Datenschutz

1. Basic Information

We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when using our online offerings, such as our website and online store. The following information also applies to the use of our offerings with mobile devices, such as smartphones or tablets. Personal data in this context includes all data with which you can be personally identified or that can make you identifiable through an identifier, such as your IP address or credit card number.

This privacy policy explains the legal basis and purpose for this. Furthermore, we inform you about your rights regarding the use of personal data. If you have questions regarding the use of your personal data by us, please contact us as the responsible entity (contact details in section 2).

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the responsible party), this online offering uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the padlock symbol in your browser's address bar.

2. Who We Are (Data Controller)

The data controller for the processing of data on our online offering within the meaning of the General Data Protection Regulation (GDPR) is:

SuperX GmbH
represented by the Managing Directors Yilmaz Köknar and Mika Hally
Schönhauser Allee 180
10119 Berlin
hello@superchat.de

Contact details of our company data protection officer: datenschutz@superchat.de.

3. Data Collection When Visiting Our Online Offering

Even the visit of our internet pages (without registration) leads to the automatic anonymized collection of the following data on our server:

• Truncated IP address
• Date/time/timezone of access
• Access status
• Type of access
• Protocol type
• Type and number of pages accessed on our website
• Name and size of accessed files
• Referring website
• Used web browser
• Used operating system

The above non-personal information is automatically collected through the regular functioning of our internet services. There is no merging of this usage data from visiting our pages with the personal data provided through the registration form. For us, the identifiability of usage data is excluded.

We use the above data for the purpose of troubleshooting, creating statistics, and measuring activities on the website, with the aim of increasing the usefulness of our offerings for you. This also constitutes a legitimate interest, justifying data processing under Art. 6 (1) (f) GDPR.

For these purposes, only our IT administrator has access to this data.

We only retain the above data for the duration of your usage; once the usage ends, the data is promptly deleted, but at the latest after seven days.

Through cookies and web analytics services, we receive information as soon as your web browser opens our pages. These identification markers support various service functions of our website and are automatically transmitted to the hard drive of your computer or other mobile devices through your web browser. You can prevent this function by adjusting your browser settings. However, personalized service will not be possible in this case. In these cases, your anonymized IP address may also be transferred to the USA. More information about the cookies and web analysis tools we use can be found below under the heading "Notes on the Use of Cookies and Tools."

4. Contact

On our pages, we have provided an online form through which you can contact us electronically. The required information in the form includes your first and last name, email address, and phone number. We require this data to process your request. Additionally, you can always contact us via email. Contacting us is always voluntary.

We process this data exclusively for the purpose of responding to your inquiry or initiating contact with you, as well as for related technical administration. The legal basis for this processing is Article 6 (1) (b) GDPR, as we need the data mentioned above to initiate, carry out, or terminate a contract with you.

Our internal customer service receives your request.

We do not transmit your inquiries to third countries or organizations outside the EU.

After processing your request, we promptly delete the data related to your contact, but no later than seven days after completing the request. Legal retention periods may oppose this storage period, such as if your request is related to a contract, warranty, or guarantee, in which case we store your request beyond seven days only for the purpose of fulfilling legal retention obligations (Article 6 (1) (c) GDPR). In this case, we delete your data at the latest with the expiration of the legal retention period (§ 147 (3) AO), i.e., after 10 years, starting from the conclusion of the contract. With the expiration of this retention period, we will promptly delete this data without the need for you to request it.

5. Data Processing for Registration to Open a Customer Account and Order Processing

You have the option to register as a customer on our pages. We process this data exclusively for the execution of the contract concluded with you for the use of our online offering or for processing purchases. This data processing is justified under Article 6 (1) (b) GDPR.

All information is voluntary. To process orders based on the purchase contract concluded with you, we require at least the data marked with an asterisk (*) in the registration form.

Our customer service and marketing have internal access to this data, with IT having access only for troubleshooting or system maintenance. The accounting department receives the necessary reports for tax processing.

We do not transmit your inquiries to third countries or organizations outside the EU.

Deletion of your customer account is possible at any time. You can either perform the deletion yourself or send us a corresponding message to the above address.

After the complete execution of the contract with a guest account or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after these periods have expired, unless you have explicitly consented to further use of your data or a legally permitted further use of data on our part has been reserved, about which we will inform you accordingly. If you are registered as a customer with us, we will block all information about purchases that are more than three years old in the purchase history and delete them at the latest after 10 years from the purchase date. You can give us your consent to display data on purchases older than three years, up to a maximum of 10 years, in your purchase history. We will delete your data at the latest with the expiration of the legal retention period (§ 147 (3) AO), i.e., after 10 years, starting from the conclusion of the contract. With the expiration of this retention period, we will promptly delete this data without the need for you to request it.

6. Use of Your Data for Advertising Purposes: Product Recommendations to Existing Customers

If you have ordered products from us and provided your email address, we may, within the framework of legal requirements, send you product recommendations for our own similar products if we have informed you about this during contract conclusion and you have not objected. This form of contact is solely for the purpose of transmitting product recommendations by electronic mail to you as an existing customer. We pursue our legitimate interest in personalized direct advertising to existing customers through this. The legal basis for this is Article 6 (1)

7. Information on the Use of Cookies and Tools

7.1 What are Cookies?

To enhance your experience on our online platform and enable the use of certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device. These files temporarily store information. When you visit our pages, your browser stores these cookies as readable text files. If you are registered with us, cookies help us recognize your device (computer, tablet, or smartphone) when you revisit our online platform. Some cookies may contain personal data.

7.2 What Cookies Do We Use?

We categorize the cookies we use into the following types: necessary cookies, functional cookies, analysis and statistics cookies, and advertising and marketing cookies. Necessary cookies enable you to use our online platform (session cookies). Without this cookie, accessing our pages is not possible. The authentication cookie provides access to the login area. This cookie is essential for registration and access to the login area. Session cookies are deleted after you close your browser.

Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. We use retargeting cookies for advertising purposes, enabling us to display relevant advertising offers outside our online platform. More details can be found in the following overview of used cookies.

7.3 Purposes and Legal Grounds for Using Cookies

Most of the cookies we use do not store information that identifies you individually. Instead, these cookies provide us with general and anonymized information about visitors to our online platform, accessed pages, used browsers and operating systems, and the cities from which visitors come. Partially, cookies are used to simplify the order process by storing settings (e.g., contents of a virtual shopping cart for future visits). If personal data is processed through cookies, the processing is carried out according to Art. 6(1)(b) GDPR to fulfill the contract with you.

We use cookies to gain insights for optimizing functionalities and content, and for measuring the success of our online advertising efforts. This processing is based on legitimate interest (Art. 6(1)(f) GDPR) or your consent for analysis and statistics or advertising and marketing cookies (Art. 6(1)(a) GDPR). You can revoke your consent at any time. Data processing remains permissible until revocation.

Click here to view and change your cookie settings.

7.4 Disabling Cookies**

You can configure your browser to notify you about cookie placement, decide on their acceptance, or exclude their acceptance for specific cases or altogether. Each browser manages cookie settings differently. Information on how to change cookie settings can be found in the help menu of each browser:

• Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/Block-or-allow-cookies
• Microsoft Edge: https://support.microsoft.com/en-us/help/4027947/microsoft-edge-delete-cookies
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
• Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Alternatively, you can find information about setting cookies and making related choices on the website of the Digital Advertising Alliance at www.aboutads.info.

7.5 Third-Party Cookies

We collaborate with advertising partners to make our online platform more engaging. Cookies from partner companies (third-party cookies) may be stored on your device when you visit our online platform. Detailed information about the use of these cookies and the collected data scope is explained below. Some cookies or tools are necessary for us to provide our online platform. The legal basis for processing is the usage contract concluded with you (Art. 6(1)(b) GDPR) or our legitimate interest (Art. 6(1)(f) GDPR), provided there are no conflicting interests or objections. We use all other cookies based on your consent (Art. 6(1)(a) GDPR). Some third-party cookies involve data processing in the USA. We only use cookies with your consent (Art. 6(1)(a) GDPR). These providers (e.g., Google, Facebook) comply with EU-US Privacy Shield regulations and are registered with the US Department of Commerce's "Privacy Shield" program. However, the European Court of Justice has declared this agreement invalid and found that the USA does not possess a level of data protection comparable to the EU.

7.6 Overview of Used Cookies

Here's an overview of the cookies we use.

7.7 Web Analysis Services

7.7.1 Google Analytics

We use the web analysis service Google Analytics in our online platform with your consent. This service is provided by Google Ireland Limited in the EU, EEA, and Switzerland, and by Google LLC in the USA. Google Analytics uses cookies to analyze your use of our online platform.

The generated cookie information about your use of our online platform (including your truncated IP address) is transmitted to a Google server in the USA and stored there. Google evaluates your usage to create statistical reports and provide further services related to usage. The IP address transmitted within Google Analytics is not merged with other data.

We use Google Analytics with the "anonymize IP" extension for web analysis. This setting ensures that Google Analytics removes the last part of your IP address. Google shortens your IP address within the EU or other signatory states before transmission. This prevents direct personal identification. You can prevent cookie installation by adjusting your browser settings.

To prevent Google Analytics from collecting and processing data related to your use of our platform (including your IP address), install the browser plugin available at the following link: https://support.google.com/analytics/answer/181881?hl=en

Google is certified under the EU-US Privacy Shield, but this alone does not guarantee adequate data protection.

For more information about Google Analytics and user data handling, see Google's privacy policy: https://policies.google.com/privacy?hl=en

7.7.2 Hotjar

We use the web analysis service Hotjar on our online platform. This service is provided by Hotjar Limited in Malta.

Hotjar helps us analyze visitor behavior and provides reports and visual representations. This tool also allows us to collect feedback directly from users, improving our online platform. Data collection is anonymized and never reaches Hotjar servers. Hotjar conceals personal data areas.

Hotjar stores data in the browser during your visit and automatically collects the following:

• Anonymous IP address
• Screen size
• Browser information
• Location (country)
• Preferred language setting
• Visited web pages (subpages)
• Date and time of use

You can deactivate Hotjar using the "Do Not Track" header supported by all common browsers. Learn more: https://www.hotjar.com/opt-out

Hotjar tools retain data for one year. Data collected is deleted after one year.

Learn more about Hotjar: https://www.hotjar.com

Hotjar's privacy policy: https://www.hotjar.com/privacy

7.7.3 Mixpanel

We use Mixpanel, an analytics software by Mixpanel, Inc. in the USA.

Mixpanel places a persistent cookie on your device to analyze and forward data. This helps us understand service and website usage for optimization and decision-making. All collected information is subject to this privacy policy. We use the data exclusively for marketing optimization.

Learn about Mixpanel's data handling: https://mixpanel.com/privacy/

You can opt out of Mixpanel data collection by setting an opt-out cookie here: Opt-Out Link

Our use of these analytics tools is based on your consent (Art. 6(1)(a) GDPR).

---

Please note that the links provided are based on the information you originally provided. If there have been changes or updates to the URLs, you should verify them on the respective websites.

7.7.4 LinkedIn Insight Tag

In our online offering, we use the conversion tool "LinkedIn Insight Tag." This is a service provided by LinkedIn Ireland Unlimited Company, located at Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, located at 1000 W Maude Ave, Sunnyvale, CA 94085, USA (hereinafter referred to as "LinkedIn").

The LinkedIn Insight Tag is a small JavaScript code snippet that we use on our website to enable detailed campaign reports and gather valuable information about the visitors to our website. This allows us to track conversions, perform retargeting of our website visitors, and obtain additional information about LinkedIn members who view our advertisements.

If you have given us your consent, this tool sets cookies in your web browser during your visit to our offering and automatically collects the following information:

• URL
• Referrer URL
• IP address
• Device and browser properties (User Agent)
• Timestamp

IP addresses are captured in truncated or hashed form. After 7 days, all data is pseudonymized. These remaining pseudonymized data are deleted within 90 days. LinkedIn does not share personal data with us but provides us with reports and insights (where you are not identified) about the website audience and ad performance.

LinkedIn also offers retargeting for website visitors, allowing us to display targeted ads outside our website using this data without identifying you. We also use non-identifying data to enhance ad relevance and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings: LinkedIn Ad Privacy Settings.

LinkedIn users can influence the extent to which their usage behavior during visits to our LinkedIn page is recorded here: LinkedIn Advertising Settings.

You can revoke your consent to the setting of LinkedIn Insight Tag cookies by our website at any time for the future ("opt-out"). To do so, please click here. The legality of the processing carried out until revocation based on consent remains unaffected.

LinkedIn transfers user data only to countries for which an adequacy decision of the European Commission according to Art. 45 GDPR exists or based on suitable guarantees according to Art. 46 GDPR. LinkedIn Corporation is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: LinkedIn Privacy Shield Certification.

7.8 Retargeting / Remarketing / Recommendation Advertising

7.8.1 Facebook Custom Audience Pixel

We use the Visitor Action Pixel from Facebook (so-called Custom Audience Pixel), a service provided by Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in the EU, EEA, and Switzerland, and by Meta Platforms Inc., located at 1601 Willow Road, Menlo Park, California 94025, USA, in the USA. "Custom Audiences" means creating a "custom audience." This involves a piece of JavaScript code. JavaScript is a scripting language used to evaluate user interactions in web browsers, apps, or other applications. The use of this pixel on our pages allows us to mark, segment, and target visitors with ads. This enables us to measure the success of advertising campaigns and track which person clicked on an ad and then made a purchase. Once this pixel is loaded, it initially transmits general, anonymized data about user behavior, the visited internet pages (URL), and any existing Facebook cookie to Facebook. The tracking is done via a cookie, not the pixel.

Facebook matches this data with registered users on Facebook. Therefore, if you are registered on Facebook, Facebook will associate this data with your Facebook user profile. This data processing may take place on servers in the USA. We have no influence on this data processing at Facebook. The Facebook pixel collects the following data:

• Browser input (everything present in the web protocol, the so-called HTTP headers), namely IP addresses, information about the web browser, the location of the page, the document, the transmitter, and the user.
• Pixel-specific data, namely the pixel ID and the Facebook cookie.
• Button click data, namely all buttons you, as a visitor to the website, have clicked, the labels of these buttons, and all pages visited as a result of button clicks.
• Data for measuring the success of an advertising campaign, namely ad clicks (so-called conversion rate), page type, purchase.
• Purchase details such as email, address, quantity.

You can suppress or deactivate the JavaScript functions of the retargeting pixel via your web browser. You can also adjust online-based advertising by Facebook on the following page: Facebook Ad Preferences

The use of the pixel only occurs with your consent. We have also concluded a contract with Facebook as jointly responsible parties (Art. 26 GDPR). In this contract, we have committed to providing you with appropriate information.

Facebook transfers user data only to countries for which an adequacy decision of the European Commission according to Art. 45 GDPR exists or based on suitable guarantees according to Art. 46 GDPR. Meta Platforms Inc. is certified under the EU-US Privacy Shield along with all affiliated companies, but this alone does not provide an adequate level of data protection: Meta Platforms Privacy Shield Certification

7.8.2 Google Ad Manager (Ad Manager)

Google Ad Manager is a platform for all ad formats. This service is operated by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland, in the EU, EEA, and Switzerland, and by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Ad Manager uses cookies to present you with advertisements that are relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been accessed. The cookies do not contain any personal information. The use of Ad Manager only allows Google and its partner websites to display ads based on previous visits to our online offering or other websites on the internet.

With Google Ad Manager, we can design ads interactively and dynamically in various formats (e.g., video or custom). We can also manage and evaluate our ads. The Ad Manager's cookies enable Google to recognize your browser. This provides us with information that someone has clicked on an ad and was directed to our site. In the context of these advertising measures, we do not collect or process any personal data. We only receive statistical evaluations of our campaigns from Google. Based on these evaluations, we can identify which of the deployed advertising measures are particularly effective. We do not receive any further data from the use of advertising materials, and in particular, we cannot identify users based on this information.

The information generated by the cookies about your use of this website is transmitted to a Google server in the USA and stored there. Google may only transfer this data to third parties on the basis of legal regulations or within the scope of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

You can prevent the collection of data by Google Ad Manager as follows:

• You can prevent the storage of cookies by adjusting your browser software accordingly. Information can be found here: Google Ads Help - Manage your preferences.
• Additionally, you can prevent the collection and processing of data by cookies by installing a browser plugin (Google Ad Settings Browser Plugin).
• Alternatively, you can inform yourself about the setting of cookies and make settings regarding this at the Digital Advertising Alliance at the Internet address aboutads.info.
• If you have made any of the above deactivations, you may not have access to all functions of our website to their full extent for use.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: Google Privacy Shield Certification

We have concluded a contract with Google based on the standard data protection clauses of the EU.

7.8.3 Google Tag Manager

In our online offering, we use Google Tag Manager for the purpose of personalized, interest-based, and location-based online advertising. This service is provided by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland, in the EU, EEA, and Switzerland, and by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Through Google Tag Manager, we can manage website tags through an interface. As a result, we neither use cookies nor capture personal data. The Tag Manager was specifically designed for advertisers and is a container that can be used to mark and manage elements (tags) from Google and other providers. This way, data can be passed on to other cookies or tools. Tags can be added for conversion tracking, website analysis, and other purposes.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: Google Privacy Shield Certification

We have concluded a contract with Google based on the standard data protection clauses of the EU.

For more information about Google Tag Manager, please visit: Google Tag Manager Use Policy

For further information, as well as Google's privacy policy, please visit: Google Technologies and Ads Policies and Google Privacy Policy

7.8.4 Google Ads Remarketing

Our online offering uses the remarketing features of Google Ads, through which we advertise our online offering in Google search results and on third-party websites. The provider of these services is Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland, in the EU, EEA, and Switzerland, and Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, we have embedded a pixel (a code snippet, so-called remarketing tag) into our online offering, which allows Google to set a cookie in the browser of your device. This cookie enables us to display interest-based advertising. For this purpose, a pseudonymous cookie ID is generated, and the websites you have visited are analyzed.

Additional data processing only occurs if you have consented to Google linking your internet and app browser history with your Google account and using information from your Google account to personalize ads that you view on the internet. Information about obtaining user consent can be found here: Google User Consent Policy

If you are logged into Google during your visit to our website and consent to this processing, Google will use your data in conjunction with Google Analytics data to create and define cross-device remarketing target groups. For this purpose, your personal data from Google will be temporarily linked to Google Analytics data to form target groups. More information can be found here: Google Ad Technologies Policies and Google Ads User Consent Policy.

You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plugin available at the following link: Google Ads Help - Opt Out of Personalized Advertising.

Alternatively, you can obtain information about setting cookies and make settings for this at the Digital Advertising Alliance at the internet address aboutads.info. Finally, you can set your browser to inform you about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for specific cases or in general. If cookies are not accepted, the functionality of our website may be restricted.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: Google Privacy Shield Certification

We have concluded a contract with Google based on the standard data protection clauses of the EU. For more information about how Google handles user data, please refer to Google's privacy policy: Google Privacy Policy

7.8.5 Use of Google Ads Conversion Tracking

Our online offering uses the online advertising program "Google Ads" and, within Google Ads, conversion tracking. Conversion tracking is a free tool provided by Google that allows interactions or transactions related to our advertisements to be measured. The tool allows us, for example, to evaluate in a targeted manner whether users subscribe to our newsletters or how often clicks on our ads lead to activities on our online offering (e.g., registrations). We can define the usage actions to be evaluated (so-called conversions) through the tool.

Conversion tracking works technically via the conversion tracking code (so-called "tag"), which is integrated into our online offering. Data on ad clicks is recorded using cookies.

Conversion tracking is set as a cookie when you, as a user, click on an Ads ad placed by Google. This cookie usually loses its validity after 30 days and is used for non-personal (anonymized) identification. As long as the cookie has not expired, if you, as a user, visit certain pages of our online offering, Google and we can recognize that you originally clicked on the ad and were then redirected to our online offering with the conversion tracking tag.

Google assigns certain (customer-specific) cookies to us as Ads customers. As Ads customers, we cannot personally track cookies through our online offering. Instead, we only receive statistical evaluations from Google regarding the information obtained using the conversion cookie. However, we only learn the total number of users who clicked on our Ads ad and were redirected to our online offering with the conversion tracking tag. These statistical evaluations do not contain any information that can personally identify you as a user.

If you do not wish to participate in conversion tracking or want to permanently deactivate cookies for ad preferences, you can deactivate this use in the user settings of your internet browser. Alternatively, you can download and install the browser plugin available at the following link: Google Ads Help - Opt Out of Personalized Advertising. In this case, your user behavior will not be recorded in the conversion tracking statistics. However, deactivating conversion tracking or cookies for ad preferences may result in limitations on the functionality of our online offering.

It is possible that Google processes your data when using conversion tracking on servers in the USA.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: Google Privacy Shield Certification

We have concluded a contract with Google based on the standard data protection clauses of the EU. For more information about how Google handles user data, please refer to Google's privacy policy: Google Privacy Policy

8. Integration of Social Media and Other Services

We integrate content from our profiles on social networks and other services into our online offering. You can access this content through our online offering only if you give your consent to display this integrated content (Article 6(1)(a) of the GDPR).

These providers of social networks (e.g., Google, Facebook) have committed to complying with the privacy provisions of the EU-US Privacy Shield, the legal framework for the transatlantic transfer of data agreed upon by the European Commission and the United States (IMPLEMENTING DECISION (EU) 2016/1250 OF THE COMMISSION of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield). However, the European Court of Justice has declared this agreement invalid and ruled that the US does not have a data protection level comparable to that of the EU (ECJ, Judgment of 16 July 2020 - C-311/18, para. 200, Facebook/Schrems II). US laws grant various security agencies unrestricted surveillance powers, including the use of surveillance programs that enable mass data collection and analysis. US providers are required by national laws to grant security agencies access to the data they process, even if it is processed by a foreign company. By giving your consent, there is a risk that the data collected during visits to social networks or other services will become part of the mass surveillance in the US. In the US, there is no legal recourse or effective judicial process against such surveillance.

8.1 YouTube Videos

On our website, you initially see only inactive screenshots of YouTube videos. No data transfer to YouTube takes place at this stage. Only when you click on this screenshot, a connection to YouTube is established through your web browser in a lightbox (an overlay that appears over the other content on our page).

YouTube is a service offered in the EU, EEA, and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the US by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you directly access a video on YouTube (e.g., on our YouTube channel), your data may be transmitted to a Google server in the US and stored there. Google evaluates your use of our video content on YouTube in this way to compile anonymous reports about video views for us and to provide further services related to video usage. For the use of our YouTube channel, we have concluded a joint controller agreement with Google (Article 26 of the GDPR). In this agreement, we are committed to informing you about this data processing when using our channel on YouTube.

For more information about privacy in the Google service "YouTube," please refer to the provider's privacy policy: https://policies.google.com/privacy?hl=en&gl=en

9. Social Media Presence and Use of Social Media Icons on Our Pages

In our online offering, we do not use active social plugins. We only provide icons that link to our profiles on the following social networks:

• Facebook: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
• Instagram: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
• Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland;
• YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
• Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

We only display these social media icons on our page, and they are designed as inactive icons.

When you click on such a social media icon on our page, it is activated with your consent, and a connection to these third-party providers is established in a separate tab through your web browser. These third-party providers can track visits to our pages through this interaction. If you are a member of one of the social networks, you can share the content of our page with other members from your network by activating the button.

By participating in social networks or by visiting or accessing our social media presences, your data may be processed outside the EU. This can pose risks, as enforcing your rights may be more challenging.

When you access a social network, cookies are usually stored on your device to track user behavior. If you have an account on the respective network and are logged in, your usage behavior may be linked to your account. Social networks can analyze usage behavior for market research and advertising purposes, potentially leading to advertisements being displayed within and outside the social networks. We have no control over this.

We have no control over the data collected and stored about you by social networks. Through our aforementioned social media presences, we receive evaluations of user data and can engage with users through targeted advertising. If users interact with our social media presence and are logged in to an account, we can generally recognize their user profile and view the content of comments or posts on our presence. Therefore, this data processing is carried out jointly with the respective social network provider. We have concluded a joint controller agreement with the providers for the data evaluation in connection with our social media presences (Article 26 of the GDPR). In this agreement, we are committed to providing you with information on data protection. Further information can be found in the privacy policies of the respective social networks. You can also exercise your rights with us. However, the social network provider may fulfill your rights more comprehensively, as they store data related to usage and evaluation.

9.1 Instagram

We operate a social media presence at https://www.instagram.com/superchatde/ through which we showcase photos and posts about our company, provide information about our services, and communicate with customers. When using and accessing our Instagram page, user data is processed by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin (Ireland), and Meta Platforms Inc., 1601 Willow Road, Menlo Park, California (USA) (referred to as "Facebook"). Instagram, owned by Facebook, offers a system through which Facebook distributes advertising via its network.

We analyze the views and interactions on our Instagram page. For this purpose, Facebook creates usage profiles and provides us exclusively with anonymous data, known as "Page Insights." These are summarized data that provide insight into how users interact with our Instagram page. The compiled statistics are transmitted to us exclusively in anonymized form. We do not have access to the underlying data. Regarding this insight service, we jointly process your personal data with Facebook. Therefore, we have concluded a contract between joint controllers.

You can access our Instagram page independently of whether you have a user account on Instagram or not. When you interact with our Instagram page, such as by leaving a comment, clicking a "Like" button, or sending us a message, we process your personal data. We do not share this data with third parties. The terms of use of Facebook apply: https://help.instagram.com/519522125107875

You have the option to comment on our posts, videos, and pictures on our Instagram page. If you leave a comment, you consent to the processing of personal data you provide for the purpose of publication on our page. The legal basis for data processing in connection with Instagram is your consent (Article 6(1)(a) of the GDPR) or our legitimate interest in marketing (Article 6(1)(f) of the GDPR) and providing communication channels with customers and prospects. You can revoke a granted consent for the publication of your comments or likes at any time with future effect by deleting the comment or the relevant content. Revoking consent does not affect the legality of processing carried out based on consent before its withdrawal.

You can influence the extent to which your usage behavior when visiting our Instagram page is captured *here. Additionally, corresponding settings can be adjusted here and here. Data processing can also be objected to here.

Data processing through cookies used by Facebook can also be prevented by browser settings. Facebook transfers user data only to countries for which an adequacy decision of the European Commission according to Article 45 of the GDPR exists or based on suitable guarantees according to Article 46 of the GDPR. Meta Platforms Inc. is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

We have concluded a contract with Facebook based on the EU Standard Contractual Clauses.

9.2 Facebook Fanpage

In addition to our company's website, we also operate a Facebook page (Fanpage). You can find it at https://www.facebook.com/superchatde. Through this page, we present our company, provide information about our products and services, and communicate with customers and prospects.

In this context, we generally only process personal data when you interact with our Facebook page, such as by leaving a comment, clicking a "Like" button, or sending us a message. The legal basis for these data processing activities is your consent (Article 6(1)(a) of the GDPR) or our legitimate interest in marketing and engaging with our customers (Article 6(1)(f) of the GDPR). This includes, for example, showcasing our current offerings, receiving contract-related inquiries, or enabling users to "like," comment on, or upload content to our Facebook page.

We can analyze views and interactions on our Facebook page. For this purpose, Facebook creates usage profiles and provides us exclusively with anonymous data, known as "Page Insights." These are summarized data that provide insight into how users interact with our Facebook page. The compiled statistics are transmitted to us exclusively in anonymized form. We do not have access to the underlying data. Regarding this insight service, we jointly process your personal data with Facebook. Therefore, we have concluded a contract between joint controllers.

In addition to the processing activities described above, Facebook also processes your data for analysis and advertising purposes, including personalized advertising. According to our knowledge, Facebook also uses cookies to track user behavior (across various devices). This allows Facebook to display targeted advertisements on its platform and on third-party sites. Facebook creates personal user profiles based on effective consent (Article 6(1)(a) of the GDPR). Further information can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

Facebook transfers user data only to countries for which an adequacy decision of the European Commission according to Article 45 of the GDPR exists or based on suitable guarantees according to Article 46 of the GDPR. Meta Platforms Inc. is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

We have concluded a contract with Facebook based on the EU Standard Contractual Clauses.

You can revoke a granted consent at any time with future effect. The legality of processing carried out based on consent before its withdrawal remains unaffected. You can also delete or manage information about yourself on Facebook at any time by adjusting the service settings, changing profile data, or deleting your account. More information can be found at: https://www.facebook.com/legal/#privacy-policy-managing-and-deleting-your-information

9.3 WhatsApp

On our pages, we offer the option to get in touch with us through the messenger service WhatsApp. This service is operated in the EU and EEA by WhatsApp Ireland Limited, Attn: Privacy Policy, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"), a company belonging to the Facebook group. The icon on our pages is inactive, and you will only see the mobile phone number through which you can contact us on WhatsApp.

The option to contact us via WhatsApp on our website serves our legitimate interest in marketing, customer engagement, and customer service (Article 6(1)(f) of the GDPR). You are free to decide whether you want to send us messages via WhatsApp. For you, the use of WhatsApp is based on the consent you grant to WhatsApp (Article 6(1)(a) of the GDPR). We then only process the content of the messages you send us, along with your associated mobile phone number and name. This exchange with you via WhatsApp also serves our legitimate interests in initiating or conducting business transactions with you (Article 6(1)(b) of the GDPR).

We receive statistical evaluations from WhatsApp to measure interaction with us. The service automatically has access to all interactions with us.

When you use the service, WhatsApp collects data about you, your account, your messages, network, usage (especially payment services), log information, device and connection data, and location information. Cookies are also installed on your device. WhatsApp also transfers data to other companies in countries for which an adequacy decision of the European Commission according to Article 45 of the GDPR exists or based on suitable guarantees according to Article 46 of the GDPR. Meta Platforms Inc. is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Further details can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/#privacy-policy

We have concluded a contract with WhatsApp based on the EU Standard Contractual Clauses.

You can delete or manage information about yourself on WhatsApp at any time by adjusting the service settings, changing profile data, or deleting your WhatsApp account. More https://www.whatsapp.com/legal/#privacy-policy-managing-and-deleting-your-information.

9.4 Twitter

We operate a social media presence at https://twitter.com/superchatde, through which we showcase photos and posts about our company, provide information about our services, and communicate with customers. When using and accessing our Twitter page, user data is also processed by the U.S.-based company Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Twitter also offers a system for advertising distribution on Twitter at https://ads.twitter.com/.

We analyze the views and interactions on our Twitter page. For this purpose, Twitter creates usage profiles, but provides us with exclusively anonymous data at https://analytics.twitter.com/. These are summarized data that give us insight into how users interact with our Twitter page. The compiled statistics are transmitted to us exclusively in anonymized form. We do not have access to the underlying data. Regarding this analysis service, we jointly process your personal data with Twitter. Therefore, we have concluded a contract between joint controllers.

You can access our Twitter page regardless of whether you have a user account on Twitter or not. We process your personal data when you interact with our Twitter page, such as leaving a reply, clicking a like button, or sending us a direct message. We do not share the data with third parties. You can find information about privacy at Twitter here.

Within the EU, the legal basis for these data processing activities is your consent (Article 6(1)(a) of the GDPR). Twitter users can revoke consent for the publication of their replies or likes at any time, with future effect, by deleting the reply or the relevant content. Revoking consent does not affect the legality of processing carried out based on consent before its withdrawal.

Twitter offers the possibility to object to certain data processing activities; relevant information and opt-out options can be found here.

Twitter users can influence the extent to which their usage behavior when visiting our Twitter page is captured at https://twitter.com/personalization and adjust corresponding settings. Data processing through cookies used by Twitter can also be prevented by browser settings. Twitter Inc. is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

9.5 LinkedIn

We operate a social media presence at https://www.linkedin.com/company/superchatde, through which we showcase photos and posts about our company, provide information about our services, and may publish job advertisements and communicate with customers. When using and accessing our LinkedIn page, user data is also processed by the Irish-based company LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, and the U.S.-based LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085 ("LinkedIn"). LinkedIn also enables a system through which advertising is distributed via its network.

We analyze the views and interactions on our LinkedIn page. For this purpose, LinkedIn creates usage profiles, but provides us with exclusively anonymous data, known as page insights. These are summarized data that give us insight into how users interact with our LinkedIn page. The compiled statistics are transmitted to us exclusively in anonymized form. We do not have access to the underlying data. Regarding this analysis service, we jointly process your personal data with LinkedIn under Article 26 of the GDPR.

You can access our LinkedIn page regardless of whether you have a user account on LinkedIn or not. We process your personal data when you interact with our LinkedIn page, such as leaving a comment, clicking a like button, or sending us a message. We do not share the data with other third parties. The terms of use of LinkedIn also apply here.

The legal basis for these data processing activities depends on the nature of your activity: your consent (Article 6(1)(a) of the GDPR) or our legitimate interest (Article 6(1)(f) of the GDPR) in customer-oriented marketing. LinkedIn users can revoke consent for the publication of their comments or likes at any time, with future effect, by deleting the comment or the relevant content. Revoking consent does not affect the legality of processing carried out based on consent before its withdrawal.

LinkedIn offers the possibility to object to certain data processing activities; relevant information and opt-out options can be found here.

LinkedIn users can influence the extent to which their usage behavior when visiting our LinkedIn page is captured at https://www.linkedin.com/psettings/advertising. Data processing through cookies used by LinkedIn can also be prevented by browser settings.

LinkedIn transfers user data only to countries for which an adequacy decision of the European Commission according to Article 45 of the GDPR exists or based on suitable guarantees according to Article 46 of the GDPR. The LinkedIn Corporation is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

9.6 Xing

We operate a social media presence at https://www.xing.com/pages/superchat, through which we showcase photos and posts about our company, provide information about our services, may publish job advertisements, and communicate with customers. When using and accessing our Xing page, user data is also processed by the German-based company New Work SE, Dammtorstraße 30, 20354 Hamburg ("Xing"). Xing also enables a system through which advertising is distributed via its network.

We analyze the views and interactions on our Xing page. For this purpose, Xing creates usage profiles, but provides us with exclusively anonymous data, known as visitor and subscriber statistics. These are summarized data that give us insight into how users interact with our Xing page. The compiled statistics are transmitted to us exclusively in anonymized form. We do not have access to the underlying data. Regarding this analysis service, we jointly process your personal data with Xing under Article 26 of the GDPR.

You can access our Xing page regardless of whether you have a user account on Xing or not. We process your personal data when you interact with our Xing page, such as leaving a comment, clicking a like button, or sending us a message. We do not share the data with other third parties. The terms of use of Xing also apply here.

The legal basis for these data processing activities depends on the nature of your activity: your consent (Article 6(1)(a) of the GDPR) or our legitimate interest (Article 6(1)(f) of the GDPR) in customer-oriented marketing. Xing users can revoke consent for the publication of their comments or likes at any time, with future effect, by deleting the comment or the relevant content. Revoking consent does not affect the legality of processing carried out based on consent before its withdrawal.

Xing users can influence the extent to which their usage behavior when visiting our Xing page is captured at https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/determination-of-statistics/tracking-in-embedded-external-content and https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/measurement-and-optimisation-of-advertising. Data processing through cookies used by Xing can also be prevented by browser settings.

To the best of our knowledge, Xing uses service providers located in the U.S. as part of its services. The European Court of Justice has determined that the U.S. does not have a level of data protection comparable to that of the EU (ECJ, Judgment of July 16, 2020 – C-311/18, para. 200, Facebook/Schrems II). If a transfer of personal data takes place to the U.S., there is a risk that supervisory authorities may access and evaluate it on a mass scale. However, there is no effective legal remedy against this.

10. Your Rights as the Data Subject

We would like to inform you about your rights as a data subject regarding the processing of your personal data by us.

10.1 Right to Information

You have the right to request confirmation from us as to whether your personal data has been processed. If this is the case, you have the right to obtain information about the personal data concerning you that has been collected, stored, or used, as well as the following information:

• The purposes of processing;
• The recipients or categories of recipients to whom we have disclosed or will disclose the personal data;
• The storage period or the criteria for determining this period;
• The existence of other rights (see below);
• If the personal data is not collected from you, all available information about the origin;
• The existence of automated decision-making, including profiling, and, where applicable, more detailed information.
• You have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR when your data is transferred to a third country or an international organization.

10.2 Right to Rectification

You have the right to demand the immediate correction of incorrect or incomplete personal data concerning you.

10.3 Right to Erasure

You can request the immediate erasure of your personal data. We are obliged to erase your personal data immediately if one of the following reasons applies:

• Your personal data is no longer necessary for the purposes for which we collected or otherwise processed it.
• You withdraw your consent given and there is no other legal basis for the processing.
• You object to the processing (see below).
• Your personal data has been processed unlawfully.
• Erasing your personal data is necessary for us to fulfill a legal obligation under Union law or the laws of Member States.
• We have collected the personal data based on the consent of a child.

10.4 Right to Restriction of Processing

You have the right to demand that we restrict the processing if one of the following conditions is met:

• You dispute the accuracy of the personal data.
• The processing of data is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.
• We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise, or defend legal claims; or
• You have objected to the processing (see below), and it is not yet clear whether our legitimate reasons outweigh your interests.

10.5 Right to Notification

If you have exercised the right to rectification, erasure, or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients vis-à-vis us.

10.6 Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that:

• The processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR; and
• The processing is carried out by automated means.

In exercising this right, you can also request that the personal data concerning you be transmitted directly from us to another controller, where technically feasible. This must not infringe on the freedoms and rights of other persons. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

10.7 Right to Object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is based on the public interest or exercised in the exercise of official authority vested in us or where the processing is necessary for the purposes of our legitimate interests or those of a third party. This includes any profiling based on such processing. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. You also have the right to object to the processing of personal data concerning you by us for scientific or historical research purposes or for statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

10.8 Right to Withdraw Consent for Data Protection

You can withdraw your given consent for data protection at any time with future effect towards us. The withdrawal is possible at any time without any formalities, for example by sending us an email. The legality of processing carried out until the withdrawal is not affected by this.

10.9 Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates applicable law, you have the right to lodge a complaint with a supervisory authority, especially in the country of your habitual residence, place of work, or the place of the alleged infringement. If you have any doubts, you can contact the Berlin Commissioner for Data Protection and Freedom of Information (Friedrichstraße 219, 10969 Berlin, Tel .: 030 138890, Fax: 030 2155050, Email: mailbox@datenschutz-berlin.de), which is responsible for us. This does not affect any other administrative or judicial remedy.