The controller pursuant to Art. 4 No. 7 GDPR is: QIVIVE Rechtsanwaltsgesellschaft mbH, Konrad-Adenauer-Ufer 71, D-50668 Cologne, managing director: Dr. Christophe Kühl, HR: HRB 74204 Cologne, Tel: +49 (0)221 1 39 96 96 0. Email: privacy@qivive.com.

The Data Protection Officer is:

Dr. jur. Andreas Pinheiro
ap-datenschutz GmbH
Berrenrather Str. 274, D-50937 Cologne
Tel +49 221 99989 030
Email: info@ap-datenschutz.de

^a.  Informational use of the website
^b.  Registering for our newsletter
^c.  Registering for and participating in webinars
^d. Using our contact form
^e.  Using our online forms
^f.  Applying for a job
^g.  For the client-lawyer relationship
^h.  In case of other communication of personal data

When you use our website ^{www.qivive.com} for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:

• IP address of the requesting computer
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific web page)
• Access status/http status code
• Amount of data transferred in each case
• Website from which the access takes place (referrer URL)
• Browser used, language and version of the browser software and, if applicable, your computer’s operating system as well as the name of your access provider

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR.

The indicated data are processed by us for the following purposes:

• Ensuring the establishment of a smooth connection of our website
• Ensuring a comfortable use of our website
• Evaluating system security and stability
• Other administrative purposes

Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

When you visit our website, moreover, we use cookies and analytical services. Please refer to sections 5 to 13 of this privacy policy for more information.

With your consent, you can subscribe to our newsletter informing you about current publications and our current interesting offers.

The only mandatory data for sending the newsletter are your name and your e-mail address.

We use the so-called double-opt-in procedure to subscribe to our newsletter. This ensures that the newsletter was requested by you and not by a third party. When you register, your data is stored on our servers and a confirmation message with a link to the final registration is generated to the e-mail address provided. The data will be deleted after 24 hours if you do not confirm the registration by clicking the link in that e-mail. Only after you confirm the link in the e-mail will the data used to send the newsletter will be stored for the duration of your use of our offer.

The processing of the data is based on your consent according to Art. 6 para. 1 lit. a GDPR and within the scope of legitimate interest according to Art. 6 para. 1 lit. f GDPR.

We use this data exclusively for sending the newsletter. We do not pass on your data to third parties and do not use them for any other purposes of our own.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can do so by clicking on the link provided in each newsletter or by sending an e-mail to privacy@qivive.com. The personal data you provided for the newsletter subscription will then be deleted.

You can participate in our webinars. When registering for our webinars, the data provided for registration will be stored and used for sending information letters on legal topics.

We use "Zoom" as a tool to conduct our webinars. "Zoom" is a service provided by Zoom Video Communications Inc, a software company based in San José, USA.

When using "Zoom", various types of data are processed. The scope of the data processing also depends on the information you provide before or during participation in the webinar. The following personal data are subject to processing:

• User information
   
• Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
   
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the chat
   
• For dial-in with the telephone: Information on the incoming and outgoing call number, country, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
   
• Text, audio and video data: You may have the option of using the chat, question or survey functions. To this extent, the text entries you make are processed in order to display and, if necessary, log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications.

In order to participate in a webinar or to enter the "meeting room", you must at least provide information about your name. If you do not want your real name to be publicly visible, you can change it with a very visible function next to your name. You can therefore decide for yourself whether to make use of this.

In addition to conducting webinars, data processing also includes the follow-up of participation data for sending the documentation associated with the webinar to the participants.

The legal basis for data processing in connection with our webinars is Art. 6 para. 1 sentence 1 lit. a GDPR, or Art. 6 para. 1 lit. f GDPR.

"Zoom" is a service provided by a provider from the USA. By concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 para. 2 lit. c GDPR, this provider has agreed to ensure a comparable level of data protection for data transfers to the USA. Here you can find further information about the "Zoom" privacy statement.

By registering for the webinar, you accept our privacy policy and the terms of use of "Zoom". Here you can access the terms of use of "Zoom".

Should you have questions of any kind, we offer you the possibility of contacting us using a form provided on the website. Your e-mail address and name will be stored by us, as well as other details if you provide them additionally (such as your telephone number). The purpose of this storage is merely to contact you in order to be able to answer your enquiry.

The legal basis for data processing when contacting us is your consent, which you have given by submitting the respective form (Art. 6 para. 1 p. 1 lit. a GDPR).

The personal data collected by us for the use of the contact form will be automatically deleted after completion of your enquiry, unless the law firm is obliged to store the data for a longer period of time pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR due to storage and documentation obligations or you have consented to further storage pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

We have also included online forms and checklists on various topics on our website. We process your e-mail address and other information required to process your request. Further information on the categories of data processed can be found in the sections below on the individual forms. As soon as the data is no longer required for the purposes stated below, we will delete your personal data, provided that we are not subject to any retention or documentation obligations.

In all forms, you have the option of saving your details as a draft and continuing your response at a later date. We need your e-mail address to make the form with your previous answers available to you again. This data is automatically deleted after 14 days.

The legal basis for the processing of the data provided in the forms is generally your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which you provided before answering the form. You can revoke this consent at any time with effect for the future.

If your information is required for the processing of contractual relationships with our clients, the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, we may be obliged to process some of the data provided in the forms (in particular forms relating to money laundering). The legal basis for data processing in these cases is therefore Art. 6 para. 1 sentence 1 lit. c GDPR.

The data is processed and stored on our own servers. Our IT service provider is charged with the  technical realisation of these services. We have concluded an order processing agreement with them in order to protect your data.
 

1. General online forms

In the form for requesting a quote for the reclassification of employees in the metal industry, we collect your contact details and information on the number of employees. This is done in order to send you a non-binding offer.
 

2. Online forms for clients

In addition, we offer some forms exclusively for our clients. You can access these forms using a password provided by us. With this function, it is technically necessary for us to set additional cookies in order to grant you access to the forms.

We offer you a checklist for drawing up a French employment contract in German or French. It is used to generate a French employment contract for you. We need, in particular, information on the employer, the future employment relationship (e.g. date of employment, job description and salary) and the future employee (first name/last name, address, date/place of birth, nationality and, if applicable, information on previous collective agreement classification, position or non-competition clauses).

Similarly, we offer you a checklist to be able to draw up a German employment contract for you. We require, in particular, information on the employer, the signatory of the contract on the employer's side (name, function and existence of signatory power), the future employment relationship (e.g. date of employment, job description, compensation, working hours, probationary period and fixed term) and the future employee (first name/last name, address, date/place of birth, nationality and place of residence).

We also provide you with a checklist for setting up a GmbH. This requires information about the future GmbH, the share capital and the respective shares, the shareholders and managing directors (for natural persons: first name/name, address, date/place of birth and nationality).

We also provide a checklist for setting up a simplified stock corporation (SAS) with one shareholder. For this purpose, we require information on the future company, the sole shareholder (for natural persons: first name/name, address, date/place of birth and nationality), the president and/or general directors (for natural persons: first name/name, address, date/place of birth, nationality, and first and last names of the father and mother), on contracts that are to be transferred to the future SAS, on the auditor and on the beneficial owner(s).

In addition, we offer checklists for collecting information for the purpose of identification in accordance with the Money Laundering Act for legal entities and natural persons. As lawyers, we are obliged to comply with the Money Laundering Act (GwG). We must therefore fulfil the prescribed due diligence obligations, which include in particular the identification of our clients and the persons acting on their behalf as well as the identification of the beneficial owners of our clients. Pursuant to sections 8 et seq. of the GwG, we are therefore obliged to identify the persons acting on behalf of our clients by means of a valid identification document and to make and retain a copy of this identification document.

Furthermore, in the case of legal entities, we require details of the company, ownership and control relationships, the beneficial owners of your company (in the case of natural persons: first name/name, address, date/place of birth, type of control and, if applicable, details of political exposure within the meaning of the GwG).

In the case of natural persons as clients, we must process data relating to the client himself (first name/name, address, date/place of birth, nationality, e-mail address, valid identification document and, if applicable, information on political exposure within the meaning of the GwG). If the client is represented by another person, we also require their details on the aforementioned points. Furthermore, information on the beneficial owner of the client (first name/last name, address, date/place of birth and type of economic interest) may be required.

In accordance with Section 13 (1) of the German Anti Money Laundering Act (Geldwäschegesetz – GwG), we are obliged to verify the identity of our clients by appropriate examination of the identity document presented physically or by another procedure suitable for verifying identity under anti money laundering law and having a security level equivalent to physical verification on site.

If on-site identity verification is not possible, we use the video identification procedure for verification. For this purpose, we use the services of our service provider Acadias GmbH, based in Germany, to which we pass on the name and e-mail address of the person to be identified in order for Acadias GmbH to contact them to carry out the video identification procedure.

We have concluded an order processing agreement with this service provider in order to protect your data. Your data will only be stored for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations.

The legal basis for the transfer of the aforementioned data is generally your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which you provided before answering the form and which you can revoke at any time with effect for the future, or alternatively – if the data to be collected in accordance with the GwG is collected by means other than via our online form – Art. 6 para. 1 lit. c GDPR.

We advertise vacancies on our website for which you can apply online using the form. Your submitted application will be forwarded to our human resources department and treated confidentially.

In the following, we inform you about the processing of your personal data in the context of the application procedure.

Categories of the processed data

The following data will be processed from you as part of the application process:

• Applicant data (first name, last name, address, job position)
• Qualification data (cover letter, curriculum vitae, previous activities, professional qualifications)
• References and certificates (performance data, assessment data, etc.),
• Publicly accessible, job-related data, such as profiles on professional social media networks
• Appointment data (e. g. earliest possible starting date)
• Furthermore, any data that you voluntarily provide to us as part of your application.

Origin of the processed data

We process personal data that we receive from you as part of the application process. Otherwise, we obtain personal data about you if you add it using a third-party source such as Facebook or LinkedIn and use the service to connect with our employees.

Legal basis and purposes of data processing

Personal data is processed for the purposes of the application relationship and to manage and facilitate the recruitment of employees for our business.

Personal data of applicants may be processed for the purposes of the application procedure if this is necessary for the decision on the establishment of an employment relationship. The necessity and scope of data collection is assessed on the basis of the position to be filled. In special cases, more extensive data processing may be necessary. This is the case if your intended position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health requirements. Data processing to this extent only takes place when the application process is completed and your employment is imminent. The legal basis is Art. 6 para. 1 lit. b GDPR.

In certain cases, we process your data to protect a legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR):

• To defend legal claims in proceedings under the General Equal Treatment Act (AGG). In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.

• To apply for financial support in the case of new employment with the responsible service providers (regional employment agencies, integration or inclusion offices of the federal states).

Recipients of the processed data

Your data will mainly be processed by our HR department and the head of department who fills your position. However, in some cases other internal departments are also involved in the processing of your data.

Explicitly, the following internal departments may be data recipients:

• Human Resources Department
• Management
• Head of department

Storage period

We store your personal data for as long as is necessary to make a decision about your application.

In the event of a successful application, the data provided by applicants may be further processed by us for the purposes of the employment relationship.

If an employment relationship between you and us does not arise, we may also continue to store data insofar as this is necessary for the defence against possible legal claims. As a rule, your data will be deleted within six months of the end of the application process.

Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified withdrawal by the applicants, the deletion will take place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and comply with our obligations to provide evidence under the Equal Treatment of Applicants Regulations. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Your rights

For detailed information on your rights, please see section 16.

Persons responsible for data processing and data protection officer

The contact details of the data controller and our data protection officer can be found above under points 1 and 2.

In the course of our mandate work, we process personal data of our (potential) clients, their representatives and employees as well as of opposing parties, their representatives and employees of courts and authorities as well as other persons relevant for the performance of the mandate relationship.

In the following, we inform you about the processing of personal data in the context of the client-lawyer relationship.

Categories of data

The following data is processed within the scope of the client-lawyer relationship:

• Data we receive to identify our (potential) clients, their beneficial owners, their representatives and persons acting on their behalf

• Contact details (in particular names, addresses, telephone numbers, e-mail addresses, dates of birth) of (potential) clients, their employees, opponents in proceedings and their employees, representatives and advisors, courts and/or authorities

• Information we receive for the purpose of advising and representing our clients within the scope of the mandate

• Data requiring special protection (such as health data or similar)

• Billing data

Purposes and legal basis of data processing

The law firm is entitled to process the personal data entrusted to it within the scope of the mandate relationship in accordance with the provisions of the applicable data protection law (in particular GDPR and the German Data Protection Act (BDSG)). This data is processed exclusively for the purpose of identifying the client, processing the client's enquiries, processing the contracts concluded with the client, corresponding with the client, informing the client about legal news and services of the law firm, complying with professional regulations, avoiding conflicts of interest, for the purpose of quality and risk management, accounting and/or in connection with the provision of other administrative and IT support services ("processing purposes").

The processing of personal data collected by the law firm is based on the following legal grounds:

• The client has given his explicit consent pursuant to Art. 6 (1) p. 1 lit. a GDPR.

• The processing is necessary to protect the legitimate interests of the law firm pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

• The processing is carried out on the basis of a legal obligation pursuant to Art. 6 (1) sentence 1 lit. c GDPR.

• The processing is legally permissible and is necessary for the handling of contractual relationships with the client pursuant to Art. 6 (1) sentence 1 lit. b GDPR.

The legitimate interests of the law firm, on the basis of which personal data may be processed pursuant to Art. 6 (1) sentence 1 lit. f GDPR, are:

• The pursuit of our business activities, which includes, among other things, informing the client about legal news and services of the law firm. In this regard, the client has the right to object in accordance with Art. 21 GDPR,

• Legal advice, assertion, exercise or defense of legal claims.

Data processing in the context of online conferences in the client relationship

We use Microsoft Teams to conduct telephone conferences, online meetings and video conferences. Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

We process your personal data insofar as this is necessary to carry out the contact via Microsoft Teams (video conference, chat). This includes the following categories of data:

• Personal data (surname, first name, email, contact details)
• Image data (photos, videos)
• Sound recordings
• Data we need to fulfil our contractual obligation (consultancy, etc.)

The purpose of the processing is efficient communication and the fulfilment of our obligations arising from the client relationship. The legal basis for data processing in connection with our online conferences is Art. 6 para. 1 sentence 1 lit. a GDPR, or Art. 6 para. 1 lit. f GDPR. Insofar as you have given us your voluntary consent to the collection, processing or transmission of personal data for specific purposes, this consent forms the legal basis for the processing of this data.

Consent given can be revoked at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Microsoft Teams is a service provided by a provider from the USA. By concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 Para. 2 lit. c GDPR, this provider has agreed to ensure a comparable level of data protection for data transfers to the USA. Here you can find further information about privacy and Microsoft Teams.

Storage period

The personal data provided by the client may be stored by the law firm from the time of their transmission. The client's personal data processed by the law firm will be deleted as soon as their storage is no longer necessary for the purposes set out above. The time of deletion of the personal data, or the duration of their storage, is based on the following criteria:

• In the case of legal storage and documentation obligations, due to which the law firm is obliged to store the data, according to their duration

• According to the duration of the business relationship, insofar as this is necessary within the framework of the above-mentioned purposes

• According to the statutory limitation periods

A longer storage period results in cases in which the client has consented to further storage in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.

Recipients of the data

Under the aforementioned conditions, the law firm may forward the client's data to the following categories of recipients in particular: Courts, bailiffs, opponents, lawyers, appraisers, insurance companies, authorities, insolvency administrators, tax advisors, auditors, notaries, banks, Infogreffe, Medialex, service providers in connection with statutory registers, translators, interpreters, IT service providers, postal companies. It should be noted that this list is not exhaustive. The IT support of the law firm is currently provided by Navacom IT Solutions GmbH & Co. KG, Sudetenstraße 67, 50354 D-Hürth (HRA Köln 27973).

Your rights

Upon written request or by e-mail, the law firm will inform the client free of charge about the personal data received and stored. In addition, the client has the right to correction, deletion, transfer or restriction of the processing of his personal data in accordance with the statutory provisions. Enquiries concerning all data protection obligations of the law firm should be addressed in writing to QIVIVE Rechtsanwaltsgesellschaft mbH, Konrad-Adenauer-Ufer 71, 50668 Cologne or to the e-mail address: privacy@qivive.com.

Insofar as the processing of his data is based on his consent, the client has the right to revoke his consent with effect for the future at any time. This has the consequence that the law firm may no longer continue the data processing based on this consent for the future.

The client has the right to lodge a complaint with the competent supervisory authority if he or she is of the opinion that the processing of his or her personal data is unlawful. The competent authority at the seat of the law firm is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordhrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia), Kavalleriestraße 2-4, 40213 Düsseldorf, Tel. 0211-384240, e-mail poststelle@ldi.nrw.de.

The firm's mail server transmits all outgoing e-mails to an e-mail gateway with active TLS/SSL encryption. The client consents to e-mail correspondence with him/her without end-to-end encryption, unless the client objects or revokes his/her consent to this procedure, or if a risk to the client's interests would be directly recognisable to the law firm from the circumstances. The client's attention is drawn to the fact that communication via electronic media such as e-mail and fax involves a loss of confidentiality and data security. The client may at any time request that the law firm in future only correspond with him by letter post.

By entering into the retainer agreement, the client agrees to be informed by e-mail or post about legal updates and services provided by the firm. The client may revoke his consent to receive this information at any time with effect for the future.

In addition, personal data is collected by us if you provide it to us of your own accord, for example if you contact us by e-mail or telephone or in any other way.

Any communication of your contact data is expressly on a voluntary basis and with your consent. Insofar as this involves information on communication channels (e. g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request.

You can, of course, revoke your consent at any time for the future. To do so, please contact us by e-mail at privacy@qivive.com.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

• You have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR
   
• The disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data
   
• In the event that there is a legal obligation for disclosure in accordance with Art. 6 Para. 1 Sentence 1 lit. c GDPR
   
• This is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b GDPR.

We use cookies on our website. These are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to the section that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses or other malware to your terminal device.

The cookies are necessary so that you can move freely on the website and use its features. They are used to make the website as a whole more user-friendly and effective. 

Cookies allow us to track who has visited the website and from this we can deduce how often certain web pages are visited and which parts of the site are particularly popular. So-called session cookies store information about your activities on our website.

Our website uses the following types of cookies, the scope and functionality of which are explained below:

• Transient cookies (temporary use)
• Persistent cookies (temporary use)
• Third party cookies

Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to the website. Session cookies are deleted when you log out or when you close the browser.

Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, 4 Barrow Street, Dublin, Ireland). The use includes the "Universal Analytics" mode of operation. This makes it possible to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyse the activities of a user across devices.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the appropriate browser add-on to deactivate Google Analytics.

This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.

We use Google Analytics to analyse the use of our website and to be able to improve it regularly. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.

For the exceptional cases in which personal data is transferred to the USA, Google Ireland has agreed via the conclusion of so-called standard data protection clauses (SDK) in accordance with Art. 46 Para. 2 lit. c GDPR that a level of data protection comparable to the GDPR is ensured for data transfers to third countries. Here you can find further information about the privacy protections of Google.

The legal basis for the use of Google Analytics is your consent, i.e. Art. 6 para. 1 p. 1 lit. a GDPR.

In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie (see section 4) on your computer if you have accessed our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking. Here you can find more information about Google's privacy policy on conversion tracking.

Our website uses so-called conversion and retargeting tags (also "meta pixels") of the social network Meta for marketing purposes. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin, Ireland Dublin 2 ("Meta"). We use Meta Pixel to analyze the general use of our website and to track the effectiveness of Meta advertising ("conversion"). In addition, we use the meta pixel to display individualized advertising messages to you based on your interest in our products ("retargeting").

The legal basis for the collection of data by Meta Pixel is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR, which is obtained in advance.

Meta processes data for this purpose, which the service collects via cookies and similar technologies on our website. The data accruing in this context may be transferred by Meta to a server of the parent company in the USA for evaluation and stored there. Meta ensures a comparable level of data protection in the transfer of data to the parent company in the USA by concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 para. 2 lit. c GDPR.

If you are a member of the Facebook network operated by Meta and have allowed this via the privacy settings of your account, Facebook can also link the information collected about your visit to us with your member account and use it for the targeted placement of Facebook ads.

You can view and change the privacy settings of your Facebook profile at any time.

If you disable Facebook's data processing, Facebook will only display general Facebook ads that are not selected based on the information collected about you.

We use the Google Tag Manager. Google Tag Manager is a tool with which marketers can manage website tags via an interface. The provider is Google Ireland Limited (Gordon House, 4 Barrow Street, Dublin, Ireland). The Google Tag Manager itself is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags, insofar as these are implemented with Google Tag Manager. Here you can find further information about the Google Tag Manager terms of service agreement.

The legal basis for the transfer of personal data to Google is your consent, i.e. Art. 6 para. 1 p. 1 lit. a GDPR.

For cases in which personal data is transferred to the USA, Google Ireland has agreed via the conclusion of so-called standard data protection clauses (SDK) pursuant to Art. 46 para. 2 lit. c GDPR that a comparable level of data protection is ensured during data transfer to your third country. Here you can find more information on Google's commitment to data protection laws.

We use the remarketing function within the Google Ads service on our website. This function is used to present visitors to our website with advertisements based on their interests on other websites within the Google advertising network.

The application serves the purpose of analysing visitor behaviour and interests. Google uses cookies to perform the analysis of website usage, which forms the basis for the creation of the interest-based advertisements. These text files, which are stored on your computer, make it possible to recognise visitors when they visit websites that belong to Google's advertising network. This number is used to uniquely identify a web browser on a particular end device and not to identify a person. According to its own data, Google does not collect any personal data during this process.

You can prevent participation in this tracking procedure in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies means that you will not receive any third-party ads; b) by adjusting your setting for personalized advertising, c) by setting cookies accordingly. Please note that in this case you may not be able to use all the functions of this website to their full extent.

Google Ads is a service provided by a provider from the USA. By concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 Para. 2 lit. c GDPR, this provider has agreed to ensure a comparable level of data protection for data transfers to the USA. Here you can find more information about Google's privacy policy.

We use the remarketing function of Microsoft Advertising on our website. This function is used to present visitors to our website with advertisements on other websites based on their interests.

The purpose of the application is to analyse visitor behaviour and interests. Cookies are used to perform the analysis of website usage that forms the basis for the creation of the interest-based advertisements. These text files, which are stored on your computer, make it possible to recognise the visitor when he or she visits websites that belong to the Microsoft advertising network. This number is used to uniquely identify a web browser on a particular device and not to identify an individual.

Microsoft Advertising is a service provided by a provider from the USA. By concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 Para. 2 lit. c GDPR, this provider has agreed to ensure a comparable level of data protection for data transfers to the USA. Here you can find more information about the Microsoft Advertising privacy policies.

This website uses the services of ActiveCampaign, LLC ("ActiveCampaign") for sending newsletters. The provider is ActiveCampaign, LLC, 1 North Dearborn Street, 5th floor Chicago, IL 60602 USA. ActiveCampaign is a service with which, among other things, the sending of newsletters can be organised and analysed. If you enter data for the purpose of receiving newsletters (e. g. email address), this data will be stored on ActiveCampaign's servers in the USA.

ActiveCampaign ensures a comparable level of data protection for data transfer to the USA by concluding so-called standard data protection clauses (SDK) in accordance with Art. 46 para. 2 GDPR. Here you can find further information about the data protection for data transfer of ActiveCampaign.

With the help of ActiveCampaign, we can analyse our newsletter campaigns. When you open an email sent with ActiveCampaign, a file contained in the email (so-called web beacon) connects to ActiveCampaign's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e. g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of ActiveCampaign after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

We base the use of ActiveCampaign on our legitimate interest in the application and efficient administration of our consultancy services, which in turn is based on professional and entrepreneurial freedom according to Art. 15 para. 1 and Art. 16 GrCh. As we inform you about this processing and no special data is transferred apart from the e-mail address, we base our processing on the legitimate interest in this regard pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

For more details, please refer to the ActiveCampaign privacy policy.

We provide links to various social media on our website. However, these are only links to external websites of third-party social media providers and not plugins. Consequently, no links are created or personal data transmitted to the third-party providers when you visit our website. When you click on the respective button, which is marked with the provider's symbol, you will be redirected to the website of this provider. You will leave our website at this moment. If you have any questions about the data collection of the third-party providers, please read the data protection declarations provided by the third-party providers. We refer to the following social media:

Facebook

Our website links via the "f" button to the social network facebook.com, whose operator for users outside the USA and Canada is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. Here you can find more information on data protection.

Meta ensures a comparable level of data protection in the transfer of data to the parent company in the USA by concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 (2) GDPR. For more information, please visit the Meta european data transfer addendum.

X / Twitter

By clicking on the button with the symbol of the little bird, you will be directed to the microblogging service of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Twitter ensures a comparable level of data protection in the transfer of data to the parent company in the USA by concluding so-called standard data protection clauses (SDK) in accordance with Art. 46 (2) GDPR. Here you can find further information on the data protection addendum and on the privacy policy.

Instagram

Instagram is a service of Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Further information can be found in Instagram's privacy policy.

YouTube

YouTube is a video platform of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Here you can find more information on YouTube's data processing and possible privacy settings.

LinkedIn Corporation

2029 Stierlin Court, Mountain View, California 94043, USA. LinkedIn ensures a comparable level of data protection during data transfer to the parent company in the USA by concluding so-called standard data protection clauses (SDK) in accordance with Art. 46 (2) GDPR.  Here you can find further information on LinkedIn's privacy policy.

Our websites may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the website ^{www.qivive.com}. We have no influence on and do not control that other providers comply with the applicable data protection regulations.

You have the right:

• To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
   
• In accordance with Art. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored by us.
   
• In accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
   
• In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
   
• Pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
   
• Revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent in the future.
   
• Complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.
   
• Object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR and insofar as there are grounds arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

Please address all requests for information, revocations or objections to data processing by e-mail to privacy@qivive.com.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is deleted if it is no longer required to achieve the purpose, fulfil the contract or initiate the contract.

We use appropriate technical and organisational security measures to ensure data security, in particular to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

This privacy policy is currently valid and has the status October 2023.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.