We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the AddTrust Technologies GmbH. The use of the Internet pages of the AddTrust Technologies GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data—such as the name, address, e-mail address, or telephone number—shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the AddTrust Technologies GmbH, including the German Federal Data Protection Act (BDSG).

By means of this Data Protection Declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of the rights to which they are entitled.

As the controller, AddTrust Technologies GmbH has implemented numerous technical and organisational measures—such as encryption, access controls, and regular security audits—to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may, in principle, have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g., by telephone.

1. Definitions

The Data Protection Declaration of the AddTrust Technologies GmbH is based on the terms used by the European legislator for the adoption of the GDPR. It should be legible and understandable for the general public, customers, and business partners. To ensure this, we first explain the terminology used:

[Definitions remain unchanged and without bullet points.]

2. Name and Address of the Controller

Controller for the purposes of the GDPR and other applicable data protection laws:

AddTrust Technologies GmbH

Pappelallee 78/79

10439 Berlin Germany Phone:

Email: info@addtrust.com

Data Protection Officer: We are not required to appoint a Data Protection Officer under Art. 37 GDPR. For any data protection inquiries, please contact us directly at info@addtrust.com.

3. Collection of General Data and Information

When a data subject or automated system calls up the website of AddTrust Technologies GmbH, a series of general data and information is collected and stored in server log files. This may include:

• Browser types and versions used

• Operating system used by the accessing system

• Website from which an accessing system reaches our website (referrer)

• Sub-websites accessed

• Date and time of website access

• IP address

• Internet service provider of the accessing system

• Other similar data and information used in case of attacks on our IT systems

This data is processed based on our legitimate interest (Art. 6(1)(f) GDPR) to:

• Deliver website content correctly

• Optimize content and user experience

• Ensure the long-term viability and security of our IT systems and website technology

• Provide law enforcement authorities with necessary information in case of a cyber-attack

No conclusions about the data subject are drawn from this data. The anonymous data of the server log files are stored separately from personal data provided by a data subject. This data may be shared with our hosting provider acting as a processor under a GDPR-compliant agreement.

4. Subscription to Our Newsletters

Users can subscribe to our newsletter via our website. The input form determines what personal data are transmitted (e.g., email address). We regularly inform customers and business partners about offers via a newsletter.

Subscription requirements:

• A valid e-mail address

• Registration for newsletter shipping (double opt-in procedure)

During registration, we store the IP address assigned by the ISP and the date/time of registration to detect possible misuse. The personal data collected will be used exclusively for sending the newsletter and will not be transferred to third parties. The subscription can be terminated at any time, and consent to store personal data for shipping the newsletter can be revoked at any time (e.g., via the unsubscribe link in each newsletter). If you do not provide an email address, you cannot subscribe to the newsletter.

5. Newsletter-Tracking

Our newsletters contain tracking pixels to enable statistical analysis of online marketing campaigns. These pixels allow us to see if and when an e-mail was opened and which links were clicked. This data is processed based on your consent (Art. 6(1)(a) GDPR) and stored for up to 12 months to optimize future newsletters. It is not shared with third parties. Consent can be revoked at any time by unsubscribing, which is considered a revocation.

6. Special Enterprise Services

For certain services (e.g., customer support or premium features), we may collect additional personal data such as name, email address, or phone number to provide the requested service. This data is processed based on the performance of a contract (Art. 6(1)(b) GDPR) or your consent (Art. 6(1)(a) GDPR), depending on the service. Details will be provided at the point of collection.

7. Routine Erasure and Blocking of Personal Data

We process and store personal data only for the period necessary to achieve the purpose of storage or as mandated by European or Member State law. If the storage purpose ceases to apply or a mandated storage period expires, personal data are routinely blocked or erased.

8. Rights of the Data Subject

a) Right of Confirmation

Data subjects have the right to confirm whether personal data concerning them is being processed.

b) Right of Access

Data subjects have the right to obtain free information about their stored personal data and a copy of this information, including purposes, categories, recipients, storage period, and more.

c) Right to Rectification

Data subjects have the right to obtain without undue delay the rectification of inaccurate personal data or completion of incomplete data.

d) Right to Erasure (“Right to be Forgotten”)"

Data subjects have the right to request erasure of personal data if certain conditions apply (e.g., data no longer necessary).

e) Right of Restriction of Processing

Data subjects can request restriction of processing under specific conditions (e.g., contested accuracy).

f) Right to Data Portability

Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.

g) Right to Object

Data subjects may object to processing based on Art. 6(1)(e) or (f) GDPR, including profiling, or to direct marketing.

h) Automated Individual Decision-Making, Including Profiling

Data subjects have the right not to be subject to automated decisions producing legal effects, unless necessary for a contract, authorized by law, or based on consent.

i) Right to Withdraw Consent

Data subjects may withdraw consent at any time.

j) Right to Lodge a Complaint

Data subjects may lodge a complaint with a supervisory authority, such as the Berlin Data Protection Authority (Berliner Beauftragte für Datenschutz und Informationsfreiheit,

The details of the supervisory authority responsible for Berlin, Germany, are:

9. Legal Basis for Processing

Art. 6(1)(a) GDPR: Consent-based processing.
Art. 6(1)(b) GDPR: Processing necessary for a contract or pre-contractual measures.
Art. 6(1)(c) GDPR: Processing required by legal obligations.
Art. 6(1)(d) GDPR: Processing to protect vital interests.
Art. 6(1)(f) GDPR: Processing for legitimate interests, except where overridden by data subject rights.

10. Legitimate Interests Pursued by the Controller

Where processing is based on Art. 6(1)(f) GDPR, our legitimate interests include ensuring website security, optimizing user experience, and analyzing usage trends to improve our services.

11. Period for Which Personal Data Will Be Stored

The storage period is determined by the purpose of processing or statutory retention periods (e.g., tax laws). After expiration, data are routinely deleted unless required for contract fulfillment.

12. Provision of Personal Data as Statutory or Contractual Requirement

Providing personal data may be required by law (e.g., tax regulations) or contract. Failure to provide data may prevent contract conclusion or service provision (e.g., no newsletter subscription without an email address). Contact info@addtrust.com for clarification.

13. Existence of Automated Decision-Making

We do not use automated decision-making or profiling.

14. Data Transfers to Third Countries

We do not transfer personal data to countries outside the European Economic Area (EEA).

15. Recipients of Personal Data

Personal data may be shared with processors (e.g., hosting providers, IT support services) under GDPR-compliant agreements, or with public authorities where legally required.