Cyber Security · Software · Cloud & AI

I. Name and Address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:

anbit GmbH

Jülicher Straße 72a

52070 Aachen

Germany

Phone: +49 (0) 221 4235 6806

E-mail: info@anbit.io

www.anbit.io

II. General information on data processing

1. Scope of personal data processing

We process our users‘ personal data only to the extent necessary to provide a functional website and our content and services. Our users’ personal data is processed regularly only with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3. Deletion of data and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data in order to conclude or fulfil a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected: name and URL of the retrieved file, date and time of retrieval; amount of data transferred; notification of successful retrieval (HTTP response code); browser type, operating system; user's internet service provider; IP address in abbreviated form and the requesting provider (no clear assignment possible); information about the number of visits to the website.

These data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing

The system needs to store the IP address temporarily to enable the website to be delivered to the user's computer. To this end, the user's IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. If data are stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users' IP addresses are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no right to object for the user.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies: selected language setting of the website.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR. The legal basis for the processing of the data is Art. 6 (1). 1 lit. a GDPR if the user has given his consent.

3. Legal basis for data processing

The purpose of using technically necessary cookies is to make it easier for users to use websites. Some of our website's features cannot be offered without the use of cookies. For these, it is necessary that the browser be recognised even after a page change. We need cookies for the following applications: In order for the website to be displayed in a language that the user can understand, the selected language setting is stored. This is stored using the cookie. The user data collected by technically necessary cookies are not used to create user profiles. These purposes are also our legitimate interest in processing personal data in accordance with Art. 6 Para. 1 lit. f GDPR.

4. Duration of storage, right of objection and deletion

Cookies are stored on the user's computer and transmitted by it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all the website's functions to their full extent. When the browser is closed, the data is deleted.

V. Cookiebot

We use the consent management service Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This enables us to obtain and manage the consent of users of the website for data processing. The processing is necessary for the fulfilment of a legal obligation (Art. 7 para. 1 DSGVO) to which we are subject (Art. 6 para. 1 lit. c DSGVO). For this purpose, the following data is processed using cookies: your IP address (the last three digits are set to ‘0’), date and time of consent, browser information, the URL from which the consent was sent, an anonymous, random and encrypted key and the consent status of the end user as proof of consent.

The key and the consent status are stored in the browser for 12 months with the help of the ‘CookieConsent’ cookie. This ensures that your cookie preference is retained for subsequent page views. The key can be used to verify and track your consent. The data collected in this way will be stored until you request us to delete it, delete the Cookiebot cookie itself or the purpose for its storage no longer applies. The statutory retention requirements remain unchanged. If you activate the ‘Collective Consent’ function of the service to enable consent for several websites with a single end-user consent, the service also stores a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in encrypted form in the third-party cookie ‘CookieConsentBulkTicket’ in your browser: You activate the collective consent function in the configuration of the service. You allow third-party cookies via your browser settings. You have disabled ‘Do Not Track’ via your browser settings. You accept all cookies, or at least certain types of cookies, when you give your consent. The functionality of the website is not guaranteed without the processing. Usercentrics is the recipient of your personal data and acts as a processor for us. The processing takes place in the European Union. Further information on objection and removal options vis-à-vis Usercentrics can be found here (cookiebot's privacy policy on the official website, external link).

Your personal data will be deleted after 12 months or immediately after termination of the contract between us and Usercentrics. Please note our general information on the deletion and deactivation of cookies. The user has the option to revoke his consent to the processing of personal data at any time. The revocation of consent and the objection to the storage can be made at any time by e-mail or telephone to the person named under I. as well as via the contact data mentioned on the website (info@anbit.io). All personal data stored in the course of establishing contact will be deleted in this case.

VI. E-mail contact

1. Description and scope of data processing

It is possible to contact us using the email address provided. In this case, the user's personal data transmitted by email will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the context of sending an e-mail is Art. 6 (1) point f GDPR. The legal basis for the processing of the data is Art. 6 (1) point a GDPR if the user has given his consent.

3. Purpose of data processing

We process the personal data from the input mask solely for the purpose of establishing contact. In the case of establishing contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed as part of the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Right to object and erasure

The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The withdrawal of consent and the objection to storage can be made at any time by email or telephone to the controller named under I. as well as via the contact details given on the website (info@anbit.io). All personal data stored in the course of establishing contact will be deleted in this case.

VII. Tidio chat

Our website uses the live chat and chatbot of Tidio LLC, 180 Steuart St, CA 94119, San Francisco, with offices in:

Tidio Ltd: 220C Blythe Road, W14 0HH, London. Tidio Poland Sp.: Podhalańska 15B, 80-322, Gdańsk

We also offer you the opportunity to get in touch with our company using the chat function integrated into the website. This can be used to make appointments and exchange enquiries. Providing an e-mail address is voluntary with the consent to the temporary use and storage of this data for further contact until the end of the contact. If there is no further contact, this data will be deleted immediately. No further personal data will be exchanged via the chat and the chat user will be clearly informed of this before the chat. Cookies are used to provide Tidio. The connection is encrypted using a 256-bit SSL protocol. We would like to point out that when you visit our website, a connection to the Tidio servers is established and information about the browser, location and operating system you are using can be transmitted. If you wish to prevent this, you must disable JavaScript in your browser. Usage and Log Information: We collect service, diagnostic and performance information. This includes information about your activities (e.g. how you use our services, how you interact with our users through our services, etc.), log files, and diagnostic, crash, site and performance logs and reports. Device and connection information: We collect device-specific information when you install, access or use our services. This includes information such as hardware model, operating system information, browser information, IP address, mobile network information and device identifiers. Please note that Tidio can access your geographical location information and the IP address of the devices on which you use our software.

Status information: We collect information about your changes in the status messages for our services, e.g. when you are online (your ‘presence status’). TIDIO is used to enable communication. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Another legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO, if the user has given his consent. The data protection officer responsible at TIDIO for queries: Hubert Jackowski, Tidio LLC, 812 Foster Ave, Chicago, Illinois 60106, hubert@tidio.net, gdpr@tidio.net, telephone: 663001080.

TIDIO is a member of the EU-U.S. Privacy Shield (official website EU-US Privacy Shield, external link)

Further information on data protection at TIDIO can be found here (official tidio website, external link)

We have concluded a data processing agreement with the providers mentioned above. This is an agreement that is required under data protection law and ensures that the personal data of our website visitors is only processed in accordance with the GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the Tidio contact form, this is the case when the conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option to revoke his consent to the processing of personal data at any time. In such a case, the conversation cannot be continued. Consent can be withdrawn and the objection to storage raised at any time by email or telephone to the controller named under I. or using the contact details provided on the website (info@anbit.io). In this case, all personal data stored in the context of making contact will be deleted.

VIII. Google

We use various services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’) on our website to analyse the use of our website, optimise our marketing measures and improve our interaction with our visitors.

1. Google Analytics

Google Analytics 4 enables us to analyse the behaviour of visitors to our website. Cookies are used to collect information about your use of the website, including: page views, your click path, interactions with the website, clicks on external links, your approximate location (region), technical information about your browser and the end devices you are using (e.g. language settings, screen resolution), the referrer URL (via which website/advertising medium you came to this website). This data is usually transferred to a Google server in the USA and stored there. We have activated IP anonymisation so that your IP address is shortened within the EU or the EEA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. The data sent by us and linked to cookies is automatically deleted after 2 months. Data that has reached the end of its retention period is automatically deleted once a month.

2. Google Ads

We use Google Ads, an online advertising programme from Google, to place ads in Google search results and on third-party websites. As part of Google Ads, we use a tool called conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. These cookies lose their validity after 30 days and are not used for personal identification of the user. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. We learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that could be used to personally identify users. The cookies set by conversion tracking lose their validity after 30 days.

3. Google Tag Manager

Google Tag Manager is a tool that allows us to manage website tags through a single interface. Tag Manager itself does not set any cookies or collect any personal data. However, it does trigger other tags that may collect data under certain circumstances. The Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with the Google Tag Manager. Since the Google Tag Manager itself does not collect any personal data, this tool does not store any such data.

4. Google Lead Forms

We use the Google Ads lead form extensions to capture contact requests directly through our ads. When you fill out a form like this, the information you enter is transmitted to us and processed by us for the purpose of processing your request. Google provides us with this data, but does not store it permanently. Please note that Google processes data in accordance with its own privacy policy when you use these forms. The data collected via lead forms is stored by Google for a period of 30 days. Within this period, we can retrieve the data and process it further. After the 30 days have expired, the data is deleted by Google.

5. Transfer of data to third countries (USA)

The information collected by the above-mentioned services is regularly transmitted to and stored by Google on servers in the United States. We expressly point out that the USA currently does not have a level of data protection comparable to that in the EU. Access to this data by US authorities cannot be ruled out. In this context, you may not have access to comparable legal remedies against state access as within the EU or the EEA. We have concluded standard contractual clauses of the EU Commission with Google to ensure adequate protection of your data. Google provides further information on this at:

• Google Analytics Terms of Service (official Google terms of service, external link)
• Google's privacy policy (official Google privacy policy, external link)

6. Storage period

The data collected and linked with Google Analytics is automatically deleted after 2 months; the deletion is carried out automatically once a month. Cookies from Google Ads Conversion Tracking lose their validity after 30 days. Data collected via Google Lead Forms is available to us for a maximum of 30 days and is then automatically deleted.

7. Legal basis for processing

The processing of your data by the aforementioned Google services is carried out exclusively on the basis of your express consent in accordance with Art. 6 (1) 1 lit. a GDPR.

8. Right of withdrawal and objection

You can revoke your consent at any time with effect for the future by adjusting your cookie settings via the cookie banner on our website. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected. You can also generally prevent the storage of cookies by adjusting the settings of your browser software. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by:

• not giving your consent to the setting of cookies in the first place, or
• download and install the browser add-on to disable Google Analytics (official page for the Google browser add-on, external link)

For more information about terms of use and data protection, please visit:

• Google Analytics Terms of Service (official Google terms of service, external link)
• Google Privacy Policy (official Google privacy policy, external link)

IX. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. Right of access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data relating to you has been or will be passed on;

(4) the envisaged period for which the personal data relating to you will be stored, or, if specific information on this is not possible, the criteria used to determine that period;

(5) the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from the data subject, any available information as to their source;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer. This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the fulfilment of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

2. Right to rectification

You have the right to request the data controller to rectify and/or complete the data if the personal data concerning you that is being processed is incorrect or incomplete. The data controller must carry out the rectification without delay. Your right to rectification can be restricted to the extent that this is likely to make it impossible or seriously impair the fulfilment of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

3. Right to restriction of processing

You can request the restriction of the processing of personal data concerning you under the following conditions

(1) if you dispute the accuracy of the personal data concerning you, for a period of time that enables the data controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the deletion of the personal data and instead request that the use of the personal data be restricted;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or

(4) you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction of processing is lifted. Your right to restriction of processing may be restricted to the extent that this is likely to make it impossible or seriously hinder the achievement of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

4. Right to erasure

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies

(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You revoke your consent, on which the processing is based in accordance with Art. 6 (1) a or Art. 9 (2) a GDPR, and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.

(4) The personal data concerning you has been unlawfully processed.

(5) The personal data concerning you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. c) Exceptions The right to erasure shall not apply to the extent that processing is necessary. that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) and Article 9(3) of the General Data Protection Regulation;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the purposes of that processing; or

(5) for the assertion, exercise or defence of legal claims.

5. Right of access

If you have exercised your right to have the data controller correct, delete or limit the processing, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the controller.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and

(2) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible. The freedoms and rights of others must not be adversely affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications. You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89(1) of the GDPR. Your right to object can be restricted to the extent that it is likely to make it impossible or seriously impair the realisation of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the data controller;

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.

In the cases referred to in paragraphs 1 and 3, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.