We welcome you on your visit to our website and look forward to your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legislation on the protection of personal data, in particular the EU General Regulation (EU-GDPR) and the country-specific implementing laws applicable to us. With the help of this data protection declaration, we inform you comprehensively about the processing of your personal data by Hans-Joachim Englert and the rights to which you are entitled. Personal data is the information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, e-mail address and also your IP address. Anonymous data is available if no personal reference to the user can be established. Responsible body Hans-Joachim Englert, Am Mühlberg 16, 61348 Bad Homburg, Tel 06172-928681, info@cirnpro.com, Data Protection Officer Hans-Joachim Englert. Email: Hans-Joachim.Englert@t-online.de.

Your rights as a data subject

First of all, we would like to inform you about your rights as a data subject. Those rights are standardised in Articles 15-22 of the EU-GDPR. This includes:the right of access (Article 15 EU GDPR),the right to erasure (Article 17 EU GDPR),the right to rectification (Art. 16 EU GDPR),the right to data portability (Article 20 EU GDPR),the right to restrict data processing (Art. 18 EU-GDPR),the right to object to data processing (Art. 21 EU GDPR).

To assert these rights, please contact: info@cirnapro.com the same applies if you have questions about data processing in our company. You also have the right to appeal to a data protection supervisory authority. Rights of opposition. Please note the following in connection with objection rights: If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling in so far as it is related to direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The opposition is free of charge and can be made without form, if possible to: info@cirnapro.com.

In the event that we process your data for the protection of legitimate interests, you may object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are complied with. Legal bases for data processing are based in particular on Article 6 of the EU-GDPR. We use your data to start business, to fulfil contractual and legal obligations, to carry out the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct marketing. Your consent is also a data protection permit requirement. In doing so, we will inform you about the purposes of data processing and about your right of withdrawal. If the consent also relates to the processing of special categories of personal data, we will inform you in the consent, Art. 88 sec. 1 EU-GDPR. Processing of special categories of personal data in accordance with Article 9(1) of the EU-GDPR is only carried out if this is necessary due to legal provisions and there is no reason to believe that your interest in the exclusion of processing is beyond the predominant right, Article 88(1) of the EU GDPR.

Disclosure to third parties

We will only pass on your data to third parties within the scope of the statutory provisions or with the appropriate consent. Otherwise, it will not be passed on to third parties unless we are obliged to do so due to mandatory legislation (transfer to external bodies, such as .B. supervisory authorities or law enforcement authorities).

Recipients of data / categories of recipients

Within our company, we ensure that only those persons who need it to fulfil the contractual and legal obligations receive your data. In this way, data may be transferred within the CIRNAPRO Hans-Joachim Englert group of companies. In many cases, service providers support our specialist departments in the performance of their tasks. The necessary data protection contract was concluded with all service providers.

Third country transfer / third country transfer intention

Data transfer to third countries (outside the European Union or the European Economic Area) only takes place to the extent necessary for the implementation of the obligation, is required by law or if you have given us your consent to do so. We transfer your personal data to group companies outside the European Economic Area: China, India, Singapore, Australia, South Korea, Russia, USA, Brazil, South Africa. Compliance with the level of data protection is ensured. Storage time of the data. We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data is (must) continue to be stored. This applies in particular to commercial or tax retention obligations (e.B. Commercial Code, Tax Code, etc.). If no further retention obligations exist, the data will be routinely deleted after the purpose has been achieved. In addition, we may retain data if you have given us your permission to do so, or if there are legal disputes and we use evidence within legal limitation periods that can be up to thirty years; the regular limitation period is three years.Secure transfer of your data. In order to protect the data stored by us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. Security levels are constantly reviewed and adapted to new security standards in collaboration with security experts. The data exchange to and from our website takes place in encrypted form. As a transmission protocol we offer for our website HTTPS, each using the current TLS encryption protocol. In addition, we offer our users content encryption as part of the contact forms. The decryption of this data is only possible for us. It is also possible to use alternative means of communication (e.B. by post).

Obligation to provide the data

Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides. We have summarized details for you in the above-note point. In certain cases, data must also be collected or made available in compliance with legal provisions. Please note that it is not possible to process your request or to execute the underlying liability without providing this data. Categories, sources and origin of the data- The data we process determines the respective context: This depends on whether you .B place an order online or enter a request in our contact form, whether you send us an application or submit a complaint. Please note that we may also provide information for special processing situations separately in a suitable location, e.B. when uploading application documents or when making a contact request. When you visit our website, we collect and process the following data:

Internet service provider name

Information about the website from which you visit us.

Web browser and operating system used

The IP address assigned by your Internet Service Provider

Requested files, amount of data transferred

Information about the websites you visit from us incl. date and time

For reasons of technical security (in particular to prevent attacks on our web server), this data is stored in accordance with Art. 6 paragraph 1 lit. F EU-GDPR. After 7 days at the latest, anonymization takes place by shortening the IP address, so that no connection to the user is established.

As part of a contact request, we collect and process the following data:

Name, First Name, Salutation

Company, Street, No. Postcode and City

Country

phone number,fax number

E-mail address

Type of concern

Your individual message

As part of the ordering process, we process the following data:

Name, First Name, Salutation

Company, Department

Billing address (street, No., zip code, city, country)Delivery address (street, no., zip code, city, country)

VAT ID

Phone number, mobile number

E-mail address

Customer

Contact form / contact by e-mail (Art. 6 sec. 1 lit. a, b EU-DS-GMO)On our website there is a contact form that can be used for electronic contact. If you write to us via the contact form, we process your data provided in the contact form to contact us and answer your questions and requests.

The principle of data economy and data avoidance is observed by only having to provide the data that we need to contact you. These are your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons as well as for legal security. All other data are voluntary fields and can be specified optionally (e.B. for more individual answering of their questions). If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request. If you do not use the forms offered to contact you, no further data collection takes place. Webshop (Art. 6 sec. 1 lit.b EU-GDPR) We process the data provided by you in the context of the order form only for the execution or processing of the contractual relationship, unless you agree to further use. The principle of data economy and data avoidance is observed by only having to provide us with the data that we absolutely need to carry out the contract or to fulfil our contractual obligations (i.e. your name, address, e-mail address as well as the payment data required for the chosen payment method) or to which we are legally obliged to collect. In addition, your IP address is processed for technical

reasons as well as for legal security. Without this data, we will unfortunately have to refuse to conclude the contract, as we will not be able to carry it out or if necessary we will have to terminate an existing contract. Of course, you can also provide more data on your own if you want to.

Registration / customer account (Art. 6 sec. 1 lit. a, b EU-GdpR)

On our website we offer users the possibility to register with personal data. The advantage is that you can in particular view the order history and your specified data for the order form will be stored. If you reorder, you don't have to re-enter them. Registration is therefore either necessary for the performance of a contract (via our online shop) with you or for the implementation of pre-contractual measures or is possible if guest access is also provided. Registration is also required to use our online calculation tools. The principle of data economy and data avoidance is observed, since only the data required for registration are marked with an asterisk (*) as a mandatory field. These are e.B. the e-mail address as well as password including password repetition. For the order in our online shop we also need information about the billing address (address, first name, last name, company, department, address, telephone number for inquiries). Should the delivery address differ from the billing address, additional information for the delivery address must be provided. By registering on our website, the user's IP address, date and time of registration are also stored (technical background data). By triggering the button "Register now" you give your consent to the processing of your data.

Please note: The password you have assigned will be stored encrypted by us. Employees of our company cannot read this password. Therefore, you cannot give you any information if you have forgotten your password. In this case, use the "Forgot password" function, which sends you an automatically generated new password by e-mail. No employee is entitled to request your password from you by phone or in writing. Therefore, please never give your password if you receive such requests. When the registration process is complete, your data will be stored with us for the use of the protected customer area. As soon as you log in to our website with an e-mail address as a username and password, this data will be provided for actions you have carried out on our website (e.B. for orders in our online shop). Orders executed can be traced in the order history. You can specify changes to the billing or delivery address here. Changes/corrections will be made by our customer service if you contact them. Of course, you can register or Also to resolve or delete your customer account. This is possible after logging in to the "My Account" area under the item "Delete user account". After deletion, an e-mail will be sent to you as confirmation.

Payment systems (Art. 6 sec. 1 lit. a, b EU-GDPR), credit assessment (Art. 6 sec. 1 lit. f EU-GDPR)

In our online shop you can pay by PayPal or by credit card. In addition, your IP address is processed for technical reasons as well as for legal security. The principle of data economy and data avoidance is observed by only having to provide us with the data that we absolutely need to carry out the payment processing and thus the processing of the contract or which we are legally obliged to collect. Without this data, we will unfortunately have to refuse to conclude the contract, as we will not be able to carry it out. The payment system we use uses SSL encryption to securely transmit your data.

CIRNAPRO Hans-Joachim Englert is interested in maintaining a customer relationship with you. Therefore, we process your data in order to send you messages by e-mail or by post if necessary. If you do not wish to do so, you can object at any time to the use of your personal data for the purpose of direct marketing. If you object, we will no longer process your data for this purpose. The opposition can be made free of charge and without any reasons and should be sent to +49 6172 928681, by e-mail to info@cirnapro.com or by post to Hans-Joachim Englert, Am Mühlberg 16, 61348 Bad Homburg.

Automated case-by-case decisions

We do not use purely automated processing processes to bring about a decision.

Cookies (Art. 6 sec. 1 lit. f EU-GdpR / Art. 6 sec. 1 lit a EU-GDPR with consent)

Our websites use so-called cookies in several places. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser (locally on your hard drive). These cookies allow us to analyse how users use our websites. In this way, we can design the website content according to the visitor needs. In addition, cookies allow us to measure the effectiveness of a particular ad and, for example, to have its placement based on the thematic user interests. Most of the cookies we use are so-called "session cookies". These will be deleted automatically after your visit. Permanent cookies are automatically deleted from your computer when their validity period (usually six months) is reached or if you delete them yourself before the expiry of the period of validity. Most web browsers automatically accept cookies. However, you can usually change your browser settings if you prefer not to send the information. You can still use the offers of our website without restrictions (exception: configurators). We use cookies to make our offer more user-friendly, effective and secure. In addition, we use cookies to help us analyze how users use our websites. In this way, we can design the content according to the visitor needs. In addition, cookies allow us to measure the effectiveness of a particular ad and, for example, to have its placement based on the thematic user interests. Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in

all popular internet browsers. Please note: Disable the setting of cookies, not all functions of our website may be fully usable.

Online offers for children and persons under 16 years of age may not transmit personal data to us or give us a declaration of consent without the consent of their legal guardians. We encourage parents and guardians to actively participate in their children's online activities and interests. Links to other providers. Our website also contains links to the websites of other companies. Insofar as links to websites of other providers are available, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the contents of these pages. The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the content of the linked pages is not reasonable without concrete indications of a violation of the law. If you become aware of any infringements of the law, such links will be removed immediately.