1. An Overview of Data Protection

General Information The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

• Who is responsible for the data collection on this website? The data processing on this website is carried out by the website operator. Their contact details can be found in the section "Note on the Controller" in this privacy policy.
• How do we collect your data? Your data is collected on the one hand by you communicating it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or after your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access).
• What rights do you have regarding your data? You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future.

2. Hosting

Webflow We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files, including your IP addresses.

Webflow is a tool for creating and hosting websites. The use of Webflow is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable and secure presentation of our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

Data Processing Agreement : We have concluded a data processing agreement (DPA) with Webflow. This is a contract prescribed by data protection law, which ensures that Webflow processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

International Transfer : Webflow, Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. To the extent that the DPF adequacy decision does not apply or ceases to be valid, we additionally base the data transfer on the Standard Contractual Clauses (SCCs) of the European Commission pursuant to Art. 46(2)(c) GDPR.

3. General Information and Mandatory Disclosures

Data Protection The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Note on the Controller The controller responsible for data processing on this website is:

Thinkwerk Systems GmbH Johanna-Kinkel-Straße 1 – 2 93049 Regensburg Germany

Managing Director: Ram Kumar Ganesan

Email: info@thinkwerksystems.de

Storage Duration Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods).

The following specific retention periods apply:

• Server log files : 7 days, unless a security-related incident requires longer retention.
• Contact form data : 6 months after the completion of your inquiry, unless a contractual relationship is established.
• Consent records (Consent Bit) : 3 years from the granting or revocation of consent, in line with guidance from the German Data Protection Conference (DSK).

4. Your Rights as a Data Subject

• Revocation of your consent to data processing (Art. 7(3) GDPR) : Many data processing operations are only possible with your express consent. You can revoke consent already given at any time with effect for the future. The lawfulness of the data processing carried out prior to the revocation remains unaffected.
• Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR) : IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY.
• Right to restriction of processing (Art. 18 GDPR) : You have the right to request the restriction of the processing of your personal data where you contest the accuracy of the data, the processing is unlawful, we no longer need the data, or you have objected to the processing.
• Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR) : In the event of violations of the GDPR, those affected have a right to lodge a complaint with a supervisory authority. The supervisory authority competent for us is:Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach, Germany www.lda.bayern.de
• Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR) : In the event of violations of the GDPR, those affected have a right to lodge a complaint with a supervisory authority. The supervisory authority competent for us is:Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach, Germany
• Right to data portability (Art. 20 GDPR) : You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.
• Information, Correction, and Deletion (Art. 15–17 GDPR) : Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to correction or deletion of this data.

5. Consent Management (Consent Pro)

Our website uses the consent management technology from Consent Pro to obtain your consent for the storage of certain cookies on your end device or for the use of certain technologies and to document this in accordance with data protection regulations.

• Provider : Finsweet Inc., 1001A E Harmony Rd. #15, Fort Collins, CO, 80525, United States.
• Legal Basis: Art. 6(1)(c) GDPR. We are legally required to manage and document your consents.
• Function: Consent Pro stores a cookie in your browser to record the consents you have given or revoked. The data collected in this way is stored for up to 3 years from when the cookie expires or when the data was collected. For international data transfers to the United States, Finsweet complies with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework, as well as the Swiss-U.S. Data Privacy Framework. Data is not shared with unauthorized third parties.

6. Data Collection on This Website

Server Log Files The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring IT security and the stable operation of our website. The data is automatically deleted after 7 days, unless a security-related incident requires longer retention.

Contact Form If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. This data is processed exclusively internally and is not passed on to third parties without your consent. The data will be deleted upon final completion of your inquiry, and no later than 6 months thereafter, unless a contractual relationship is established. Legal basis: Art. 6(1)(b) GDPR.