Privacy Policy omniac

Version 1.2

Thank you for your interest in data protection in connection with omniac (hereinafter referred to as the "Service") and the related app and website. We want you to feel comfortable and safe when using the Service, and to know that one of the things that sets us apart is our commitment to protecting our customers' data. Changes in the law or in circumstances relating to data processing may necessitate changes to this privacy policy. We will keep you informed of any relevant changes.

1. Overview

Below we inform you about the processing of your personal data in connection with the use of the Service, including our website and app used in this context, and about your rights under the EU and UK General Data Protection Regulation (both referred to in this privacy policy as "GDPR"). Personal data is information that identifies you or could identify you directly or indirectly. The statutory basis for data protection is, in particular, the GDPR.

2. Controller

Unless otherwise indicated below, the controller (Article 4(7) GDPR) for the data processing detailed in the following is: Schwarz Cyber Technologies GmbH Stiftsbergstraße 1 74172 Neckarsulm, Germany E-mail: info@schwarz-cyber-technologies.de (hereinafter "we", "us").

3. Details of the Data Processing

3.1 Using Our Website

3.1.1 Purposes and Legal Basis

When using our website, the browser used on your end device will – automatically and without any action on your part – send

the IP address of the end device;
the date and time of access;
the name and URL of the requested file;
the data volume transmitted;
the website/application from which the access occurred (referrer URL);
the browser and, where relevant, the operating system of your end device; and
the name of your Internet service provider to our website server and be stored temporarily in a log-file for the following purposes:
to ensure a fault-free connection;
to ensure the comfortable use of our website/application; and
to analyse system security and stability.

The legal basis for this data processing is Article 6(1) sentence 1(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses our website. In addition, we base data processing on Article 6(1) sentence 1(b) GDPR, insofar as we process your data in order to make the website available to you and thus to be able to fulfil our agreement with you.

3.1.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients. In particular, the website is operated on our behalf on servers of IT service providers. Your personal data may be made available to these service providers for support and maintenance purposes.

3.1.3. Storage Time/Criteria for Determining Storage Time

The log files are stored for 7 days from the date of their creation.

3.2. Using Our App

3.2.1. Purposes and Legal Bases

When you use our app, the following information about you and the device you are using is collected and processed:

your IP address;
the date and time of access;
the client request;
the http response code; and
the data volume transmitted. In addition, when you use our app, the app version used and the mobile device from which you start our app are collected and processed. We process the aforementioned data in order to provide you with the app and to be able to perform our agreement with you. We process your personal data in this context on the basis of Article 6(1) sentence 1(b) GDPR. Since the processing also serves our legitimate (and overriding) interest in providing the Service you have requested, we also base the data processing on Article 6(1) sentence 1(f) GDPR. We also process this data to pursue our legitimate interest in enforcing our rights arising out of or in connection with our agreement; this is done on the basis of Article 6(1) sentence 1(f) GDPR.

3.2.2. Recipients/Categories of Recipients

In some cases we use service providers, in particular IT service providers, to process your data. The companies acting on our behalf are bound by our instructions with regard to the processing of your personal data and process this data on our behalf. Storage Time/Criteria for Determining Storage Time We delete or anonymise your personal data as soon as it is no longer required for the purposes of the processing as set out above. If your data is required for longer due to statutory retention periods or to secure, assert or enforce legal claims, we will store your data in accordance with data protection provisions beyond the end of your use of the app for as long as storage is required by law or as long as this is necessary for the purposes.

3.3. Use of Our Service

You can use our Service via our app or our website.

3.3.1. Purposes and Legal Bases

As part of the ordering and registration process for the Service, we process the following data about you in particular: information that you provide when ordering the Service, in particular regarding the subscription you requested (e.g., term);

your name and surname;
your e-mail address;
your postal code;
your country of residence;
confirmation that you are using the Service as a private individual; and
depending on the payment for the subscription, your billing address.

You must also verify your e-mail address using a code that we will send to the e-mail address you provide. We will also assign you a customer ID. As part of the use of the Service, we process in particular the data that you enter, such as your name, your e-mail address, your telephone number, your credit card number, your IBAN, your ID card number and any specific data you want to have monitored to detect if such data has been compromised. You can change the data to be monitored at any time. In order to be able to carry out the monitoring (technically), we assign you and the data to be monitored a special and unique code number. For the monitoring, which is mainly carried out by our service provider Constella Intelligence, Inc., we transfer your data – depending on the areas of the Internet to be monitored – in a hashed and sometimes also in an encrypted form. We will then also make your data available to the aforementioned service provider in these formats. If it detects that data has been compromised, e.g., on the deep/dark web, it can hash the affected data with the same algorithm and determine whether the data you entered for monitoring is affected by the compromise. For other areas of the Internet, in particular the "surface web", it can also temporarily disable the encryption to actively check whether the data you have entered has been compromised. If it detects compromised data, the service provider informs us and we can send you an alert (see below). For this purpose, and in order to be able to determine that you have changed the data to be monitored, we store your data to be monitored in hashed form and in masked form, in which we replace some letters with an X. We do not store your data as plain text in this context. You can decide whether you want to receive notifications (e.g., about compromised data) by e-mail and/or push notification. If you enter an e-mail address or a mobile phone number for communication or monitoring purposes, we will verify this by sending you a confirmation link by e-mail or a code by text message, which you must click on or enter. If we detect that your data has been compromised, you will receive an alert. In particular, this contains information about the compromised data and information about the compromise (e.g., where it was found). If necessary, the alert may also contain data from you that you have not selected to be monitored, but which we have found in connection with compromised data of yours that was to be monitored. The alert lists your data in masked form, where some of the letters have been replaced by an X. In addition, the alert contains a classification of the criticality of the compromise, which is determined by the sensitivity of the compromised data and the time of the compromise. The alert also contains recommendations for action that you can report back as "completed". Based on the classification of the compromise and the recommendations for action that were contained in (previous) alerts and that you have not reported back as "completed", we calculate an individual security score that is communicated to you as part of the alert. We process the aforementioned data in order to provide you with the Service and thus to be able to perform our agreement with you. We process your personal data in this context on the basis of Article 6(1) sentence 1(b) GDPR. Since the processing also serves our legitimate (and overriding) interest in providing the service you have requested, we also base the data processing on Article 6(1) sentence 1(f) GDPR. In addition, we process data about your subscription/order for the Service in order to be able to comply with our obligations under tax and commercial law. The basis for this is Article 6(1) sentence 1(c) GDPR. We also process this data to pursue our legitimate interest in enforcing our rights arising out of or in connection with our agreement; this is done on the basis of Article 6(1) sentence 1(f) GDPR.

3.3.2. Recipients/Categories of Recipients

In some cases we use service providers to process your data. The companies acting on our behalf are bound by our instructions with regard to the processing of your personal data and process this data on our behalf. The following service providers in particular act on our behalf and are bound by our instructions in providing the Service: Schwarz IT KG primarily provides us with storage capacity, database systems and technical support. It also assists us in creating the code number assigned to you and your data and in creating alerts. Widas ID GmbH assists us in particular in the ordering and registration process. It operates an identity and access management service that we use in this context. Constella Intelligence, Inc. (hereinafter "Constella") primarily assists us in monitoring your data with regard to compromises in certain areas of the Internet. In particular, Constella checks whether data you have selected for monitoring has been published there. In the event of a compromise, Constella will provide us with information on this and assist us in preparing the alert to you. Constella uses other (sub)processors for this purpose, who primarily provide storage capacity and technical support.

3.3.3. Data Transfers to Recipients in Third Countries

As our service provider Constella has its registered office in the USA, data relating to you will be transferred to a country outside the European Economic Area and the United Kingdom within the meaning of Article 44 et seq. GDPR. To ensure suitable guarantees for this data transfer, we have entered into the EU standard contractual clauses issued by the European Commission together with the UK International Data Transfer Agreement (IDTA) with Constella. The EU standard contractual clauses can be found here, for example: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj. To request a copy of our standard contractual clauses, please contact us using the details provided in the "Contact Us" section of our privacy policy.

3.3.4. Storage Time/Criteria for Determining Storage Time

We delete or anonymise your personal data as soon as it is no longer required for the purposes of the processing as set out above. As a rule, we therefore store your personal data for the duration of your subscription or use of the Service and after its termination until all related claims are time-barred. If you remove data or contact details to be monitored during an ongoing subscription, we will generally delete them without undue delay. If you cancel your subscription, we will generally delete the data you selected for monitoring within 30 days after you cancel your subscription. In this case, the customer account, including the data entered during registration, will not be deleted, but you can delete it yourself if you wish. If your data is required for longer due to statutory retention periods or to secure, assert or enforce legal claims, we will store your data in accordance with data protection provisions beyond the end of your use of the Service for as long as storage is required by law or as long as this is permitted by law and necessary for the purposes.

3.4.Payment and Management of the Subscription

3.4.1. Purposes and Legal Bases

In-app Purchase

If you purchase a subscription for our Service via the in-app function, the operator of the respective app marketplace (for the Apple Store: Apple Distribution International Limited in Hollyhill, Cork, Republic of Ireland; for the Google Play Store: Google Ireland Limited in Gordon House, Barrow Street, Dublin 4, Ireland) processes the purchase, in particular your payment for the subscription you have selected. To do this, it uses the payment method that you have stored in the respective app marketplace and selected for the subscription. To enable the operator to process the purchase, we provide it with the following information about you in particular: information that you wish to purchase a subscription to the Service; and the subscription you have chosen. Once the payment process is completed, the operator only informs us that you have purchased a specific subscription and made the payment for it. Subsequently, the management (in particular the renewal) and termination of the subscription are also carried out via the corresponding app marketplace. In such cases, we only receive information from the respective operator that you have changed a subscription (e.g., renewed it and made a payment for it) or terminated it. We are not responsible for data processing by the operator of the respective app marketplace in connection with the purchase, management and termination of the subscription. This applies in particular to the processing of your data by the operator to process your payment. We transmit the aforementioned data to the operator of the app marketplace relevant to you for the purpose of enabling you to purchase and manage (e.g., renew or terminate) your desired subscription to our Service as part of an in-app purchase. The transmission is necessary for us to perform the agreement with you for the use of our Service and your agreement with the operator of the app marketplace. The basis for this is Article 6(1) sentence 1(b) GDPR. Since it is also necessary to safeguard our legitimate (overriding) interest in entering and performing the agreement with you for a subscription to our Service and to safeguard the legitimate (overriding) interest of the operator of the app marketplace in performing the agreement with you for payment processing and management of the subscription, the data processing is also based on Article 6(1) sentence 1(f) GDPR. In addition, we process data about your subscription/payment for the Service in order to comply with our obligations under tax and commercial law. This is done on the basis of Article 6 (1) sentence 1(c) GDPR and, because we also have a legitimate interest in compliance with these regulations, Article 6(1) sentence 1(f) GDPR.

Purchase via Our Website

If you purchase a subscription to our Service via our website, you must first enter your billing address. We transfer this data together with other data (customer ID, subscription information) to Schwarz Digits Payment GmbH, a group company that handles payment processing and subscription management for our Service independently as controller under data protection law. We in turn receive information from Schwarz Digits Payment GmbH as to whether the payment for a particular subscription was successful or not. This data processing is necessary to process your payment and to be able to offer you our Services in return, and is therefore necessary to perform our agreement with you and is carried out on the basis of Article 6(1) sentence 1(b) GDPR. The processing is also necessary to safeguard our legitimate interest in efficient and user-friendly payment processing on the basis of Article 6(1) sentence 1(f) GDPR. Schwarz Digits Payment GmbH collects, processes and stores your customer ID, information about your subscription, your billing address, invoices and your payment history for the purpose of processing payments and managing your subscription. In order to be able to offer the payment methods credit card, Google Pay and Apple Pay, we also use the payment processing service provider Adyen N.V. (Simon Carmiggeltstraat 5-60, 1011 DJ, Amsterdam, Netherlands). After selecting these payment methods on our website, you will be asked to enter your payment details in a separate window. The payment data entered is collected and stored directly by Adyen N.V. and processed for the purpose of payment processing. Adyen N.V. Acts as controller for this processing under data protection law. Further information about data processing by Adyen N.V. can be found in the privacy policy on the Adyen N.V. website. (https://www.adyen.com/de_DE/privacy-policy). After collecting the payment data, Adyen N.V. transfers to Schwarz Digits Payment GmbH the name of the cardholder, the expiry date and the last four digits of the credit card number so that this information can be displayed in the customer account to identify the payment method used. Schwarz Digits Payment GmbH also receives a credit card token generated by Adyen N.V. in order to be able to identify the payment method used to Adyen N.V. for future payment requests without the use of plain text. Furthermore, neither Schwarz Digits Payment GmbH nor we have access to the credit card details you enter for payment. Schwarz Digits Payment GmbH processes your data for the purpose of payment processing and subscription management on the basis of Article 6(1) sentence 1(b) GDPR, as the processing is necessary for performing the agreement concluded with us. At the same time, we and Schwarz Digits Payment GmbH also have a legitimate interest in being able to offer different payment methods and in making payment processing as centralised, efficient and user-friendly as possible, so that the processing of Schwarz Digits Payment GmbH is also based on Article 6(1) sentence 1(f) GDPR. In addition, Schwarz Digits Payment GmbH processes data about your subscription/payment for the Service in order to comply with obligations under tax and commercial law. This is done on the basis of Article 6(1) sentence 1(c) GDPR; and, because there is also a legitimate interest in compliance with these regulations, Article 6(1) sentence 1(f) GDPR. Schwarz Digits Payment GmbH deletes or anonymises your personal data as soon as it is no longer required for the purposes for which it is processed in accordance with the above paragraphs. As a rule, your personal data therefore stored for the duration of your subscription or use of the Service and after its termination, until all related claims are time-barred. If your data is required for longer due to statutory retention periods or to secure, assert or enforce legal claims, Schwarz Digits Payment GmbH will store your data in accordance with data protection provisions beyond the end of your use of the Service for as long as storage is required by law or as long as this is necessary for the purposes. With regard to any obligation to provide data and your rights as a data subject vis-à-vis Schwarz Digits Payment GmbH, sections 5 and 6 of this privacy policy apply accordingly. You can contact Schwarz Digits Payment GmbH by post (Stiftsbergstraße 1, 74172 Neckarsulm, Germany) and by e-mail (datenschutz@mail.schwarz).

3.4.2. Recipients/Categories of Recipients

3.4.3. Storage Time/Criteria for Determining Storage Time

3.5. Communication by E-mail/Customer Service

3.5.1. Purposes and Legal Bases

We process personal data that you provide by e-mail (in particular you e-mail address) as part of your query for the purpose of handling your query. If necessary, we will also request data from you to confirm your identity. The legal basis for this data processing as part of initiating or performing a contract, in particular in connection with the Service, is Article 6(1) sentence 1(b) GDPR. Otherwise, the legal basis for this is Article 6(1) sentence 1(f) GDPR. Our legitimate interest arises from the interest in responding to your customer queries so that customer satisfaction is promoted.

3.5.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients. Your personal data may be made available to IT service providers for support purposes. The following service providers in particular act on our behalf and are bound by our instructions for purposes of communication by e-mail/Customer Service: Schwarz IT KG primarily provides us with storage capacity, database systems and technical support, including answering customer queries. Netlution GmbH and Lidl Kundenservice GmbH & Co. KG assist us with answering customer queries.

3.5.3. Storage Time/Criteria for Determining Storage Time

The data will be stored for 90 days after your query has been closed. From experience, no further responses are expected after this time. If you assert legal claims, your data will be stored for three years after your query has been completed, starting at the end of the calendar year, to prove that we have fulfilled any legal claims.

3.6. Processing for the Assertion, Exercise or Defence of Legal Claims and in the Case of Takeovers

3.6.1. Purposes and Legal Bases

Insofar as this is necessary in individual cases, we will also process the data about you mentioned in this privacy policy in order to assert and exercise legal claims, to defend ourselves against legal claims and, insofar as this is necessary, in connection with corporate transactions, e.g., if parts of the company are to be sold. The legal basis for data processing in the context of initiating or performing a contract, in particular in connection with the Service, is Article 6(1) sentence 1(b) GDPR. Otherwise, the legal basis for this is Article 6(1) sentence 1(f) GDPR. The purposes of data processing listed above constitute our legitimate interest.

3.6.2.Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients. In particular, this may include other companies to which company shares are (or are to be) sold, persons and bodies that assist us in asserting and exercising legal claims or defence against them or are involved in the proceedings taking place in this context, and authorities.

3.6.3. Storage Time/Criteria for Determining Storage Time

We delete or anonymise your personal data as soon as it is no longer required for the purposes of the processing as set out above and we may not process it for other purposes. If your data is required for longer due to statutory retention periods, we will store your data in accordance with data protection regulations for as long as is required by law. In the case of lawsuits and legal proceedings, this generally means that we will retain your data until the final settlement of the legal dispute and, in the case of a takeover or sale of (part of) our company, until the transaction has been fully completed.

3.7. Advertising: Newsletters and Push Notifications

3.7.1. Purposes and Legal Bases

If you consent to receiving our newsletter and push notifications in our app, we will process the data specified in the declaration of consent, in particular the e-mail address you have provided; and information about the device you are using to send you advertising for products, services, promotions and cooperations from us by e-mail to the e-mail address you have provided and push notifications in the app. The legal basis for this data processing is your consent pursuant to Article 6(1) sentence 1(a) GDPR. You can withdraw your consent at any time with effect for the future via the link at the end of each newsletter, by e-mail to info@omniac.de or via the customer account. The withdrawal of your consent does not affect the lawfulness of the processing of your data on the basis of your consent prior to its withdrawal. To ensure that no mistakes are made when entering the e-mail address, we use the "double opt-in" procedure: once you grant your consent, we will send you a confirmation link. Your e-mail address will not be added to our distribution list until you click on the link. We also process the following data to document your consent and to defend our rights: IP address of the end device used for registration; date and time of registration and e-mail verification; registration and deregistration source; and newsletter history. The legal basis for this data processing is Article 6(1) sentence 1(f) GDPR. The purposes listed above constitute our legitimate interest.

3.7.2. Recipients/Categories of Recipients

Under certain circumstances, we may need to transfer your personal data to other recipients. Specifically for our newsletter, we use IT service providers to process personal data on our behalf.

3.7.3. Storage Time/Criteria for Determining Storage Time

If the confirmation link is not clicked within 48 hours, your data will be deleted in connection with the sending of advertising by newsletter/push notifications. As soon as you withdraw your consent, we will no longer process your data for the purpose stated here and will generally delete it if we are not permitted to process it for another purpose. As proof of your consent, the required data will be stored for three years, starting at the end of the calendar year in which you withdraw your consent.

4. Use of Cookies and Similar Technologies

4.1. Cookies

When cookies and similar technologies are used to process usage data (in particular local storage and special identifiers when using our app, e.g., advertising IDs such as the identifier for advertisers), files are stored locally on your end device when you visit our website or use our app, in which information is stored in connection with the end device you are using, or we use these technologies to access information stored on your end device. This does not mean, however, that we obtain direct knowledge of your identity.

4.1.1. Purposes, Types of Data and Legal Bases

The use of cookies and similar technologies to process usage data serves the following purposes: Technically necessary: These are cookies and similar technologies that are necessary for you to use our Services (for example, to correctly display our website, including the language, font and colour, provide the functions you request to remember your settings, such as your selection regarding cookies and similar technologies and to record you signing in or to fill your shopping cart when making online purchases, etc.). The use of technically necessary cookies and similar technologies in the "Technically necessary" category is based on the statutory provisions of the EU member states that implement Article 5(3) of Directive 2002/58/EC. Data is subsequently processed based on our legitimate interests in providing the Service pursuant to Article 6(1) sentence 1(f) GDPR. Based on the purpose pursued, the following types of personal data are processed and the following cookies and similar technologies are used in particular: user inputs, in order to remember inputs across multiple sub-pages; authentication data to identify a user after signing in, enabling you to access authorised content on subsequent visits (e.g., access to your customer account); security-related events (e.g., identifying repeat failed sign-in attempts); An information overview of the cookies and similar technologies used, the storage periods and any integrated third-party providers in this category can be found in our Cookie Policy at: https://app.omniac.de/privacy-policy?hidebanner=true#cookies. Statistics: These methods enable us to tailor the design of our services by producing pseudonymised and, if applicable, cross-device statistics about how they are used. This provides us with information on how or how often our website is used. This enables us to adapt our websites even better to user habits. The use of cookies and similar technologies and the corresponding data in the "Statistics" category is based on your consent in accordance with Article 6(1) sentence 1(a) GDPR. Based on the purpose pursued, the following types of personal data are processed and the following cookies and similar technologies are used in particular: Pseudonymised usage profiles containing information on the use of our websites. These contain in particular: browser type/browser version; operating system used; referrer URL (i.e., the previously visited page); host name of the accessing computer (IP address); time of the server request; individual user ID; and events triggered on the website (web browsing behaviour). The IP address is routinely anonymised, which in principle means it is no longer possible to identify you. We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us separate express permission to do so. In itself, we cannot use the user ID to identify you. An information overview of the cookies and similar technologies used, the storage periods and any integrated third-party providers in this category can be found in our Cookie Policy at: https://app.omniac.de/privacy-policy?hidebanner=true#cookies.

4.1.2. Recipients/Categories of Recipients

Under certain circumstances, it may be necessary for us to transfer your personal data to other recipients, as stated in our Cookie Policy at: https://app.omniac.de/privacy-policy?hidebanner=true#cookies.

4.1.3. Data Transfers to Recipients in Third Countries

Depending on the respective cookie category, it may be necessary for us to transfer your personal data to IT service providers and online marketing service providers in one or more third countries outside of the European Union (EU)/European Economic Area (EEA) and the United Kingdom (UK). The European Commission and the UK Commission have certified some third countries as having a level of data protection comparable to that offered by the GDPR by means of an adequacy decision. An overview of third countries with an adequacy decision can be found at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de#documents link: for non-UK countries https://www.gov.uk/government/publications/uk-approach-to-international-data-transfers/international-data-transfers-building-trust-delivering-growth-and-firing-up-innovation]. For service providers headquartered in the US, this only applies if they base the data transfer on the EU-US Data Privacy Framework dated July 10, 2023 (DPF) or on the Data Privacy Framework between the United Kingdom and the US (UK-US DPF). In the case of this data processing, all recipients are located in a third country with an adequacy decision or are subject to the DPF/UK-US DPF if they are located in the USA.

4.1.4. Storage Time/Criteria for Determining Storage Time

The storage period for cookies can be found in our Cookie Policy at: https://app.omniac.de/privacy-policy?hidebanner=true#cookies. If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn. If "session" is entered in the "expiration" column, the cookie will be stored for the duration of your visit to the site. The cookies saved locally are deleted as soon as you end the session or close your browser.

4.2.1. Purposes and Legal Bases

We use the consent management tool on our website and in our app to manage your consent for the use of cookies and similar technologies. Insofar as we use technically necessary cookies and similar technologies as part of the integration of the tool, this is done on the basis of the statutory provisions of the EU member states that implement Article 5(3) of Directive 2002/58/EC. The legal basis for subsequent data processing is Article 6(1) sentence 1(f) GDPR for the purpose and in our legitimate interest of being able to use data protection-compliant cookies and similar technologies on our website and enabling you to withdraw your consent easily. If you give your consent via our consent banner, we will process the following data: the end device's IP address; the date and time of access; the name and URL of the requested file; date and time of consent; a pseudonymised, random and encrypted consent key (consent ID); your consent status, used as evidence of your consent. This enables our website to verify your consent status whenever you access the website in the future and activate or deactivate the use of cookies and similar technologies in accordance with your decision when you do so. For verification, the consent ID and consent status from the "OptanonConsent" cookie are compared with the values transmitted when you gave your consent to ensure that the status of your original consent has not changed.

4.2.2. Data Transfers to Recipients in Third Countries

Under certain circumstances, we may need to transfer your personal data to recipients in one or more third countries outside of the European Economic Area (EEA) and the United Kingdom (UK). The European Commission and the UK Commission have certified some third countries as having a level of data protection comparable to that offered by the GDPR by means of an adequacy decision. An overview of third countries with an adequacy decision can be found at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de#documents link: for non-UK countries https://www.gov.uk/government/publications/uk-approach-to-international-data-transfers/international-data-transfers-building-trust-delivering-growth-and-firing-up-innovation]. For service providers headquartered in the US, this only applies if they base the data transfer on the EU-US Data Privacy Framework dated July 10, 2023 (DPF) and the UK-US DPF. The data processed are made accessible to OneTrust Technology Limited, 82 St. John Street, London, United Kingdom, which we engage as service provider for our consent management.

4.2.3. Storage Time/Criteria for Determining Storage Time

Your consent ID and consent status are stored in the "OptanonConsent" cookie in the browser on your end device and on the servers of OneTrust for one year.

4.3. Google Analytics

4.3.1. Purposes and Legal Bases

We use the Google Analytics web analytics service to analyse user access to our website and app. The legal basis for this data processing is your consent pursuant to Article 6(1) sentence 1(a) GDPR. We use data generated during your use of our website for purposes of user navigation, statistical analyses and adapting our website to your needs. This involves the following data: the end device's IP address; the date and time of access; the name and URL of the requested file; the browser and, where relevant, the operating system of your end device. Google Analytics 4 operates largely without using traditional cookies, but rather based on an analysis of your behaviour on our website. The processed IP address is automatically truncated so that no direct identification is possible. In addition, Google Analytics may also process the data collected about you to assess the behaviour of other users who have not given their consent, using algorithms that can also be trained on the basis of this data. Further information on data processing when using Google Analytics is available at: https://business.safety.google/privacy/

4.3.2. Recipients/Categories of Recipients

When using Google Analytics, your aforementioned data is transferred to Google Ireland, Limited Gordon House, Barrow Street Dublin 4, Ireland. Under certain circumstances, we may need to transfer your personal data to other recipients.

4.3.3. Storage Time/Criteria for Determining Storage Time

The user data collected via Google Analytics are generally deleted within 14 months after collection.

5. Obligation to Provide Your Data

Unless otherwise indicated above, you are under no statutory or contractual obligation to provide your personal data to us. Nevertheless, some data is processed for technical purposes as soon as you access our website or our app and use the associated services. The only way to prevent your data from being processed is to stop accessing our website and using our app and/or the respective services. Insofar as personal data is required for the processing of a query from you, a possible entry into an agreement or other services on our part, in particular the provision of the Service, we may also not be able to process your query, enter into an agreement with you or provide other services if you do not provide this data. In particular, we can only monitor data for compromises as described within the scope of our Service if you provide it to us.

6. Your rights as the data subject

If the data processing is carried out on the basis of consent granted under Article 6(1) sentence 1(a) or Article 9(2)(a) GDPR, you may withdraw that consent at any time with effect for the future without this affecting the lawfulness of the previous processing. Under Article 15(1) GDPR, you have the right to access information, free of charge, on the personal data stored about you. If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data. If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR. If the basis of processing is Article 6(1) sentence 1(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will only be processed thereafter if we can demonstrate compelling legitimate grounds for the processing which override your interests in the objection. If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21(2) GDPR. As a user in France, you also have the right to tell us how we should manage your data after your death. We do not carry out automated decision-making, including profiling, which has legal or other significant effects on you. To exercise your rights as a data subject, or if you have questions or complaints, please write to or e-mail the data protection officer. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located e.g., in the state in which you live or where the controller is domiciled has jurisdiction. If you live in the European Union: one of the following data protection authorities at: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en If you live in the United Kingdom (UK): the Information Commissioner's Office (ICO) is the UK supervisory authority for data protection issues at: www.ico.org.uk.

7. Data Protection Coordinator Contact Information

For further questions concerning the processing of your data or the exercise of your rights, please contact the competent data protection coordinator of the controller at:

Schwarz Cyber Technologies GmbH Stiftsbergstraße 1 74172 Neckarsulm, Germany

E-mail: datenschutz-digits@mail.schwarz