IV).

You can unsubscribe from our newsletter at any time without giving reasons via a link at the end of each newsletter. Alternatively, you can also inform us by email at [email protected] that you no longer wish to receive newsletters from us. Your personal data processed in this context and solely for the purposes of the newsletter will be deleted immediately after you unsubscribe.

On our website, you have the option to download various resources, such as whitepapers or case studies. In the context of providing these resources, we collect your first and last name, the company you work for, and your email address. The delivery of these resources is based on your request and relies either on your consent, granted pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, which can be revoked at any time with future effect, or on a contract concluded between you and us (Art. 6 para. 1 sentence 1 lit. b GDPR).

We send our resources using the services of HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA ("HubSpot"). HubSpot processes personal data on our behalf for the purpose of sending and analysing these resources. For this purpose, we have entered into a data processing agreement with HubSpot in accordance with Art. 28 para. 3 GDPR. Through this agreement, HubSpot assures that it processes the data in compliance with the General Data Protection Regulation and ensures the protection of the rights of the data subjects. HubSpot also processes personal data in the USA (for information on third-country transfers, see Section IV).

We offer our customers the option to obtain access to the customer area. When registering, the following personal data of the respective employee of the respective customer is collected:

• First and last name,
• name of the company and associated identification number,
• your primary business address, and
• an email address.

In addition, a self-chosen password must be provided. Together with the email address, this enables access. Within the account, personal data and the password can be changed at any time.

The basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in data processing lies in being able to offer our customers access to the customer area. In this context, the processing of personal data of individual employees is necessary.

After the account is deleted, personal data will be automatically deleted for further use unless we are obliged to store it for a longer period in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (under the German HGB or AO) or consent to further storage exists under Art. 6 para. 1 sentence 1 lit. a GDPR.

Your personal data will be transferred to third parties only if this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, we only transfer your personal data to third parties if:

• You have given your explicit consent to this pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
• In the event that there is a legal obligation for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• The transfer is necessary for the assertion, exercise, or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred.

In connection with data processing, data may be transferred to third countries, i.e., to recipients outside the EU or the European Economic Area (EEA). As long as there is an adequacy decision of the European Commission for the third country concerned (cf. Art. 45 para. 3 GDPR), no additional measures are required for the data transfer. In the case of data transfer to recipients located in the USA, this is based on the Transatlantic Data Privacy Framework (DPF) of 10.07.2023, provided the recipient has an appropriate certification.

In cases of data transfers to other third countries, data will only be transferred if the requirements of Art. 46 et seq. GDPR are met. Specifically, this means that a transfer to third countries only occurs if

• The recipient provides sufficient so-called guarantees according to Art. 46 GDPR for the protection of personal data,
• You have explicitly consented to the transfer after we have informed you of the risks pursuant to Art. 49 para. 1 lit. a GDPR,
• The transfer is necessary for the fulfillment of contractual obligations between you and us or another exception according to Art. 49 GDPR applies.

Which of the aforementioned bases applies in individual cases will be communicated to you in connection with the respective processing.

We use cookies or other similar functions and technologies (e.g., pixel tags) on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any harm to your device and do not contain viruses, trojans, or other malware.

Information is stored in the cookie that arises in connection with the specific device used. However, this does not mean that we immediately obtain knowledge of your identity.

We also use pixel tags (also known as web beacons or tracking pixels) on our website. Pixels are small graphics embedded via the HTML code of our website. The pixel tag itself does not store or change any information on your device, so pixels also do not cause any harm to your device, nor do they contain viruses, trojans, or other malware.

The pixels transmit your IP address, the referrer URL of the visited website, the time the pixel was viewed, the browser used, as well as previously set cookie information to a web server. This makes it possible to perform reach measurements and other statistical evaluations that help us optimize our offering.

The use of cookies and pixel tags is partly to make the use of our offerings more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. When you visit our website again to use our services, it is automatically recognized that you have already been to us and what entries and settings you have made, so you do not have to enter them again. These are generally deleted after a maximum of 30 days. The data processed by these cookies are necessary for the aforementioned purposes to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and technically according to Sec. 25 para. 2 No. 2 TDDDG to provide a service requested by you.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all the functions of our website.

In addition, we use cookies and pixel tags in connection with third-party tools to statistically record the use of our website and evaluate it for the purpose of optimizing our offering (see section VI). These analysis and tracking functions also enable us to automatically recognize when you visit our website again that you have already been with us. These cookies and pixel tags are automatically deleted after a defined period.

We only use such cookies and pixel tags if you have given us your consent via the cookie management tool. The data processed by cookies and pixel tags is processed based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and Sec. 25 para. 1 TDDDG. You can revoke your consent at any time via the cookie management tool for the future. You can always access the tool again via the button at the bottom left corner of the website.

We have integrated the consent management tool "consentmanager" (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, [email protected]) on our website to request consent for data processing and the use of cookies or similar functions. With the help of "consentmanager," it is possible to give or refuse your consent for certain functionalities of our website, e.g., for embedding external elements, embedding streaming content, statistical analysis, reach measurement, and personalized advertising. Consent can be given for all or individual functions. These settings can also be adjusted afterward. The purpose of integrating "consentmanager" is to allow the users of our website to decide on the settings and to offer the possibility to change already made settings in the course of further use of our website. In the course of using "consentmanager," personal data as well as information from the devices used, such as the IP address, are processed.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Obtaining and managing legally required consents is considered a legitimate interest within the meaning of the aforementioned provision. "Consentmanager" stores your settings and personal data as long as your user settings are active. One year after saving the user settings, a new request for consent is made. The user settings made are then stored again for this period.

We analyse the browsing behaviour of visitors to our website using tracking technologies provided by HubSpot (HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA). Additionally, we attribute information about browsing behaviour to contacts in our CRM system where possible. For these processing activities, we have entered into a data processing agreement with HubSpot in accordance with Art. 28 para. 3 of the General Data Protection Regulation ("GDPR"). This agreement ensures that HubSpot processes data in compliance with the GDPR and guarantees the protection of the rights of the data subjects. HubSpot may also process personal data in the USA.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR and Sec. 25 para. 1 TDDDG (consent, which can be withdrawn at any time).

HubSpot uses cookies for this purpose. These cookies are employed to uniquely identify a web browser on a specific device. Through these cookies, interactions with our website are analysed (e.g., the website you arrived from, your duration of stay, and the offers you showed interest in). The information collected using these cookies is used to generate statistics and reports and to display advertising tailored to your interests.

We use the analytics and conversion tracking technology provided by LinkedIn on our website. This platform is offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn’s technology allows us to display advertisements that are more relevant and tailored to your interests. In addition, LinkedIn provides us with aggregated and anonymous reports on advertisement performance and insights into how users interact with our website.

The LinkedIn Insight Tag enables us to analyse website usage, compile reports on website activities, and develop other services related to website usage for purposes of market research and customised website design. LinkedIn also offers retargeting for website visitors, allowing the website owner to display targeted advertisements outside of their website based on the collected data.

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. a GDPR and Sec. 25 para. 1 TDDDG (consent, which can be withdrawn at any time without affecting the lawfulness of prior processing).

LinkedIn uses cookies to uniquely identify a web browser on a specific device, with a validity period of up to one year. These cookies analyse how you interact with our website (e.g., the website you arrived from, your duration of stay, and the offers you showed interest in) and whether you are a LinkedIn member. The data collected through cookies is used to generate the aforementioned statistics and reports and to display advertisements based on your interests. LinkedIn may process personal data in the USA.

For more information about LinkedIn’s data protection practices, please visit: https://www.linkedin.com/legal/privacy-policy#choices-oblig. Regardless of whether you are a registered LinkedIn member, you can opt out of LinkedIn analysing your usage behaviour and displaying interest-based recommendations. To do so, click on "Opt Out on LinkedIn" (for LinkedIn members) or "Opt Out" (for other users) via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Please note that opting out of such advertisements does not remove ads from the websites you visit. It merely means that the advertisements shown will not necessarily align with your personal interests.

We use the Google reCAPTCHA service on our website to protect forms on our site from fraudulent and harmful activities such as bots or spam. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google sets cookies that collect data such as the IP address, referrer URL, operating system, mouse movements and keystrokes, duration of stay, and device settings (e.g., language and location).

The processing of data through Google reCAPTCHA is technically necessary to protect and provide our website. Ensuring the security and protection of our website aligns with our legitimate interest, which justifies the processing under Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Sec. 25 para. 2 no. 2 TDDDG (for the use of cookies).

Google processes personal data in the USA. The EU Commission has issued an adequacy decision for the USA, applicable to certified companies. Google is certified under the Data Privacy Framework.

Google stores personal data only for a short period unless your behaviour is classified as potentially harmful. If your behaviour is deemed fraudulent or otherwise harmful, your IP address may be stored for up to 180 days to facilitate reassignment if necessary.

YOC operate social media pages on the platforms Facebook, Instagram, LinkedIn, and YouTube. As operators of these pages, we are joint controllers within the meaning of Art. 4 no. 7 of the General Data Protection Regulation ("GDPR") together with the respective platform operators:

Facebook: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland ("Facebook"),

Instagram: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland ("Instagram"),

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"),

YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").

As joint controllers of these pages, we have concluded agreements with the platform operators that, among other things, govern the terms of use of these pages. The relevant agreements are as follows:

Facebook: Facebook’s terms of service (https://www.facebook.com/legal/terms), the additional terms and policies listed therein, and the agreement on joint controllership available here: https://www.facebook.com/legal/terms/page_controller_addendum.

Instagram: Instagram’s terms of service (https://www.facebook.com/help/instagram/581066165581870); since Instagram is a service provided by Facebook, the aforementioned Facebook policies and agreements also apply.

LinkedIn: The agreement with LinkedIn regarding the Insights feature is available here: https://legal.linkedin.com/pages-joint-controller-addendum.

YouTube: YouTube’s terms of service are available here: https://www.youtube.com/t/terms.

When visiting our social media pages, the personal data of visitors is processed by the controllers as described below.

In connection with operating our social media pages, we utilise the analytics functions provided on these platforms to obtain statistical evaluations regarding the users of our pages. For this purpose, cookies and similar technologies, such as pixels, are employed by the platform operators during visits to our pages, and a unique user code is generated. This user code may be linked to the personal data of users registered with the platform operators. The information stored in relation to the user code is processed by the platform operators, particularly when users visit these services. Additionally, other entities, such as partners or even third parties, may use cookies within these services to provide services to companies advertising on the social networks.

• Facebook: In connection with our Facebook page, we use the Pages Insights feature provided by Facebook to obtain statistical evaluations of users of our Facebook page. Facebook provides information about Pages Insights and Facebook pages in its privacy notices available at https://www.facebook.com/privacy/policy and https://www.facebook.com/legal/terms/information_about_page_insights_data. Further information about Facebook’s use of cookies (including for Instagram) is available in its cookie policy (https://www.facebook.com/privacy/policies/cookies).

• Instagram: For our Instagram page, we use the Instagram Insights function to obtain statistical evaluations of the users of our posts. Information about Instagram Insights is available in Instagram’s privacy notices: https://www.facebook.com/privacy/policy.
• LinkedIn: LinkedIn provides information about data processing and the Insights function here: https://www.linkedin.com/legal/privacy-policy.
• YouTube: Information about YouTube's data processing practices is available on the pages https://policies.google.com/privacy and https://policies.google.com/technologies/cookies.

Your personal data may also be processed even if you are not logged in or do not have an account with the respective social network. This data processing occurs in this case, for example, via cookies stored on your device or by capturing your IP address.

When you visit one of our social media pages, we also process your interactions with this page (e.g., the content of messages, inquiries, posts, or comments you send to us or leave on our social media pages, or when you like or share our posts) as well as your publicly visible profile data (e.g., your name and profile picture). Which personal data from your profile is publicly visible depends on your chosen profile settings.

The processing of personal data serves two primary purposes. First, it allows the platform operators to improve their advertising systems disseminated through their networks. Second, it enables us, as operators of the social media pages, to receive statistics generated based on visits to our pages. These statistics help us manage the marketing of our activities. For example, they provide insights into user profile trends that appreciate our social media pages or use their functionalities, allowing us to offer more relevant content and develop features of greater interest to users.

Additionally, to better understand how our social media pages support our business goals, demographic and geographic analyses are generated from the collected personal data and made available to us. We can use this information to display targeted, interest-based advertisements. However, we do not gain direct knowledge of the users’ identities. If users access social media services across multiple devices, data collection and analysis may also occur cross-device and, if applicable, cross-network, provided they are registered and logged into their profiles.

The visitor statistics generated are transmitted to us exclusively in anonymised form, and we do not have access to the underlying personal data.

We also use our social media pages to communicate with users and inform them about our services. In this context, we may receive additional information, such as through user comments, private messages, or when you follow or share our content. Processing is solely for the purpose of communication and interaction with you.

We operate our social media pages to present ourselves to the users of these networks and other interested parties visiting our pages and to communicate with them. The processing of users' personal data is based on our legitimate interest in optimised corporate and product presentation (Art. 6 para. 1 sentence 1 lit. f GDPR).

For Facebook and Instagram it is possible that some collected personal data is processed outside the European Union, including in the USA. Both Facebook and Instagram are headquartered in the USA.

On 10 July 2023, the EU Commission issued an adequacy decision for the Data Privacy Framework for data transfers to certified recipients in the USA, establishing an adequate level of data protection. Facebook and Instagram are certified under the Data Privacy Framework. Data transfers to the USA for Facebook and Instagram rely on the adequacy decision or the Data Privacy Framework and are directed to Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025.

LinkedIn Ireland's parent company is LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA, which is also certified under the Data Privacy Framework.

For YouTube, Google Ireland's parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Information generated by YouTube is transmitted to Google LLC servers in the USA for processing. Google LLC is certified under the Data Privacy Framework.

Under the agreements we have entered into with Facebook and Instagram for our social media pages, Facebook and Instagram acknowledge joint controllership concerning so-called Insights data and assume essential data protection obligations, including providing information to data subjects (Art. 12 and 13 GDPR), ensuring data security, and reporting data protection breaches. Additionally, the agreements specify that Facebook and Instagram act as primary contacts for exercising data subject rights (Art. 15–22 GDPR), as they alone have direct access to the necessary information and can implement any required measures or provide information. Should our assistance be needed, we can be contacted at any time.

LinkedIn similarly assumes essential data protection obligations, including those related to information provision (Art. 12 and 13 GDPR), data security, and reporting data protection breaches, and acts as the primary contact for data subject rights (Art. 15–22 GDPR) under the contractual agreement. We can also be contacted for support if required.

YouTube does not currently provide an agreement on joint controllership (Art. 26 para. 1 sentence 2 GDPR) specifying the allocation of data protection obligations under GDPR. Further information on the analytics tools for page operators on YouTube is available here. We have no additional knowledge regarding data processing by YouTube.

You have the following options to object to data processing:

• Facebook and Instagram: Users of Facebook and Instagram can influence the extent to which their user behaviour is tracked when visiting Facebook or Instagram pages through the settings for advertising preferences (https://www.facebook.com/ads/preferences). Additional objection options are available in Facebook’s settings (https://www.facebook.com/settings) or via the objection rights form provided by Facebook: https://www.facebook.com/help/contact/1994830130782319. These settings can also apply to Instagram. More information on objection options for Facebook and Instagram can be found here: https://www.facebook.com/help/2069235856423257.
• LinkedIn: LinkedIn users can influence the extent to which their user behaviour is tracked through their account settings: https://www.linkedin.com/help/linkedin/answer/a1338610/. Additional objection options are available in LinkedIn’s settings or via the provided objection rights form: https://www.linkedin.com/help/linkedin/ask/TS-DPRO.
• YouTube: Information on personal data protection settings for YouTube is available here: https://support.google.com/youtube/answer/9315727 and https://policies.google.com/privacy#infochoices.

You have the right:

• To withdraw your consent once given to us at any time in accordance with Art. 7 para. 3 GDPR. As a result, we will no longer be allowed to continue the data processing based on this consent for the future;
• To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data have been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to complain, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
• To demand the immediate correction of incorrect or completion of your personal data stored with us in accordance with Art. 16 GDPR;
• To request the deletion of your personal data stored with us, except where processing is required to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims, in accordance with Art. 17 GDPR;
• To request the restriction of processing your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose its deletion, and we no longer need the data, but you need it to assert, exercise, or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
• To receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR; and
• To complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company's registered office.

To assert your rights as a data subject, please contact [email protected].

If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you would like to exercise your right to object, an email to [email protected] is sufficient.

All personal data you transmit is encrypted using the commonly used and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by the appended "s" to http (i.e., https://..) in the address bar of your browser or by the lock symbol in the upper area of your browser.

We also use appropriate technical and organizational security measures to protect personal data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.