PRIVACY POLICY

Introduction

We take the protection of user data on our website very seriously and are committed to protecting the information users provide us in connection with the use of our website. Furthermore, we are committed to protecting and using your data in accordance with applicable law. This privacy policy explains our practices regarding the collection, use, and disclosure of your data when accessing our digital assets (the „Services“) through your devices. Please read this privacy policy carefully and make sure you fully understand our practices regarding your data before using our services. If you have read and fully understood this policy and do not agree with our approach, you must stop using our digital assets and services. By using our services, you acknowledge acceptance of the terms of this privacy policy. Further use of the services constitutes your consent to this privacy policy and any changes to it. In this privacy policy, you will learn:

• How we collect data

• What data we collect

• Why we collect this data

• To whom we disclose the data

• Where the data is stored

• How long the data is retained

• How we protect the data

• How we handle minors

• Updates or changes to the privacy policy

What data do we collect?

Below is an overview of the data we may collect:

• Unidentified and non-identifiable information that you provide during the registration process or that is collected through the use of our services („non-personal data“). Non-personal data does not allow conclusions to be drawn about who collected it. Non-personal data that we collect consists primarily of technical and aggregated usage information.

• Individually identifiable information, i.e. any information that can identify you or could be identified with reasonable effort („personal data“). Personal data that we may collect through our services may include information that is requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses, and more. When we combine personal with non-personal data, they are treated by us as personal data as long as they are in combination.

How do we collect data?

Below are the main methods we use to collect data:

• We collect data when using our services. So when you visit our digital assets and use services, we may collect, record, and store usage, session, and related information.

• We collect data that you provide to us directly, for example when you contact us directly through a communication channel (e.g. an email with a comment or feedback).

• As described below, we may collect data from third-party sources.

• We collect data that you provide to us when you sign up for our services through a third-party provider such as Facebook or Google.

Why do we collect this data?

We may use your data for the following purposes:

• to provide and operate our services;

• to develop, customize, and improve our services;

• to respond to your feedback, inquiries, and requests and to provide assistance;

• to analyze usage and request patterns;

• for other internal, statistical, and research purposes;

• to improve our ability to ensure data security and fraud prevention;

• to investigate and enforce violations of our terms and policies and to comply with applicable laws, regulations, or governmental requests;

• to provide you with updates, news, promotional materials, and other information related to our services. With respect to promotional emails, you can choose whether or not to continue receiving them. If you no longer wish to receive such emails, simply click the „unsubscribe“ link in these emails.

Who do we share this data with?

We may disclose your data to our service providers to operate our services (e.g. storing data through third-party hosting services, providing technical support, etc.).

We may also disclose your data in the following circumstances: (i) to investigate, detect, prevent, or take action against illegal activities or other misconduct; (ii) to establish or exercise our rights to defend against legal claims; (iii) to protect our rights, property, or personal safety, as well as the safety of our users or the public; (iv) in the event of a change in control at us or one of our affiliates (through a merger, acquisition, or purchase of substantially all assets, among other things); (v) to collect, retain, and/or manage your data through authorized third-party providers (e.g. cloud service providers) to the extent reasonable for business purposes; (vi) to work jointly with third-party providers to improve your user experience. To avoid misunderstandings, we would like to point out that we cannot transmit or otherwise use non-personal data at our discretion to third parties.

Cookies and Similar Technologies

When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytical services („tracking technologies“). These tracking technologies may allow third parties to automatically collect your data to improve the navigation experience on our digital assets, optimize their performance, and ensure a personalized user experience, as well as for security and fraud prevention purposes.

To learn more, please read our Cookie Policy. Without your consent, we will not disclose your email address or other personal data to advertising companies or advertising networks.

Where do we store the data?

Non-personal data

Please note that our companies, as well as our trusted partners and service providers, are located all over the world. For the purposes explained in this Privacy Policy, we store and process all non-personal data that we collect in different legal jurisdictions.

Personal data

Personal data may be maintained, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and other legal jurisdictions as required for the proper provision of our services and/or as required by law (as further explained below).

How long will the data be retained?

Please note that we will retain the collected data for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements. We may correct, supplement, or delete inaccurate or incomplete data at any time at our discretion. We reserve the right to correct, supplement, or delete inaccurate or incomplete data at our discretion at any time.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we can offer our services to you. Your data may be stored on the data storage, databases, and general applications of our hosting provider. It stores your data on secure servers behind a firewall and offers secure HTTPS access to most areas of its services.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) of the PCI Security Standards Council. This is the collaboration of brands such as Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card data (including physical, electronic, and procedural measures) by our shop and service providers.

Despite the measures and efforts taken by us and our hosting provider, we cannot and will not guarantee absolute protection and security of the data that you upload, publish or otherwise transmit to us or others. For this reason, we ask you to set secure passwords and not to transmit confidential information to us or others, the disclosure of which could cause significant or sustained harm in your opinion. Also, since email and instant messaging are not considered secure communication forms, we ask you not to disclose any confidential information through these communication channels.

How do we handle minors?

The services are not intended for users who have not yet reached the legal age of majority. We will not knowingly collect data from children. If you are not yet of legal age, you should not download or use the services and should not provide us with any information.

We reserve the right to request proof of age at any time in order to verify that minors are not using our services. In the event that we become aware that a minor is using our services, we may prohibit and block such users from accessing our services and we may delete all data about such users stored with us. If you have reason to believe that a minor has provided data to us, please contact us as described below.

We only use your personal data for the purposes set out in the privacy policy and only when we are convinced that:

• the use of your personal data is necessary to fulfill or enter into a contract (e.g. to provide you with the services themselves or customer support or technical support);

• the use of your personal data is necessary to comply with corresponding legal or regulatory obligations, or

• the use of your personal data is necessary to support our legitimate business interests (provided that this is always done in a way that is proportionate and respects your privacy rights).

As an EU resident, you can:

• request confirmation as to whether personal data concerning you is being processed or not, and request access to your stored personal data as well as certain additional information;

• request the receipt of personal data you have provided to us in a structured, commonly used and machine-readable format;

• request the correction of your personal data stored with us;

• request the deletion of your personal data; • object to the processing of your personal data by us;

• request the restriction of the processing of your personal data, or

• file a complaint with a supervisory authority.

Please note, however, that these rights may not be unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have any general questions about the personal data we collect and how it is used, please contact us as indicated below. In providing the services, we may transfer data cross-border to affiliated companies or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the services, you consent to the transfer of your data outside of the EEA.

If you are a resident of the EEA, your personal data will only be transferred to locations outside of the EEA if we are convinced that an adequate or comparable level for the protection of personal data exists. We will take appropriate steps to ensure that we have appropriate contractual agreements with our third parties to ensure that appropriate security measures are taken to minimize the risk of unauthorized use, modification, deletion, loss or theft of your personal data and that these third parties always act in accordance with applicable laws.

Rights under the California Consumer Privacy Act

If you use the Services as a resident of California, you may be entitled under the California Consumer Privacy Act („CCPA“) to request access to and deletion of your data. To exercise your right to access and delete your data, please see below for how to contact us. We do not sell users‘ personal data for the purposes and intents of CCPA.

Updates or changes to the Privacy Policy

We may revise this Privacy Policy at our discretion from time to time, and the version posted on the website will always be current (see „Effective Date“). We encourage you to check this Privacy Policy regularly for updates. We will provide notice of material changes to this Privacy Policy on our website. Your continued use of the Services after we post notice of any changes to this Privacy Policy constitutes your acceptance of such changes and agreement to be bound by any such changes.