Data Privacy Policy

Please find below the privacy policy for the use of VoltStorage's corporate website & online services.

1. Introduction

We take the protection of your private data seriously and want you to feel comfortable when visiting our website. The protection of your privacy when processing personal data is an important concern for us, which we consider in our business processes. This privacy notice explains how personal data is collected, processed, and used during and after your use of our website, what types of data these concerns, why such data is collected, with whom it is shared and what rights you have in this regard. Please read this note carefully.


Explanation of terms

We have designed our data protection notice in accordance with the principles of the DSGVO, see Art.5 DSGVO. However, if there are any uncertainties regarding the use of terms, you can view the relevant definitions here. (These links refer to an external website)

2. Responsible for Data Processing

Responsible for data processing is:

VoltStorage GmbH
Detmoldstraße 26-28
80935 Munich
Germany

Legal representative: Jakob Bitner
Phone: +49 (0)89 215 294 900
E-Mail: datenschutz@voltstorage.com
Website: https://voltstorage.com/

External data protection officer
blu Systems GmbH
Data Protection Officer
Keltenring 11
82041 Oberhaching
Germany
Phone: +49 (0)89 919 290 560
E-Mail: dsb@blusytems.de
Website: https://theblueexperience.de/

3. Storage and Deletion

Unless a more specific storage period has been specified in this data protection notice, your personal data will remain with us until the purpose or legal basis for the data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

4. Provision of the Website and Creation of Log Files

When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:

• IP address of the requesting computer

• Date and time of access

• Name and URL of the retrieved file

• Website from which the access is made

• Browser used and, if applicable, the operating system of your computer and the name of your access provider

We process the data for the following purposes:

• Ensuring a smooth connection to the website

• Ensuring a comfortable use of the website

• Analysing system security and stability

• error analysis

• for further administrative purposes

The legal basis for data processing is Art. 6 UAbs. 1 lit. f) DSGVO. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

The legitimate interest for this processing is as follows the integrity and security of the website, which is carried out by security through the collection of logs, in particular IP addresses, to recognise possible misuse at an early stage and to be able to take measures to reduce damage.

Your personal data is stored by our provider, with whom an order processing contract within the meaning of Art. 28 DSGVO has been concluded.

SSL-Encryption

For security reasons, our website uses SSL encryption. This ensures that transmitted data is protected and cannot be read by unauthorised third parties. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://"to"https://"and by the lock symbol, which is recognisable in your browser line on the left.

5. Cookies

We use cookies to make the use of our website more attractive, user-friendly, and effective. These are small text files that are stored on your end device and contain information about the websites you have visited. Cookies do not cause any damage to your computer and do not contain viruses.

By making appropriate changes to your browser settings, you can be informed about the setting of cookies and decide individually whether to accept them or generally exclude them, as well as arrange for the automatic deletion of cookies when the browser window is closed. By deactivating cookies, you may not be able to use all the functions of our website.

Used Cookies

Domain

Designation

Function

voltstorage.com

CRAFT_CSRF_TOKEN (Session end)

A CSRF token is a secure, random token (e.g. a synchronisation token or a challenge token) that is used to prevent CSRF attacks.

voltstorage.com

CookieConsent (1 year)

This cookie is used to save the consent settings made by website visitors.

www.tfaforms.com

AWSALBTG (7 days)

This cookie is used to throttle the number of requests.

www.tfaforms.com

AWSALBTGCORS (7 days)

This cookie is used to throttle the number of requests.

www.tfaforms.com

AWSALB (7 days)

This cookie is used to throttle the number of requests.

www.tfaforms.com

AWSALBCORS (7 days)

This cookie is used to throttle the number of requests.

www.google.com

_GRECAPTCHA (6 month)

This cookie is used to distinguish website visitors from bots.

voltstorage.com

_ga_DREWE822VR (2 years)

This cookie is used to count and save page visits.

voltstorage.com

_ga (2 years)

This cookie is used to count and save page visits.

voltstorage.com

_gid (24 hours)

Used to distinguish visitors. The aim is to collect data on how the user moves between pages on the website.

voltstorage.com

_gat_UA-99293743-1 (1 minute)

This cookie is used to throttle the number of requests that are forwarded to Google.

6. Data Transfer to the USA

Among other things, we use tools from companies based in the USA. If these tools are active, your personal data may be transferred and processed there. We would like to point out that the data transfer may take place without special authorisation due to the adequacy decision of the EU Commission in combination with the self-certification of the data recipients in the USA in accordance with the EU-US Data Protection Framework (Art. 45 UAbs. DSGVO).

This self-certification has been reviewed by us and we have concluded an order processing contract with these providers in accordance with Art. 28 DSGVO.

If the data recipients in the USA are not certified in accordance with the EU-US Data Protection Framework, we base the data transfer on the EU Commission's standard contractual clauses (SCCs) in conjunction with a transfer impact assessment.

7. Contacting the Company

You can contact us at any time. We would like to provide you with the following information:

General contact options

As general contact media, you have the option

- by post,

- by phone,

- via E-Mail or

- via contact formular

to get in touch with us.

To process your contact enquiry, we will need to store your communication data (e.g. telephone number, e-mail address) and identification data (e.g. name, address).

The legal basis of Art. 6 UAbs. 1 lit. b) DSGVO applies only if the contact is based on the initiation of a contract or the performance of an existing contractual relationship or the amendment of a contractual relationship.

In all other cases of contact, the processing is based on the company's legitimate interest pursuant to Art. 6 UAbs. 1 lit. f) DSGVO.

The legitimate interest for this processing is as follows: As a company, we pursue the economic interests of individualising and optimising our products, which are declared as economic factors of the company.


Contact option via contact form

You have the option of contacting us via the contact form on the website. For this purpose, the personal details you enter will be stored by us to process your enquiry.

The purpose is to answer your questions and comments about our services. For this purpose, we rely on the legal basis of Art. 6 UAbs. 1 lit. b) DSGVO.

If your contact via the contact form is not a contract initiation, the legal basis of Art. 6 UAbs. 1 lit. f) DSGVO applies. The legitimate interest for this processing is as follows: As a company, we pursue the economic interests of individualising and optimising our products, which are declared as economic factors of the company.


Microsoft Teams

We use Microsoft Teams, a service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA) to conduct telephone and video conferences and online meetings. If online meetings are to be recorded, we will inform you of this before the start of the online meeting and - if necessary - ask for your (verbal) consent. If you do not wish to be recorded, you can leave the online meeting. The following personal data may be processed:

User details: display name, email address, profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, telephone number, location

Text, audio, and video data: You may have the option of using the chat function in an online meeting. In this case, the text entries you make will be processed to display them in the online meeting.

The scope of the data depends on the information you have provided before or during participation in the online meeting.

The transfer of data to the USA is based on the adequacy decision of the EU Commission pursuant to Art. 45 UAbs. 1 DSGVO in combination with the self-certification of the data recipient in accordance with the EU-US Data Privacy Framework.

The legal basis for the processing of personal data during online meetings is Art. 6 Uabs. 1 lit. b) DSGVO.

During the online meeting, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online meeting. The communication content is saved for documentation purposes. If necessary, the online meeting will be recorded and made available to the participants afterwards.


Microsoft Bookings

We use Microsoft Bookings, a service of the provider Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA), to provide you with the option of online appointment bookings.

If you use this service, you will be able to view free time slots of our employees and book an appointment for these times. For this purpose, your name, e-mail address, telephone number, company name, date, and time the form was sent, and the start and end date and time of the telephone appointment are processed.

After submitting the form, you will receive a confirmation e-mail and a calendar invitation.

This data is stored on Microsoft's servers. Data transmission to the USA cannot be ruled out.

The legal basis for the processing of personal data is Art. 6 UAbs. 1 lit. a) DSGVO. You give us your consent by submitting the enquiry form.

The transfer of data to the USA is based on the adequacy decision of the EU Commission pursuant to Art. 45 UAbs. 1 GDPR in combination with the self-certification of the data recipient in accordance with the EU-US Data Privacy Framework.

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

You have the option to withdraw your consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible, or communication that has already begun can no longer be continued

8. Handling of Applicant Data

We offer you the opportunity to apply to us (by e-mail, post or via an application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed, and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated confidentially.

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship.

The website's job board offers you the opportunity to apply directly for an advertised position using an application form. If you apply to us via the application form on the website, your personal data will be automatically sent to the Personio applicant management system (provider is Personio SE & Co. KG, Seidlstr. 3, 80335 Munich). We have concluded an order processing contract with the provider of the system.

The legal basis for this is Art. 6 UAbs. 1 lit. b) DSGVO (general contract initiation) and Section 26 para. 1 BDSG under German law (initiation of an employment relationship). Your personal data will only be passed on within our company to employees who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems for the purpose of implementing the employment relationship based on Art. 6 UAbs. 1 lit. b) DSGVO and § 26 para. 1 BDSG.

If we are unable to make you a job offer, you reject a job offer or you withdraw your application, we will store your application documents for a period of 6 months from the end of the procedure. After 6 months, the data will be deleted, and the physical application documents destroyed. The retention serves as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Inclusion in our applicant pool

If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 UAbs. 1 lit. a) DSGVO). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

We use the Personio system for our application management. The provider is Personio SE & Co. KG, Seidlstr. 3, 80335 Munich, with whom we have concluded an order processing contract.

9. Cookiebot Consent Management

This website uses Usercentrics' cookie consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter referred to as "Usercentrics").

When you visit our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or the revocation of your consent(s)

• Your IP address

• Information about your browser

• Information about your end device

• Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 UAbs 1 S. 1 lit. c) DSGVO.

We have concluded an order processing contract within the meaning of Article 28 DSGVO with Usercentrics.

10. Google Analytics

We use the functions of the web analysis service Google Analytics on our website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors. In doing so, we receive various usage data, such as page views, length of visit, operating systems used and your origin. This data may be summarised by Google in a profile that is assigned to you or your end device. We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data records collected and uses machine learning technologies for data analysis. Google Analytics uses technologies that make it possible to recognise you for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

Via the consent banner on our website, we actively obtain your consent in accordance with Art. 6 UAbs. 1 lit. a) DSGVO. You can revoke this consent at any time.

The transfer of data to the USA is based on the adequacy decision of the EU Commission pursuant to Art. 45 UAbs. 1 DSGVO in combination with the self-certification of the data recipient in accordance with the EU-US Data Privacy Framework.

IP-Anonymisation
In addition, we only use Google Analytics on our website with activated IP anonymisation. This means that your IP address will be truncated by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. We have also concluded an order processing contract with Google. Google processes this data on our behalf, enabling us to analyse website usage by users, compile reports on website activity and collect other information related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
Google refers to the data processing conditions in its own data protection notice. https://support.google.com/analytics/answer/3379636?hl=de&ref_topic=2919631.

Storage Duration

Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 2 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

11. Google Tag Manager

We use the functions of Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This is a tag management system that is used for the purpose of managing website tags via an interface.

To monitor system stability and performance, Google Tag Manager may collect some aggregated data about the triggering of tags. This data does not contain any user IP addresses or user-specific identifiers that could be linked to a specific person. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. Apart from the data in standard HTTP request logs, which are all deleted within 14 days of receipt, Google Tag Manager does not collect, store, or share any information about visitors to our customers' properties, including the page URLs visited. Google Tag Manager triggers other tags, which in turn may collect data. For more information about our use of Google Tag Manager data, please see the Google Tag Manager Terms of Service at

https://support.google.com/tagmanager/answer/7157428 and the Privacy Policy at https://policies.google.com/privacy.

Via the consent banner on our website, we actively obtain your consent in accordance with Art. 6 UAbs. 1 lit. a) DSGVO. You can revoke this consent at any time.

The transfer of data to the USA is based on the adequacy decision of the EU Commission pursuant to Art. 45 UAbs. 1 DSGVO in combination with the self-certification of the data recipient in accordance with the EU-US Data Privacy Framework.

12. Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland on our website to display content on our website correctly and graphically appealing across browsers.

When you visit the website, a connection is established to Google's servers to load the font used and store it on your device.

Your IP address is stored when you connect to the Google servers. In addition to your IP address, other information such as the name of the browser you are using, the version of this browser, the language settings and the screen resolution of the browser are also transmitted.

Transmission to Google servers in the USA cannot be ruled out here. Your personal data will be used by Google for analysis purposes over which we have no control.

The collected information regarding the fonts is stored by Google for 1 year. You can find Google`s privacy policy here: https://policies.google.com/privacy

The legal basis for the processing is your content in accordance with Art. 6 UAbs. 1 lit. a) DSGVO. You provide consent by accepting the use of Google Fonts in our cookie banner. The transfer of data to the USA is based on the European Commissions’ adequacy decision pursuant to Art. 45 UAbs. 1 DSGVO, in conjunction with the recipient´s self-certification under the EU-US Data Privacy Framework.

13. Google reCAPTCHA

We use the functions of Google reCAPTCHA on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google reCAPTCHA is used to check whether users are humans or bots. We want to ensure that bots are not able to interact with the elements on our website.

For this purpose, Google sets a cookie that stores information such as your IP address, browser settings, time zone and screen settings and transmits it to the Google servers in the USA.

The data processing takes place based on your consent (pursuant to Art. 6 UAbs. 1 lit. a) DSGVO).

You can find more information here: https://policies.google.com/privacy?hl=de

The data transfer to the USA is based on the adequacy decision of the EU Commission pursuant to Art. 45 UAbs. 1 DSGVO in combination with the self-certification of the data recipient in accordance with the EU-US Data Privacy Framework.

14. Salesforce

We use the CRM solution Salesforce. The provider is Salesforce Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA.

This system is used to better track and process contacts made via the contact forms on our website. Your data (name, address, email address, telephone number and IP address) is fed directly into the system and processed.

When processing your personal data, we rely on the legal basis of Art. 6 UAbs.. 1 lit. b) DSGVO. When you contact us, your data is used to fulfil pre-contractual measures.

We store your personal data in our system for the duration of the pre-contractual measures and during the term of the contract; if no contract is concluded, we will delete your data after one year.

We would like to point out that a transfer of your data to the USA cannot be ruled out.

To guarantee the security of your personal data, we have concluded an order processing contract with the provider of the solution, considering the adequacy decision of the EU Commission pursuant to Art. 45 UAbs. 1 DSGVO in combination with the self-certification of the data recipient in accordance with the EU-US Data Privacy Framework.

Further information about the processing of your data can be found in Salesforce's privacy policy: https://www.salesforce.com/de/company/privacy/

15. Digital Signature with DocuSign

We use the DocuSign signature platform, a service provided by DocuSign Germany GmbH, c/o Bird & Bird LLP, Maximiliansplatz 22, 80333 Munich.

DocuSign offers the possibility to sign documents digitally or electronically in a legally compliant manner. For this purpose, your first and last name, your address, your e-mail address, your IP address, location data, date and time and the signature you use are processed.

The corresponding contract is uploaded to DocuSign and a secure link is sent to you by e-mail. You can fill in your details in the fields labelled for this purpose and sign the document. The document is then labelled with the date, time, and other details in accordance with the law and stored in DocuSign.

We base this processing on the legal basis of Art. 6 UAbs. 1 lit. b) DSGVO (fulfilment of contract or implementation of pre-contractual measures).

We only transfer your personal data internally to persons who are necessary for the fulfilment of the contract. External transmission only takes place to the processor DocuSign, with whom we have concluded an order processing contract.

During processing, DocuSign may transfer your data to the USA and other third countries, subject to applicable laws. DocuSign has introduced binding internal data protection rules (Binding Corporate Rules) to ensure the protection of your data when it is transferred. You can find more information about DocuSign's binding corporate rules here: https://www.docusign.com/trust/privacy/bcrp-privacy-code and https://www.docusign.com/trust/privacy/bcrc-csb-code. Further data protection provisions of DocuSign can be found here: https://www.docusign.de/de-de/datenschutzerklaerung/datenschutz/

We store your data for the legally specified and necessary period of 10 years. DocuSign automatically deletes your data 120 days after the conclusion of the respective contract.

16. Data Processing via Social Networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook, Twitter/X etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations.

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 UAbs. 1 lit. f) DSGVO.

The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 UAbs. 1 lit. a) DSGVO).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social Networks in detail

LinkedIn

We use the features of the LinkedIn network on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin2, Ireland. LinkedIn uses advertising cookies. If you wish to disable these advertising cookies, you can use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Further details can be found here: https://de.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For more information, please refer to LinkedIn´s Privacy Policy:

https://www.linkedin.com/legal/privacy-policy.

X (formerly Twitter)

On this website, features of the service X (formerly Twitter) are integrated. These features are provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

When the social media element is active, a direct connection is established between your device and the Twitter server. This allows Twitter to receive information about your visit to this website. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your X profile and shared with other users. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X.

Information about what data is processed by X and for what purposes it is used can be found in X´s privacy policy (https://twitter.com/de/privacy), as well as information on how to access your own data at X (https://help.twitter.com/en/managing-your-account/accessing-your-x-data). Additionally, you have the option to request information via X´s privacy form or through archive requests: https://support.twitter.com/forms/privacy https://help.twitter.com/en/managing-your-account/how-to-download-your-x-archive .

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission.

YouTube

We use YouTube, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you start a YouTube video, a connection is established to YouTube´s servers, informing the YouTube server that you have visited our website. If you are logged into your YouTube account, you give YouTube the ability to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account. After playing a video, YouTube may store various cookies on your device. With these cookies, YouTube can obtain information about visitors to our website. The use of this information is intended to prevent fraud, capture video statistics, and improve user-friendliness. This represents a legitimate interest within the meaning of Art. UAbs. 1lit. f) DSGVO. The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 UAbs. 1 lit. f) DSGVO.

You can find more information in the YouTube Privacy Policy at: https://policies.google.com/privacy?hl=de

SECURITY MEASURES

We implement technical and organizational security measures according to the state of the art to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.

17. Rights of the Individual Concerned

Right to information

According to Art. 15 DSGVO, you have the right to request information about your personal data we process. This right includes information about:

• the purposes of processing,

• the categories of personal data concerned,

• the recipients or categories of recipients to whom the personal data have been or will be disclosed,

• the planned duration of storage or, at least, the criteria used to determine that duration,

• the existence of the right to request rectification, erasure, restriction of processing, or objection,

• the existence of the right to lodge a complaint with a supervisory authority,

• the origin of your personal data, if they were not collected from you, or

• the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

Right to rectification

After Art. 16 DSGVO, you have the right to immediate correction of incorrect or incomplete data stored by us.

Right to erasure

After Art.17 DSGVO, you have the right to request the immediate deletion of your personal data stored by us, provided that further processing is not necessary for one of the following reasons:

• the personal data are still necessary for the purpose for which they were collected or otherwise processed,

• to exercise the right to freedom of expression and information

• for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

• for reasons of public interest in the area of public health pursuant to Art. 9 UAbs. 2 lit. h) and i) and Art. 9 UAbs. 3 DSGVO

• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 UAbs. 1 DSGVO in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

• for the establishment, exercise or defence of legal claims

Right to restriction

According to Art. 18 DSGVO, you can request the restriction of the processing of your personal data for one of the following reasons:

• You contest the accuracy of your personal data,

• the processing is unlawful, and you oppose the erasure of the personal data

• We no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or

• You object to the processing pursuant to Art. 21 UAbs. 1 DSGVO.

Right to information

If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 UAbs. 1 and Art. 18 DSGVO, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

Right to transfer

We grant you the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to request the transfer of this data to a third party, provided that the processing is carried out using automated procedures and is based on consent pursuant to Art. 6 UAbs. 1 lit. a) DSGVO, Art. 9 UAbs. 2 lit. a) DSGVO or Art. 6 UAbs. 1 lit. b) DSGVO.

Right of revocation

Pursuant to Art. 7 (3) DSGVO, you have the right to withdraw your consent to us at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In future, we may no longer continue the data processing based on your withdrawn consent.

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 DSGVO. This depends on the federal state of your place of residence, your work or the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Our supervisory authority is

Bavarian State Office for Data Protection Supervision (BayLDA)

P.O. Box 1349

91504 Ansbach

Ansbach, Germany

Online complaint form: https://www.lda.bayern.de/de/beschwerde.html.

Right to object

If we process your personal data on the basis of a legitimate interest in accordance with Art. 6 UAbs. 1 lit. f) DSGVO (f) DSGVO, you have the right to object to this processing in accordance with Art. 21 DSGVO if you can prove special reasons for this. These grounds may arise from your particular situation or be directed against direct advertising. In the latter case, you have a general right to object, which must be implemented by us without specifying the particular situation. You can send your right of objection or cancellation directly by email to datenschutz@voltstorge.com.

Automated decision-making in individual cases including profiling

In accordance with Art. 22 DSGVO, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

However, this does not apply if the decision:

1. is necessary for the conclusion or fulfilment of a contract between the data subject and the controller,

2. is authorised by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or

3. with the express consent of the data subject.

In the cases referred to in 1 and 3, we will take measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

18. Amendment and Update

In the course of updating, there may always be changes to our data protection notice. If changes are made to this notice, we will mark them for you.

Status as of April 2024