§ 1 Name and Address of the Controller

The controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:

Agent 22 GmbH

Kaiser-Wilhelm-Str. 93

20355 Hamburg

§ 2 Name and Address of the Data Protection Officer

The data protection officer of the controller is:

Deutsche Datenschutz Consult GmbH

https://deutsche-datenschutz-consult.de

Stresemannstraße 29

22769 Hamburg

Telephone: +49 40 228 60 70 402

Email: privacy@agent22.eu

§ 3 Business Correspondence

If you contact us by e-mail, we collect, store and process the following personal data: name, contact details, email address and the content of the correspondence.

We process this data in order to be able to correspond with you and provide you with the requested information. The legal basis for this processing is Article 6 (1) lit. f GDPR, whereby the legitimate interest lies in establishing and maintaining the business relationship. In individual cases, the legal basis may also be Article 6 (1) lit. a GDPR if you have consented to being contacted or to correspondence. In the rare cases in which we conclude contracts with natural persons, the communication required for this is based on Article 6 (1) lit. b GDPR.

Where necessary, personal data relating to our customers may be transferred to our parent company for internal administrative purposes, including the processing of personal data relating to customers and employees, based on a legitimate interest pursuant to Article 6(1)(f) GDPR. This is in line with Recital 48, sentence 1 of the GDPR, according to which there may be a legitimate interest in intra-group data processing, provided that the principles of data processing and the rights and freedoms of the data subjects are respected.

If it is necessary for the fulfilment of a contract with you or due to legal obligations, we may disclose our customers' data to third parties or transfer it to them. If this disclosure is necessary for the provision of our service, it is based on Article 6 (1) lit. b GDPR; if it is necessary to fulfil a legal obligation, it is based on Article 6 (1) lit. c GDPR. If the transfer of data is necessary to fulfil our legitimate interest or that of our customers to provide services efficiently and economically, it is based on Article 6 (1) lit. f GDPR. If you have consented to the transfer, it is based on Article 6 (1) lit. a GDPR. Possible data recipients are:

• External experts who are involved in the provision of the service and

• Third parties that are necessary for the performance of the contract or are typically involved in it, such as companies in the insurance industry.

Your personal data will only be stored by us for as long as is necessary to fulfil the correspondence. Furthermore, we are legally obliged to retain business correspondence for a period of 6 years. In individual cases, it may be necessary to retain business correspondence for a period of 10 years for tax law reasons. In these cases, your data will be stored on the basis of Article 6 (1) lit. c GDPR. After the retention period has expired, we will delete your data unless the data is still required for the fulfilment or termination of a contract.

§ 4 Processing on the Website

1. Server Statistics

When you visit our website, we log the following data that your browser transmits:

• Domain

• IP-Address

• Content of the request

• Access status/HTTP status code

• Browser

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is also stored in the log files of our website host and overwritten after 7 days. Logging is used to identify and prevent misuse. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

2. Piwik Analytics

We use Piwik PRO Analytics on our website to analyse the surfing behaviour of our users and to manage consents. The software places a cookie on the user's computer. If individual pages of our website are accessed, the following data is stored IP address of the user's accessing system, the user's operating system, browser ID, user activity and other information. You can find out more about the data stored by Piwik PRO here.

We calculate key figures on the bounce rate, page views and sessions in order to understand how our website/app is used. Based on the usage history, we may create visitor profiles to analyse usage behaviour and display personalised content and conduct online campaigns.

We host our application in Germany on Microsoft Azure. The data is stored between 14 and 25 months.

The purpose of data processing is to analyse surfing behaviour and evaluate visitor actions. As the legal basis for this, we obtain your consent in accordance with Article 6 (1) lit. a GDPR with the help of the Consent Manager. You can access the Consent Manager using the "Cookie Settings" link at the bottom of the website and change your settings.

Piwik PRO does not transmit any data to subcontractors or third parties and does not use the data for its own purposes. You can find out more in Piwik PRO's privacy policy.

Our configuration of Piwik PRO uses the following cookies:

_pk_ses.<appID>.<domainHash>

Module: Analytics

Expires after: 30 minutes (can be changed)

Extension: Automatic

Type: First-party cookie

About: Shows an active session shows of the visitor. If cookie is not present, the session ended more than 30 minutes ago and was recorded in a pk_id cookie.

_pk_id.<appID>.<domainHash>

Module: Analytics

Expires after: 13 months (can be changed)

Extension: No

Type: First-party cookie

About: Used to recognise a visitor and settings.

Value: <visitorID>.<cookieCreationTimestamp>.<visitsCount>.<currentVisitTimestamp>.<lastVisitTimestamp>.<lastEcommerceOrderTimestamp>

• visitorID: Is generated via JavaScript, unless otherwise supplied.

• cookieCreationTimestamp: Time at which the cookie was created.

• visitsCount: 0 means that there were no previous visits.

• currentVisitTimestamp: Current time. Is updated with every visitor action.

• lastVisitTimestamp: Time of the last visit. Empty if there were no previous visits. Is used together with pk_ses to count up the number of visits.

• lastEcommerceOrderTimestamp: Time of the last order. Empty if there were no orders.

The following cookie is required for the Consent Manager:

ppms_privacy_<appID>

Modules: Consent Manager

Expires after: 365 days (can be changed), 30 minutes (for anonymous tracking)

Extension: Automatic

Type: First-party cookie

About: Saves the visitor's consent for data collection and use.

Value: A JSON-encoded object in which the visitor's consent for data collection and use is stored.

• -1: No decision by the visitor.

• 0: The visitor has not consented.

• 1: The visitor has consented.

Is generated: if the Consent Manager is used and displayed on the page.

§ 5 Your Rights

1. Right to Information

You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing, in accordance with applicable law, which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.

2. Right to Rectification

You have the right to have your data stored by us corrected if it is incorrect. You can also request a restriction of processing, e.g. if the accuracy of your personal data is disputed.

3. Right to Blocking

You can also have your data blocked. To ensure that your data can be blocked at any time, this data must be stored in a lock file for control purposes.

4. Right to Erasure

You can also request the erasure of your personal data, provided there are no statutory retention obligations. If such an obligation exists, we will block your data on request. If the relevant legal requirements are met, we will delete your personal data even without a corresponding request from you.

5. Right to Data Portability

You are entitled to request that we provide the personal data transmitted to us in a format that allows it to be transmitted to another organisation.

6. Right to Lodge a Complaint with a Supervisory Authority

You have the option of lodging a complaint with a data protection supervisory authority of your choice. The supervisory authority responsible for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

https://datenschutz-hamburg.de

7. No Automated Decision-Making

We would like to point out that in the context of the use of our services and the utilisation of our services, you will not be subject to a decision based solely on automated processing - including profiling - which may have legal effect on you or significantly affect you in a similar manner.

§ 6 Note on Data Security

We use the SSL (Secure Socket Layer) method on our website in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

Occasionally we need to update our privacy policy. The latest version of the privacy policy is always available on our website. We will inform you of any significant changes to the privacy policy, for example the use of your personal data, the person responsible for data processing or your rights.