Welcome to our website and thank you for your interest in the fernao Group (hereinafter referred to as "fernao"). Data protection is particularly important to fernao. We would therefore like to inform you here about the type and scope of the processing of personal data, in particular about which personal data may be collected during your visit to our website and for what purposes we use it. Personal data is always processed in accordance with the data protection regulations applicable to fernao, in particular the German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) and, where applicable, the Swiss Data Protection Act (DSG). For the sake of simplicity, we limit ourselves to using the terms and definitions of the GDPR when referring to data protection terms. Where the FADP applies and provides a legal counterpart to a term in the GDPR (e.g. processing instead of processing), this is what is meant. Furthermore, we would like to inform you as a data subject of processing by fernao about your rights in this regard. As changes to the law or changes to our internal company processes may make it necessary to adapt this data protection declaration, we ask you to take note of this data protection declaration regularly. The privacy policy can be accessed, saved and printed at any time.

The controller on this website within the meaning of the GDPR is
fernao group GmbH
Albin-Köbis-Str. 5
51147 Cologne
info@fernao.com

The controller decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.). In principle, the processing of personal data on this website is carried out by fernao group GmbH. In some cases, however, other companies of the fernao group are also involved in the processing or processing outside this website is described. If this is the case, this will be indicated and explained in more detail at the appropriate point in this privacy policy. An overview of the individual subsidiaries can be found here:

You can contact the controller's external data protection officer as follows

Dominik Baum
(fernao information security GmbH)

Albin-Köbis-Str. 5
51147 Cologne
E-Mailprivacy@fernao.com

Below you will find information on the specific purposes and type and scope of the processing of personal data that takes place when you use our website. We also provide you with the legal basis on which the respective data processing is based and the respective storage period, which may be determined on the basis of objective criteria.

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called server log file. When you visit and use our website, we collect the following data

- IP address

- Pages visited on our domain

- Date and time of the server request

- Browser type and version

- operating system used, if applicable, and name of the access provider

- Referrer URL (website from which access is made)

- Host name of the accessing computer

- Name and URL of retrieved files

This data is technically necessary in order to display our website to you and to ensure stability and security. The processing of this data is therefore based on Art. 6 para. 1 lit. f) GDPR and serves to safeguard our legitimate interests with regard to the provision of our website. The data is not merged with other data sources.

The server log files are stored for 7 days. The collection of data to provide and ensure the stability and security of the website and its storage in server log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object. Further storage may take place in individual cases if this is required by law.

If you wish, you can use the contact form or the various e-mail addresses on our website to contact us with your concerns, to make inquiries about our products and services or to receive information about our company. If you use these contact options, we process the following personal data about you (mandatory information marked with *). If your request concerns a fernao company, we process the data jointly with this respective company:

- Surname*

- First name*

- Company*

- Job title

- E-mail address*

- Telephone number

- Subject and content of your contact*

Your data, including your contact details, will only be used to assign and process your contact or to be available for follow-up questions. Your data will not be passed on to third parties.

The data processing described above for the purpose of contacting us is generally carried out in accordance with Article 6(1)(f) GDPR to protect our legitimate interests. These legitimate interests are based on the fact that we would like to respond to your concerns and you can expect a corresponding response from us. If your contact is aimed at an offer of our products and services, the processing is necessary for the fulfillment of pre-contractual or contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR.

The data transmitted to us for the purpose of processing your request will be stored until it is no longer required for the fulfillment of contractual or pre-contractual measures or for the protection of our legitimate interests (e.g. defense or assertion of legal claims, data protection documentation, etc.). Mandatory statutory retention periods may justify further storage in individual cases.

To subscribe to our newsletter, we need your name and an e-mail address. Verification of the e-mail address provided takes place via a confirmation link in a separate e-mail and is required in order to receive the newsletter regularly. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.

The above-mentioned data is collected on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR and used exclusively for the purpose of sending the newsletter. This communication contains information about fernao, interesting events, product and service incentives as well as news on the topics of cyber security, digital infrastructure, business security and business applications, warnings about threats with recommendations for action and exciting surveys on your opinion about fernao as a group of companies, its products and services, as well as upcoming online events and current developments in shaping the digital world, in the IT security industry and in information security and organizational consulting. You can withdraw your consent at any time. An informal notification by e-mail or post to the contacts listed under § 1 or § 2 is sufficient for revocation. You also have the option of unsubscribing via the "Unsubscribe" link at the end of each e-mail. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data entered to set up the subscription to the newsletter will be deleted in the event of unsubscription or revocation. If this data has also been transmitted to us for other purposes and elsewhere, it will remain with us.

For applications, we provide you with an online application platform via which you can send us your documents using an online application form. If your application concerns one of our subsidiaries (this is specified in the respective job description), fernao group GmbH and the respective subsidiary (for an overview, see § 1) are jointly responsible for the application process.

You also have the option of transferring your data from Xing, LinkedIn or your Dropbox to the application form using the buttons provided for this purpose. We have no influence on the processing of further data by these platforms as part of the transfer process, as this is their responsibility. For more information, please refer to the respective privacy policies of Xing, LinkedIn and Dropbox.

The personal data that you transmit to us or, if you apply to one of our subsidiaries, to the joint controllers in connection with your application is as follows:

- Personal details (name, address, marital status, etc.)

- Contact details (e-mail, telephone)

- Details of your professional qualifications and school education

- Information on further professional training and professional situation

- any other data that you send us in connection with your application

If you have sent us this information as part of the application form, it will be recorded and stored in our online application tool. The same applies to applications that you send us by e-mail or post. Further information that you provide to us in telephone calls or personal interviews may also be stored in this applicant tool, e.g. in the form of logs.

Insofar as it is necessary for the decision on the establishment of an employment relationship with us or one of our subsidiaries, the processing of your aforementioned data is based on Art. 6 para. 1 lit. b) and Art. 88 GDPR. Furthermore, we may process your personal data in the application process if this is necessary to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c) GDPR.

If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Art. 6 para. 1 lit. b) and Art. 88 GDPR, insofar as this is necessary for the performance or termination of the employment relationship.

If your application is unsuccessful, the retention period for the aforementioned data is generally 6 months after completion of the application process, unless longer storage is legally required or permitted. The data will be stored insofar as this is necessary to fulfill legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR or to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest may be, for example, the assertion, exercise or defense of legal claims and an associated burden of proof in proceedings under the General Equal Treatment Act (AGG).

If you have given us your consent during or after the application process, we may also include you in the fernao applicant pool. We will then store the data you provided during the application process in order to be able to consider you for future and suitable vacancies at fernao. You can revoke your consent to this at any time informally by e-mail or post to the contact options mentioned under § 1 and § 2. The legality of the data processing carried out until the revocation remains unaffected by the revocation. The data will be stored until you withdraw your consent, but for a maximum of 2 years after the application process has been completed.

Although our customers are exclusively in the B2B sector and are therefore always companies, we communicate with you as a representative or employee of such a company for pre-contractual steps and business transactions. Accordingly, this also involves personal data, for the processing of which the controller in each case is the one of our companies (for an overview, see § 1) with which you have a customer relationship or enter into such a relationship (our holding company does not have any customers of its own).

Pre-contractual steps, conclusion of business & performance of the contract

In this respect, the following personal data is processed insofar as it is necessary for the implementation of pre-contractual measures, the processing of your orders, the handling of your business relationship with the company concerned and the relevant contractual obligations as well as the exercise of any rights:

- Contact data (name, e-mail address, company and, if applicable, job title)

- Content and communication data

- Contract and invoice data

Your data is processed in particular in connection with the following processes

- Electronic communication by e-mail to pass on information and maintain business operations

- Creation of a customer account

- Processing of customer orders, deliveries and payments

- Entering quotations, order confirmations and delivery bills & processing cash invoices for the sale of goods to customers

- Booking incoming payments from customers and balancing customer accounts

- Sending invoices to customers and asserting claims

- Sending customer letters to maintain the customer relationship and announcing news

- Processing invoices, advice notes, reminders and credit notes to monitor incoming payments and receivables from suppliers to identify differences

- If applicable, participant lists for customer events for tracking attendance, invoicing at customer events and planning the event

The legal basis for the collection and processing is therefore Art. 6 para. 1 lit. b) GDPR. Failure to provide the above-mentioned data may mean that the business processes cannot be carried out or cannot be carried out correctly and may have to be discontinued. The transfer of personal data in the context of pre-contractual steps or the execution of the contract takes place within the fernao Group only if other companies (e.g. in the provision of services) are affected.

Due to our structure as fernao group, it is necessary that fernao group GmbH - as holding company - is involved as joint controller for administrative purposes within the scope of administrative and supporting tasks. The legal basis for this is the protection of legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Such a legitimate interest is initially to ensure compliance with governance and compliance requirements (e.g. consent management) and the feasibility of Group accounting within our Group. In addition, we want to generate synergy effects and ensure appropriate data quality, security and economy. We achieve this by, among other things, managing and updating the data required for the customer relationship in a uniform manner and ensuring that unauthorized persons and companies with whom you do not have a business relationship do not have access to your data. This is also in your interest. In this respect, fernao group GmbH is the joint controller with the operating company or companies with which you have a business relationship. Otherwise, further processing will only take place if you have consented within the meaning of Art. 6 para. 1 lit. a) GDPR, if there is legal permission (Art. 6 para. 1 lit. c) GDPR) or to safeguard further legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Customer loyalty and satisfaction

In addition to the aforementioned processing, we also allow ourselves to inform you occasionally about new products or special offers or special events relating to the products and services purchased from us or to contact you from time to time to participate in surveys and interviews on customer satisfaction (participation in the survey is voluntary: more details on this below). This serves to safeguard the legitimate interest in maintaining and cultivating the corresponding customer relationship. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

As soon as the customer relationship ends and/or insofar as the processing of the above-mentioned personal data is not required for other operational purposes or for the exercise, defense or assertion of legal claims, we store this data for a further 10 years after the customer relationship has ended. After this period has expired, the data collected will be deleted or blocked if deletion is not possible. Further storage may take place in individual cases if this is required by law (e.g. under commercial and tax law).

Special features of participation in customer satisfaction surveys and interviews

Customer satisfaction surveys: In such surveys, you have the opportunity to rate the fernao companies with which you have a business relationship and/or fernao as a group. The pseudonymous collection of data in the survey form and the anonymous evaluation are carried out exclusively for statistical purposes and are carried out by fernao group GmbH on behalf of the subsidiary concerned. We use the "Microsoft Forms" tool for this purpose. Microsoft Forms is a service of the Microsoft Corporation (see also § 6 No. 3). The processing is carried out on our behalf.

Please note that this data protection notice only informs you about the processing of your personal data by fernao when using a Microsoft Forms survey. If you require information about the processing of your personal data by Microsoft, please consult the relevant data protection information at Microsoft. Here you will find further information from Microsoft on this topic:

- Microsoft service contract

- Security and data protection in Microsoft Forms

Various types of data are processed when using Microsoft Forms. The scope of the data also depends on the information you provide in the customer satisfaction survey, especially if questions are formulated "openly".

The following personal data is processed, but is de facto anonymous to us, as it is pseudonymized by Forms and this pseudonymization can only be resolved by Microsoft. The results of the statistical analysis are also anonymous:

- IP address

- Preferred language

- Date and time the questionnaire was opened

- Date and time the response was sent

- Information in the survey, if applicable

The information is generally collected in the form of a rating or Likert scale. When entering free text in answer fields, you decide which personal data is transmitted. If you make statements here that can be traced back to you, this may lead to anonymity being removed.

If your personal data is no longer required for the purpose of the statistical survey, it is regularly deleted. The de facto anonymized log data is stored for up to 90 days for access by us. It is only viewed for the purpose of identifying system errors, troubleshooting, clarifying security issues and checking for manipulation or other misuse. It is only accessible to administrators of the M365 platform. Data collected in surveys is kept for as long as it is needed to fulfill the purpose.

Customer satisfaction interviews:

In such interviews, you have the opportunity to evaluate the operating companies with which you have a business relationship and/or fernao as a group. The collection of data during the interview and the anonymous evaluation are carried out exclusively for statistical purposes and are carried out by an external agency and/or fernao group GmbH on behalf of the subsidiary concerned. As direct contact is required to coordinate the interview - with your consent - the following personal data is processed here, which only the external provider collects on a personal basis, but anonymizes as part of the statistical evaluation:

- Name, company, title, e-mail address

- Preferred language

- Date and time the questionnaire was opened

- Date and time the response was sent

- Information on the interview questions

If you make individual statements that can be traced back to you, this may result in anonymity being removed.

If your personal data is no longer required for the purpose of the statistical survey, it is regularly deleted or anonymized. Data collected in the interviews will be kept for as long as it is needed to fulfill the purpose.

Legal basis for surveys and interviews on customer satisfaction: Responding to our surveys or interviews on customer satisfaction is voluntary and is therefore based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time informally by e-mail or post to the contact options mentioned under § 1 and § 2. The legality of the data processing carried out until the revocation remains unaffected by the revocation. Please note that we may no longer be able to comply with your revocation for practical or technical reasons after the statistical evaluation (your data will then be anonymous).

We as fernao are on site for you at trade fairs with our stand. You will always find us there as the fernao Group. This means that we present ourselves together with our subsidiaries or individual companies present themselves as part of the group.

Leader registration at our stand via our online form:

We offer you the opportunity to receive detailed information about our services as fernao, to arrange consultations or to enter into any other exchange with us. To allow us to contact you, you can fill out our digital registration form.

In this registration form, we ask you to provide us with the following personal data (mandatory information is marked with *):
- First name*
- Surname*
- Telephone number
- E-mail address*
- Company name*
- Postal code
- Location
- Topic of interest*
We need this data to register you as an interested person. The data will be used to contact you for business purposes, in particular for information on security notifications, new products and offers. Registration is voluntary and is based on your consent, which forms the legal basis for data processing in accordance with Art. 6 para. 1 lit. a) GDPR.

Fernao group GmbH is responsible for data processing. In addition, those subsidiaries in addition to fernao group GmbH will receive your data for whose topics you have expressed an interest (for an overview, see § 1). Together with these respective subsidiaries, fernao group GmbH constitutes joint controllers within the meaning of Art.art. 26 GDPR.

If you have given your consent to receive our newsletter (information about fernao, interesting events, product and service incentives as well as news on the topics of cyber security, digital infrastructure, business security and business applications, threat warnings with recommendations for action and exciting surveys on your opinion), you will receive an e-mail after submitting your data through the registration form to confirm your consent.

You can withdraw your consent at any time. All you need to do to withdraw your consent is send an informal message by e-mail or post to the contact details given under § 1 or 2. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Your personal data will be stored by the joint controllers until you withdraw your consent. Otherwise, the storage period depends on whether the processing of your data is (still) necessary to achieve the above-mentioned purposes.

We also measure the reach of our activities at the respective trade fair. This involves (statistically) analyzing which professional groups and sectors we have reached. For the purpose of reach measurement, we may also transmit your data to partners who appear with us at the respective trade fair and in whose subject areas you have expressed an interest. For this purpose, you give us your consent in accordance with Art. 6 para. 1 lit. a) GDPR when you contact us during the trade fair. The partners are solely responsible for the lawful processing or the determination of the storage period of your data after transmission - however, we will be happy to inform you of the revocation of your consent to the transmission of your data.

These partners are listed below:

We offer you the opportunity to register for our (online) events on our website. Most of these events are organized by our subsidiaries. If one or more of our subsidiaries are organizers, they are responsible for the processing together with fernao group GmbH, which provides support in carrying out administrative activities (e.g. participant registration and maintenance). In this case, fernao group GmbH, together with the organizing subsidiary(ies), constitutes joint controllers within the meaning of Art. 26 GDPR. When registering, we ask you to provide us with the following personal data (mandatory information is marked with *):

• Salutation
• Surname, first name, company*
• E-mail and (business) telephone number*
• Job title

We require this data in order to register you as a participant in the selected (online) event. Registration for and participation in our (online) events is voluntary and is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR. After submitting the registration form, you will receive a confirmation link from us to the e-mail address you have provided. If you confirm your participation (and thus also your consent) via this link, you will receive a registration link and a password from us.

In the case of events that take place online, registration takes place on the Cisco Webex website, which provides our webinar tool. You must provide Cisco Webex with the following information: First name, last name, e-mail address. The collection or processing of your data during the registration process is the responsibility of Cisco Webex. For more information, please consult the Cisco Webex privacy policy. After completing your registration, Cisco Webex will also send you an invitation to the online event you have selected for your calendar on our behalf.

We are the controller for the implementation of the (online) events and Cisco Webex (if used) is the processor with regard to the provision of the webinar tool. If we conduct an (online) event with one of our partners, it may be necessary for such a partner to view the list of participants in order to conduct the (online) event, in which case we are entitled to pass on your data.

In order to enable you to participate in our (online) event, the following personal data is collected and processed:

• Name and e-mail address
• IP address, browser type and version, operating system used if applicable and hardware information
• Usage data (in particular date, start and duration of your participation, network activity and connection quality)
• Content and communication data (if you communicate with us)

This data is required for registration, (technical) administration and participation in order to provide you with the services of our (online) event. The processing is also based on your consent and voluntary participation in accordance with Art. 6 para. 1 lit. a) GDPR and, when conducting the webinar, to safeguard legitimate interests with regard to security, availability and (if applicable) interaction with you in accordance with Art. 6 para. 1 lit. f) GDPR. Furthermore, your data mentioned in this section may be transferred to the USA by Cisco Webex as part of the registration and provision of the webinar tool. Such data transfer may entail certain risks with regard to the disproportionate data processing practices of the US authorities. Under certain circumstances, this may mean that your rights and freedoms to which you are entitled under European Union law can only be guaranteed to a limited extent, particularly in the USA. For example, your data may be accessed without your knowledge, which may result in further monitoring or sanctions (e.g. entry restrictions) by US authorities. In the registration process, you have given us your consent to such a transfer of your data in knowledge of the risks in accordance with Art. 49 para. 1 lit. a) GDPR.

You can revoke your consent at any time before participating in our (online) event. An informal notification by e-mail or post to the contact details stated under § 1 or 2 is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

After your participation in our (online) event, we would like to contact you by email on similar topics to the (online) events as part of our legitimate interest and for the purpose of direct advertising. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. In this context, contact may be made by telephone if there is a temporal proximity to your participation in one of our (online) events, if you are interested in a topic-specific discussion and if queries are likely due to the complexity of the topic.

Your personal data will only be processed for the administration, implementation and follow-up of the (online) event. We will store your contact details and specific requests for as long as is necessary to respond to your request or until processing for direct marketing purposes is no longer necessary or you object to this. Otherwise, we will delete your data as soon as it is necessary to protect your overriding interests. In individual cases, further statutory retention periods may apply.

Organization of (online) events in cooperation with partners (e.g. software manufacturers)

In particular, we occasionally organize our IT security (online) events together with our partners (e.g. software manufacturers) in order to talk about IT security and present the partner's corresponding products. In this case, fernao is the host and moderator, so that data processing during registration, administration and participation in these (online) events is carried out by us as described above.

For participation in such (online) events, which are carried out in cooperation with a partner, we transmit a list of participants with the data required for registration (title, surname, first name, company, e-mail and (business) telephone number, as well as job title if applicable) to the corresponding partner for organizational reasons after your prior consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

In addition, the partner may receive content and communication data (if you communicate with the speakers and/or moderators in the context of the (online) event) as well as usage data (start and duration of your participation) as part of your participation or the implementation of the (online) event. This processing of personal data serves to safeguard the legitimate interests of fernao and the partner in accordance with Art. 6 para. 1 lit. f) GDPR in order to ensure an overview of the participants and, if necessary, to respond to your questions and comments as a participant. In addition, by participating, you must be aware that under certain circumstances (e.g. in the event of questions or comments) it may not be possible to prevent the personal data mentioned from being disclosed.

In principle, the partners are not permitted to contact you. Please contact the respective partner regarding the handling and storage period of your personal data by the respective partner and/or inform yourself about their data protection provisions, which will be communicated to you during the registration process for the respective (online) event.

Lieferando voucher for participation in online event

As part of our online event, we occasionally offer you the opportunity to receive a free voucher for a food order on Lieferando.de. For this purpose, we must forward your e-mail address to Takeaway.com Group B.V. (hereinafter referred to as "Lieferando") in order to have you stored there as an authorized recipient of a credit note.

The processing (transmission/forwarding) of your e-mail address for the aforementioned purpose requires your express consent as part of the registration process for the corresponding online event.

This processing is therefore carried out on the basis of your voluntarily granted consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent can be revoked informally by e-mail or post to the contact details stated under § 1 and § 2 with effect for the future up to the time of your order.

Lieferando is solely responsible for the processing of your personal data in the ordering process in accordance with its data protection provisions. For billing purposes, we only receive information from Lieferando about the amount of your order, which Lieferando invoices to us accordingly. This processing operation is necessary for the fulfillment of your order with Lieferando in accordance with Art. 6 para. 1 lit. b GDPR.

Your personal data will be stored by us for as long as is necessary to fulfill your order. Further storage may take place in individual cases if this is required by law (e.g. commercial and tax law).

From time to time, we work together with telemarketing agencies to contact selected interested parties by telephone for advertising purposes as part of advertising campaigns. The specific telemarketing company that has commissioned such a campaign and is responsible for it can be seen from the corresponding communication of the respective advertising campaign. Primarily, general company contact data such as "@info addresses" are used. However, in individual cases, contact data of individual persons may also be used, as a result of which we may process the following personal data:

• First names, surnames;
• business telephone number;
• Company affiliation;
• business e-mail address;
• Postal address;
• Job title.

The data originates exclusively from publicly accessible sources or was provided to us voluntarily for contact purposes.
We sometimes carry out such advertising campaigns in cooperation with our partners (e.g. manufacturers). In such cases, basic data is shared with these partners for billing purposes and to measure reach.
The processing of personal data takes place within the scope of our legitimate interest in direct advertising and is therefore based on Art. 6 para. 1 lit. f) GDPR. If interested parties have voluntarily provided us with their data to contact us, the processing is based on this consent in accordance with Art. 6 para. 1 lit. a) GDPR.

We use cookies on our website. These are small text files that are assigned to the browser you are using and stored on your hard disk by means of a characteristic character string and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the website more user-friendly overall.

Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

A distinction is generally made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

The use of technically necessary or essential cookies is intended to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR to provide you with our website with the necessary technical functions.

Before we set cookies that are not technically necessary (i.e. analytics and performance cookies as well as social media and marketing cookies), we obtain your express consent via the "cookie banner" or the "cookie settings" in accordance with Article 6 (1) (a) GDPR and Section 25 (1) sentence 1 of the German Data Protection Act (TTDSG). You can of course change these cookie settings at any time via the "Cookie settings" link in the footer of our website and thus revoke your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to third parties (e.g. Google) and the processing of this data by third parties by

1. Not giving your consent to the setting of the cookie or
2. Downloading and installing an appropriate browser add-on for deactivation.

Essential cookies are technically necessary cookies. These cookies are required for technical reasons so that you can visit our website and use basic functions of our website. In addition, these cookies contribute to a secure and compliant use of the website. The technically necessary cookies are always active.

The following technically necessary cookies are set on our website:

Social media and marketing cookies (from third-party providers) are used by us and third parties to record the behavior of individual users, analyze the collected data and, for example, display personalized advertising. These services allow us to track users across multiple websites and enable us to show you different offers that match your interests. These cookies allow the internet activities of users to be recorded over a longer period of time. It is also possible for social media and marketing cookies to recognize you on different devices you use. In some cases, the use of such cookies may also involve the processing of your personal data (e.g. your IP address, websites visited and other information that may reflect your interests). If you select this type of cookie, the information collected about you in this way may also be transferred outside the European Economic Area, in particular to the USA, as described in our privacy policy. Last but not least, there is a possibility that further processing of the transmitted data (e.g. a usage analysis) may take place exclusively for such a third-party provider's own purposes. Any unlawful processing and transmission of your data caused by these providers cannot be prevented by us, or only to a limited extent, and therefore remains outside our sphere of influence.

The following social media and marketing cookies are stored after your consent when you visit our website

Analysis tool Microsoft Clarity

Meta Conversion Tracking

LinkedIn

Google Ads

Bing Ads

Google Conversion Tracking

LeadLab from WiredMinds

Our website uses the pixel-code technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. This involves processing the IP address of a visitor. The processing is carried out exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances. When processing the data, it is in our particular interest to protect the data protection rights of natural persons. Our interest is based on Art. 6 para. 1 lit. (f) GDPR. The data collected by us does not allow any conclusions to be drawn about an identifiable person at any time.

WiredMinds GmbH uses this information to create anonymous usage profiles based on the behavior of visitors to our website. The data obtained in this way is not used to personally identify visitors to our website.

The anonymized analysis data is stored for as long as is necessary to pursue our legitimate interests. Further periods may be provided for by law in individual cases.

We will only disclose your personal data to third parties and other recipients if this is lawful under the applicable data protection legislation. This requires a legal basis, which usually includes the following situations:

We are legally obliged to disclose the information (e.g. to data protection authorities),

The disclosure is necessary to fulfill our contractual obligations (e.g. to an affiliated company),

It is necessary to protect our legitimate interests (e.g. to external lawyers for compliance reasons)

You give your express consent to do so.

We have also engaged certain service providers who process your data on our behalf and are therefore used as so-called processors (e.g. our website provider and agencies that support us in managing the content on our website). Such processors are contractually obliged to process your personal data exclusively on the basis of our contractual agreement and in accordance with our specified instructions. As processors, our service providers are also recipients of your personal data.

In general, the processing of your personal data takes place within the European Economic Area (EEA). However, in the context of providing this website and its functions, we use certain service providers and/or third-party providers (hereinafter referred to as recipients) who may not process your personal data within the EEA, but in a country outside the EEA (see under 3.). In the case of transfers to recipients outside the EEA, if the EU Commission has not established an adequate level of data protection in such countries (so-called adequacy decision), an adequate level of data protection with regard to the processing of your personal data is to be established by means of appropriate guarantees (e.g. EU standard contractual clauses).

However, when transferring your personal data to a recipient based in a country outside the EEA, it may be the case that the processing cannot establish an equivalent level of protection as in the EEA due to the specific national laws that apply to the recipient in such a country. This is no longer the case for the USA according to the latest adequacy decision for the USA (EU-US Data Privacy Framework). However, doubts remain as to the enforceability of the rights of EU citizens in the USA, as the US authorities are entitled under current US law to view and process the personal data of data subjects whose data is transferred from the EEA to the USA and who are non-US citizens, without special cause and without the possibility of objecting to unlawful access. Accordingly, and in view of the disproportionate surveillance practices of the US authorities, the transfer of data to the USA may entail certain risks. Under certain circumstances, this may mean that your rights and freedoms to which you are entitled under European Union law can only be guaranteed to a limited extent, particularly in the USA.

If we are aware that your personal data will be transferred to countries such as the USA and that an adequate level of data protection cannot be guaranteed, we will ensure before such a transfer that we either implement other suitable and legally required protection and security measures or obtain your express consent and inform you in this privacy policy of the associated risk that your data cannot be protected or cannot be adequately protected against unlawful access or unlawful use, for example.

*AVV= Data processing agreement
sCC= EU standard contractual clauses

Under the GDPR, you have the following rights as a data subject of the processing of personal data vis-à-vis the controller

Withdrawal of your consent to data processing (Art. 7 GDPR)

Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. An informal notification by e-mail or post to the contact addresses of the subsidiaries concerned or fernao group GmbH specified under § 1 is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to data portability (Art. 20 GDPR)

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to information, rectification, blocking, erasure (Art. 15-18 GDPR)

You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time using the contact options listed under § 1 and § 2 regarding this and other questions on the subject of personal data.

Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR)

As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority for data protection issues for fernao group GmbH is

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf
E-mail: poststelle@ldi.nrw.de

Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR on grounds relating to your particular situation or if the objection is directed against direct marketing. In thecase of direct marketing, you have a general right to object, which we will implement without the need for a special situation.

Our website contains so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You can recognize this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies handle your personal data.

As part of the provision of this website and its content, fernao has implemented extensive technical and organizational measures that are regularly reviewed and adapted to technological progress in order to ensure the most complete protection possible. These include the use of recognized encryption methods (SSL or TLS) to protect the transmission of confidential content that you send to us as the site operator. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - e.g. when sent by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the website visitor to protect the data provided by him/her against misuse by encryption or in any other way.

Last update: 05.10.2023