Privacy Policy.

Protecting your personal data is important to us, which is why we are providing the information below on what data related to your visit is used for which purposes. If you have any additional questions on how we handle your personal data, please contact our data protection officer.

You can deactivate or reactivate all services below with the exception of those that are technically necessary (see next paragraph).

You will also find the link to the privacy settings at the end of each page.

The term "personal data" is defined in the GDPR as any information pertaining to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, your legal name, your address, your telephone number or your date of birth.

If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary in order for us to display our website to you and to ensure stability and security (the legal basis for this is our legitimate interest pursuant to Art. 6(1) sentence 1 lit. f GDPR)

In context of balancing interests pursuant to Art. 6(1) lit. f GDPR, we have considered and weighed our interest in the provision of your personal data against your interest in its data protection-compliant processing. Since the following data may be technically necessary for the provision of our service in order to be able to offer you our website and also guarantee its stability and security, in particular to protect against misuse, we have concluded that this data can be processed while ensuring state-of-the-art data security, thereby adequately accounting for your interest in data protection-compliant processing.

The collection of data for purposes of website provision and the storage of said data in logfiles are absolutely necessary for website operation. Consequently, the user has no right to object.

The processing of personal data may occur on different legal bases. If we need your data in order to fulfill a contract with you or to respond to an inquiry of yours regarding a contract, the legal basis for this data processing is Art. 6(1) sentence 1 lit. b GDPR.

If we obtain your consent for a specific instance of data processing, the legal basis is Art. 6(1) sentence 1 lit. a GDPR. We process some data on the basis of our legitimate interest, in which context we always balance our legitimate interests against your protected interests. The legal basis for this is Article 6(1) sentence 1 lit. f GDPR. Insofar as such processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6(1) sentence 1 lit. c GDPR.

What follows is an explanation of how we process personal data via our website.

Our website uses cookies. Cookies are files stored on your computer by a website that you visit; they enable future re-identification of your browser. Cookies transmit information to the entity that uses the cookie. Cookies can store various types of information, such as your language settings, the length of your visit to our website or any information you enter during your visit. This, for example, prevents you having to re-enter required form data each time you use the website. The information stored in cookies can also be used to identify preferences and tailor content to your areas of interest.

There are different types of cookies: Session cookies are quantities of data that are only stored in the RAM temporarily; they are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The information in this type of cookie can also be stored in text files on your computer. However, you may also delete these cookies at any time through your browser settings.

First-party cookies are set by the website you are currently visiting. Only that website may read information from such cookies. Third-party cookies are set by organizations other than the operators of the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for potential processing of personal data using cookies may vary, as may the retention period for such data. If you have given us your consent, the legal basis is Art. 6(1) sentence 1 lit. a GDPR. Insofar as the data processing takes place on the basis of our overriding legitimate interests, the legal basis is Article 6(1) sentence 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and – with your consent – to tailor our services to your preferred areas of interest.

You can delete cookies already stored on your device at any time. If you want to prevent cookies from being stored, you can do so by changing your browser settings accordingly. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can install what are known as ad blockers. Please note that some functions of our website may not work if you have deactivated the use of cookies.

We also display an info banner indicating our use of cookies and referring to this data protection policy to all users when they first access our website. As a user, you are also asked for your consent to the use of certain cookies, in particular those relevant to marketing measures and personalization of services. You can withdraw your consent at any time, effective for the future, by clicking on the link at the end of each page (the footer) to access tracking settings and then unchecking the box beside the type of processing you previously consented to. "

We use the Usercentrics service to manage consent on our website. Usercentrics is software by Usercentrics GmbH, Rosental 4, 80331 Munich.

Usercentrics identifies the language used by your browser. A cookie is set in order to check whether you made any selections on our consent tool on a previous visit to our website. This cookie is necessary in order for the website to detect whether you have consented to tracking or not. In addition, a log file is created in order to be able to prove that consent has been given. This file contains your IP address in anonymized form, information about the browser you are using, data on the scope of consent granted, and the date and time of your visit.

The legal basis for such processing is our legitimate interest in accordance with Art. 6(1) sentence 1 lit. f GDPR.

The purpose of such data processing is to allow user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to grant or withdraw consent, and we want to offer increased transparency regarding data processing by means of cookies, pixels, tags, etc. This purpose for data processing also represents a legitimate interest of ours.

Your consent or rejection of the usage / delivery of services that may store cookies will be saved to the local storage of your end device. The consent data (consent granted and revocation of consent) remain stored on your computer until your local storage is cleared. In order to enable comparison, Usercentrics saves this information as hash values for 3 years.

For transparency purposes, we wish to note that we use Google Tag Manager. Google Tag Manager does not collect any personal data itself. Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and target group orientation, and to test and optimize websites. We use the Tag Manager for all digital services listed in this Privacy Policy. If you have deactivated it, Google Tag Manager will take this deactivation into account. For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html .

We use various services for purposes of analyzing and optimizing our websites; these services are described below. We use these services to analyze how many users visit our website, which information is most in demand and how users find our online presence. We also collect data about which websites users come to our site from (referrers), which subpages of our website they access, and how often each subpage is viewed for how long. This helps us to make our online information more user-friendly, identify errors and improve our online presence.

Our website uses the open source web analytics software Matomo, a service of InnoCraft Ltd., 7 Waterloo Quay, PO625 Wellington, New Zealand. Since InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg (privacy@innocraft.com). The software is only operated on its own servers.

Cookies are used that enable analysis of website usage. For this purpose, the usage information collected via the cookie (including your truncated IP address) is transmitted to our server and stored for usage analysis purposes. No data is transmitted through Matomo to servers beyond our control. As part of this process, your IP address will be anonymized immediately, such that you will not be identifiable to us as a user. The information collected about your use of this website will not be passed on to third parties.

We use the collected data to conduct statistical analysis of user behavior, for purposes of optimizing website functionality and stability as well as marketing purposes. Our interest and purpose in data lies in optimizing our website, adapting content, and improving our products and services. User interests are sufficiently protected by anonymization. We only store analysis data for as long as necessary for data processing purposes, and for no more than 14 months.

The legal basis for the data processing described is your consent, Art. 6(1) sentence 1 lit. a GDPR. You can withdraw previously granted consent at any time, effective for the future, by changing your cookie settings (see above, under Tracking Settings). Alternatively, you can delete your cookies (all of them, or only those linked to this website). The banner with the selection options will then be displayed again.

We use cookies for marketing purposes in order to appeal to our users through advertising that fits their interests. We also use cookies to limit the probability of an advertisement being displayed, and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6(1) sentence 1 lit. a GDPR.

In context of usage-based online advertising, we use Custom Audiences, a service provided by Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA). When we use this service (as a company from the EU), our data processor is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

For this purpose, we define target user groups in the Facebook advertising manager based on specific features; advertisements are then displayed to those users within the Facebook network. Facebook selects users on the basis of the profile information they provide and other data generated through Facebook usage. If a user clicks on an advertisement and then comes to our website, Facebook is notified via the Facebook pixel on our website that the user has clicked on the banner.

Generally speaking, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. As part of this process, a Facebook cookie is set. The Facebook cookie collects information regarding your activities on our website (e.g., browsing behavior, subpages visited, etc.). Your IP address will also be stored and used for geographical management of advertising.

We do not use Facebook Custom Audiences through our customer list or the “advanced comparison” function.

The legal basis for the data processing described is your consent, Art. 6(1) sentence 1 lit. a GDPR. You can withdraw your consent at any time, effective for the future, by changing your tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with the selection options will then be displayed again.

For more information on the purpose and scope of Facebook's collection and subsequent processing and usage of data, as well as on the settings options available to you for privacy protection purposes, please consult Facebook’s data protection guidelines. You can change settings on which advertisements are displayed to you on Facebook by clicking this link or adjusting your Facebook account settings.

If you consent to the data processing described, Facebook will, of course, have access to your data as well. Specifically, your data may be made accessible to both Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Facebook Inc. is located in a non-EU country with lower standards of data protection and security.

Since August 31, 2020, Facebook has been offering a “Facebook EU Data Transfer Addendum,” under which the standard contractual clauses shall apply in cases where Facebook Ireland Limited processes data from the EU/EEA as a contract processor and transmits it to Facebook Inc. as a sub-processor.

More information on Facebook's Custom Audiences service is available here: https://de-de.facebook.com/business/help/449542958510885 .

For more information on data processing and storage duration, contact the provider or visit https://www.facebook.com/about/privacy .

Logged-in users can deactivate the "Facebook Custom Audiences" function under https://www.facebook.com/settings/?tab=ads# .

In context of evaluating our online advertising, we use the LinkedIn Conversion Tracking service provided by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085–2810 USA. The office responsible for users in the EU/EEA and Switzerland is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

For this purpose, we define target user groups in the LinkedIn Campaign Manager based on specific features; advertisements are then displayed to those users within the LinkedIn network. Users are selected by LinkedIn on the basis of the profile information they provide, as well as other data generated through their use of LinkedIn. If a user clicks on an advertisement and then comes to our website, LinkedIn is notified via the Conversion Tag on our website that the user has clicked on the banner.

The LinkedIn tag thereby allows capture of the following data:

• Website visited, including the URL,
• Referrers
• IP address
• Device and browser properties (user agent)
• and time stamp.

The IP addresses are shortened or hashed (for cross-device use) by LinkedIn. Information that could be used to identify members directly is removed within seven days in order to pseudonymize the data. The remaining pseudonymous data is then deleted within 180 days.

LinkedIn does not share personal data with us as website operators; it only provides us with reports and notifications (that do not identify users) regarding website traffic and advertising performance. LinkedIn also offers "retargeting," which allows us as website operators to use this data in order to display personalized advertisements outside our website, without identifying individual members. Data that does not identify you is also used to improve advertising relevance and reach LinkedIn members across various devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers users wishing to adjust their advertising preferences to the following link: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest .

We process this data in order to evaluate our advertising campaigns. The legal basis for the data processing described is your consent, Art. 6(1) lit. a GDPR. Data for LinkedIn Conversion Tracking will not be processed without your consent via our cookie banner. You can withdraw your consent at any time, effective for the future, by changing your tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. . The banner with the selection options will then be displayed again.

As part of LinkedIn Conversion Tracking, LinkedIn naturally has access to the listed data. Specifically, your data may be accessible to both LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085–2810 USA.

LinkedIn Corporation is located in a non-EU country with lower standards of data protection and security. Since it cannot be ruled out that the data collected by the pixel described here will be transfered to LinkedIn Corporation, appropriate safeguards are required to guarantee an adequate level of data protection.

As part of the applicable LinkedIn service agreement, LinkedIn offers LinkedIn Services customers a data processing agreement with associated standard contractual clauses, which you will find here: https://www.linkedin.com/legal/l/dpa .

For more information on the purpose and scope of LinkedIn's collection and subsequent processing and usage of data, as well as on the settings options available to you for privacy protection purposes, please consult LinkedIn’s data protection guidelines.

You can find more information on LinkedIn Conversion Tracking at: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started

You can find more information on data processing and storage duration at https://www.linkedin.com/help/linkedin/answer/65521?lang=de .

We use the Google Ads service. Google Ads is an online advertising program offered by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is responsible for users in the EU/EEA and Switzerland.

This means that we place advertisements through Google Ads, and as part of this, we also use Google remarketing and conversion tracking as well as the conversion linker. The advertisements are displayed on Google’s search results pages and on websites that are part of the Google advertising network. We also use Ads remarketing lists for search advertisements. This allows us to tailor advertising campaigns for users who have previously visited our website. The services allow us to combine our advertisements with certain search terms or display advertisements to previous visitors that, for example, advertise services that the visitors have previously viewed on our website. As such, it allows us to show users of our website interest-based advertising on other websites within the Google advertising network (as a “Google ad” within the scope of Google searches or on other websites).

Analyzing online user behavior is required for interest-based advertising. Google uses cookies to perform this analysis. Clicking on an ad or visiting our website results in Google placing a cookie on the user's computer. These cookies expire after 90 days. The information collected through the cookie allows Google to direct targeted offers at the user in later search queries. For more information on the cookie technology used, check the information Google provides regarding website statistics and data protection. The conversion linker also allows us to save click data in order to evaluate conversion tracking information effectively. This allows us to see whether users complete a particular action (e.g., ordering services) after clicking on an advertisement we placed via Google Ads. For this reason, we use the conversion linker tag on pages that users can land on after clicking one of our ads. The conversion linker tag thus allows us to capture ad-clicking information for the conversion page URLs and save it to our own first-party (rather than third-party) cookies on our domain.

This technology gives both Google and us as customers information when a user clicks on an ad and is redirected to our website. Information obtained in this manner is only used in statistical analyses for purposes of advertisement optimization. We do not receive any information that could be used to personally identify visitors. Since we use Google IP masking on this website in context of Google Analytics, your IP address will be transmitted to Google, but in anonymized form.

Log data is anonymized after 9 months and cookie information is anonymized after 18 months.

The statistics Google provides us include the total number of users who clicked on one of our advertisements and, if applicable, whether the users were forwarded to a page on our website with a conversion tag. These statistics help us track which search terms were associated with a particularly high rate of advertisement clicks, and which ads led to users making contact using our contact form.

You can find more information on data protection in context of Google Ads at: https://policies.google.com/technologies/ads?hl=de .

Insofar as data is processed outside the EU/EEA, in order to establish a secure level of data protection, the agreement we have entered into with the service provider incorporates the standard data protection clauses adopted by the EU Commission pursuant to Art. 46 GDPR; these clauses permit the transfer of personal data to a third country in individual cases.

The legal basis for the data processing described is your consent, Art. 6(1) sentence 1 lit. a GDPR. You can withdraw your consent at any time, effective for the future, by changing your tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner linking to the selection options will then be displayed again.

You can also adjust your ad settings ( https://adssettings.google.com/authenticated?hl=de ) to select the types of advertisements you want to see or deactivate interest-based advertisements on Google.

When registering for our newsletter on our website or via Advertising Lead Forms (see below), you may also enter your phone number so that we can contact you for marketing purposes; this will enable us to provide information to you via e-mail and telephone/SMS within the scope of the consent you have given, insofar as you have consented expressly (Art. 6(1) sentence 1 lit. a GDPR). By consenting to receive the newsletter and to be contacted by telephone, you agree to receive:

• Product and service information (such as accessories, cooking system orientation, kitchen consultancy)
• Invitations to events and scheduled appointments (such as cooking events, expert cooking, Academy events, trade fair events)
• Customer satisfaction surveys

From RATIONAL AG, Siegfried-Meister-Straße 1,86899 Landsberg am Lech, or its relevant subsidiaries. Only the company responsible for you will contact you. Jurisdiction depends on where your company is officially based/your business activities take place.

We use a double-opt-in procedure with registrations for our newsletters and on any other consent to marketing communication via email. This means that, after you provide your email address, we will send a confirmation email to the specified address and ask you to confirm that you want the newsletter to be sent. If you do not provide confirmation within 24 hours, your registration will be automatically deleted from the database. If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe from the newsletter. The sole purpose of storing this data is to make it possible for us to send the newsletter. When you register and confirm your registration, we also save and time stamp the IP addresses from which this occurs so that we have evidence of your registration in case of doubt and, if applicable, can trace any misuse of your personal data. The legal basis for logging registrations is our legitimate interest pursuant to Art. 6(1) sentence 1 lit. f GDPR in proof of previously granted consent, see also Art. 7(1) GDPR.

Provision of additional, separately marked information is voluntary; any such information will be used exclusively for personalizing newsletters and/or for marketing telephone calls. The legal basis for this is your consent within the meaning of Art. 6(1) sentence 1 lit. a GDPR.

You can revoke your consent to receiving the newsletter or being contacted by telephone for marketing purposes at any time. You can withdraw your consent by clicking on the link provided in every newsletter email, by emailing privacy@rational-online.com , or during the telephone call.

We use Advertising Lead Forms on Facebook and LinkedIn to provide a contact form through which interested parties can contact us directly at their own initiative. Alternatively, of course, users can always contact us directly through the contact forms on our website or via email.
You can register for events using these Advertising Lead forms. We will then process the data in order to answer your questions, address your concerns, and enable you to participate in our webinars upon request. This also constitutes our legitimate interest in processing as defined in Art. 6(1) sentence 1 lit. f GDPR.

Any data of yours that we receive in context of such contact will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your inquiry has been fully processed, and you no longer require or desire further communication.

Provision of your personal data is required neither contractually nor statutorily.
No automated decisionmaking, including profiling, occurs on our end.

The personal data specified above is transmitted to various recipients within and outside the EU/EEA.
Specifically, the recipients are as follows:

Recipients within the RATIONAL Group (national subsidiaries) and partner companies
Only the company responsible for you will contact you. Jurisdiction depends on where your company is officially based/your business activities take place.

External service providers in context of order processing pursuant to Art. 28 GDPR:

• LinkedIn Ireland Unlimited Company
  Wilton Place,
  Dublin 2, Ireland
  LinkedIn's current data processing agreement and standard contractual clauses can be found under: https://legal.linkedin.com/dpa/DE.
• Facebook Ireland Ltd.
  4 Grand Canal Square
  Grand Canal Harbor
  Dublin 2 Ireland
  Since August 31, 2020, Facebook has been offering a “Facebook EU Data Transfer Addendum,” under which the standard contractual clauses shall apply in cases where Facebook Ireland Limited processes data from the EU/EEA as a contract processor and transmits it to Facebook Inc. as a sub-processor.

We wish to make it expressly clear that LinkedIn and Facebook store user data (e.g., IP address, possibly personal interests, behavior on the two providers' pages, personal information on file within those networks, etc.) and utilize it for business purposes.

We have no control over the processing and further use of this data, as Facebook/LinkedIn alone determines whether and how it is processed. It is not currently possible for us to trace where or for how long data is stored, how extensively the data is linked and analyzed, or to whom the data is forwarded. Similarly, we have no information or influence on deletion deadlines, i.e., whether and to what extent data is deleted after the specified time period.

More information on the purpose and scope of LinkedIn's data collection, further processing, and usage can be found in the LinkedIn data protection policy, as can information regarding privacy-related settings options.

We use the Google Ads Lead Form extensions to provide a contact form through which interested users can contact us directly. Google Ads Lead Form Extensions are a service of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is responsible for users in the EU/EEA and Switzerland. Alternatively, of course, users can always contact us directly through the contact forms on our website or via email.

You can register for our (cooking) events using the Google Ads Lead Forms.

When you contact us via a Google Ads Lead Form, we will only process the data you provide (your e-mail address, your full name, your telephone number, your city/state and ZIP code, your job title and company name) in context of handling your request to participate in one of our cooking events and enabling you to do so. This also constitutes our legitimate interest in processing as defined in Art. 6(1) sentence 1 lit. f GDPR. Processing of the data for other purposes is not foreseen.

Any required personal data is marked as mandatory on the registration form; any additional information is voluntary.

If you register for one of our cooking events, any of your data that we obtain in the course of contacting you will be deleted after no more than 24 months, provided that you neither initiate nor desire further communication during that period and that no such communication is necessary.

You can object to the described processing of personal data shared with us through a Google Lead Form at any time, effective for the future. To do so, email us at privacy@rational-online.com and express your wish to withdraw consent going forward.

The personal data specified above is transmitted to various recipients within and outside the EU/EEA.

Specifically, the recipients are as follows:

Recipients within the RATIONAL Group (national subsidiaries) and partner companies

Only the company responsible for you will contact you. Jurisdiction depends on where your company is officially based/your business activities take place.

In principle, data transferred outside the European Union is not protected to the same high standard provided within Europe.

To the extent that data is processed outside the European Economic Area/EU, where data protection to the European standard is not guaranteed, Google states that it uses standard contractual clauses. For more information on how user data is handled in such cases, consult the contract data processing conditions for Google advertising products and services: https://business.safety.google/intl/de/adsprocessorterms/

If you interact within the framework of Google services, Google will obviously have access to your data as well. We wish to make it expressly clear that Google stores user data (e.g., IP address, possibly personal interests, behavior on Google pages, personal information on file with Google, etc.) and utilizes it for business purposes.

We have no control over the processing and further use of this data, as Google alone determines whether and how it is processed. It is not currently possible for us to trace where or for how long data is stored, how extensively the data is linked and analyzed, or to whom the data is forwarded. Similarly, we have no information or influence on deletion deadlines, i.e., whether and to what extent data is deleted after the specified time period.

Google's own privacy policy and terms of use are available HERE .

Information on the data processing conditions applicable between data controllers for Google advertising products is available HERE .

Additional information on how Google itself processes data is also available at: https://business.safety.google/ .

You can find more information on Lead Form extensions here:

https://support.google.com/google-ads/answer/9423234?hl=de&ref_topic=9716366

The information on Google Ads, remarketing and conversion tracking apply here as well.

We use the Google Maps map service. Google Maps is a map service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is responsible for users in the EU/EEA and Switzerland.

Usage of Google Maps functions may entail transmission of information to provider servers, for example the user IP address and the destination address specified in context of the routing function. This information is usually transmitted to a Google server in the USA and stored there.

When visiting a website that contains Google Maps maps, your browser will normally establish a direct connection with Google servers even if you do not use the map, so that the map content can be transmitted to your browser and integrated into your page view. Using our permissions management tool (Usercentrics) will prevent this from happening if you do not consent to the processing of your data for Google Maps-related purposes. In other words, due to how Google Maps is integrated, no data is transmitted without your consent.

The provider of this website has no influence on this data transfer. To the best of our knowledge, the following data is transmitted:

• date and time visiting the website in question,
• Internet address or URL of page accessed,
• IP address in context of the (starting) address entered for route planning purposes

We use Google Maps in the interest of displaying our online services in an appealing way and making the locations we mention on the website easy to find.

By activating it in your tracking settings, you consent to Google placing cookies on your device that can also be used to analyze your usage behavior for market research and marketing purposes. As such, the legal basis for such data processing is your consent, Art. 6(1) sentence 1 lit. a GDPR. You can withdraw this consent at any time, effective for the future, by changing your tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all of them, or only those linked to this website). The banner linking to the selection options will then be displayed again. If you do not consent, or if you withdraw consent, you will be prohibited from using the service.

More information on how Google handles user data is available in Google’s data privacy policy: https://www.google.de/intl/de/policies/privacy/ .

Our website uses services from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. When you visit a page with an embedded YouTube video, a connection to the YouTube servers is normally established and the content is displayed on the website by sending a message to your browser. Using our permissions management tool (Usercentrics) will prevent this from happening if you do not consent to the processing of your data for YouTube-related purposes. Because YouTube is integrated, no data will be transferred without your consent.

To protect your personal data, we also use the extended data protection option provided by YouTube. According to YouTube, however, data is only transferred to the YouTube server in “advanced data protection mode” if you actively start the video. If you are logged into YouTube at that time, the information on the videos you watch will be associated with your YouTube membership account. You can prevent this by logging out of your member account before visiting our website.

Further information on YouTube’s data protection is provided by Google under the following link: https://policies.google.com/privacy

By activating it in your tracking settings, you consent to YouTube receiving data through your use, which can also be used to analyze your usage behavior for market research and marketing purposes. As such, the legal basis for such data processing is your consent, Art. 6(1) sentence 1 lit. a GDPR. You can withdraw this consent at any time, effective for the future, by changing your tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner linking to the selection options will then be displayed again. If you do not consent, or if you withdraw consent, you will be prohibited from using the service.

We use the services of Vimeo.com, Inc., 330 West 34 Street, 5th Floor, New York NY 10001, USA ("Vimeo") to display and play video content providing product information (keynote presentation for a product launch).

This video content is loaded from or transmitted through Vimeo. Your data may be transmitted to Vimeo as part of this process. Our integration of Vimeo videos serves the purpose of making our website more interesting and appealing to users; it also helps us present content related to the introduction and use of our products more effectively. Vimeo allows us to present information not only as text and images, but also as video content, directly on our website instead of merely linking to it.

Normally when you visit a page of our website that contains an embedded Vimeo video, a connection to the Vimeo servers is established and data is sent to servers in the USA to notify the Vimeo server of the specific website you are visiting.

We wish to make you expressly aware that Vimeo acts as its own controller and collects personal data from you, including through the use of cookies.

We have no control over the processing and further use of this data, as Vimeo alone determines whether and how it is processed. We can only determine where or for how long such data is stored, how extensively that data is linked or analyzed, and to whom the data is forwarded to the extent that such information is given in their Data Protection Policy .

Using our permissions management tool (Usercentrics) will prevent this from happening if you do not consent to the processing of your data for Vimeo-related purposes. As such, no data will be transferred without your consent in connection with Vimeo integration.

By activating Usercentics, you agree that when you watch a video, data about you will be transferred to Vimeo using cookies and similar technologies that Vimeo employs, regardless of whether you have a Vimeo account. Such data includes, but is not limited to, your IP address, technical information about your browser type, your operating system, pages visited, the referrer URL, information users provide on the site, search requests, geographical location, content viewed, and very basic device information. If you are logged into Vimeo at the time of your visit, information about videos you watched may be associated with your Vimeo account. You can prevent this by logging out of your member account before visiting our website.

As the controller, RATIONAL receives the following video-related data from Vimeo: Call-ups (i.e. the number of times the live video is accessed), peak viewers (i.e. the highest number of simultaneous viewers during the stream), dwell time, and average dwell time (i.e. the average dwell time of a viewer during the live event).

Vimeo is based in the USA and thus in a non-secure third country, where the level of data protection is lower than that of the EU/EEA. Vimeo also uses data centers in the USA to provide their services. Your data may therefore also be processed on servers in the USA. Please be aware that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks to the lawfulness and security of data processing. In order to ensure an appropriate level of data protection, Vimeo concludes the EU standard contractual clauses pursuant to Art. 46 GDPR, which are provided by the EU Commission to ensure that its data is also processed in accordance with the European data protection standard if it is transferred to third countries such as the USA and stored there. In addition, Vimeo is certified according to the EU-U.S. Data Privacy Framework (DPF), the UK extension of the EU-U.S. DPF, and the Swiss-U.S. DPF. This certification can be viewed here: DPF list

For RATIONAL, the legal basis for the data processing described is your consent, Art. 6(1) sentence 1 lit. a GDPR and Art. 25(1) TTDSG.

You can revoke this consent at any time with future effect by accessing the tracking settings via the link at the bottom of each page (called a footer) and unchecking the box next to the processing you had consented to. If you do not consent, or if you withdraw consent, you will be prohibited from using the service.

Vimeo has provided additional information on data protection and the Vimeo cookie policy under the following links:

• https://vimeo.com/privacy
• https://vimeo.com/cookie_policy

By clicking on the link "To the keynote" you will be taken directly to our video streaming page and have the opportunity to play our video of the keynote. We use the player of the Plaza Media Group, Münchener Straße 101, 85737 Ismaning, Germany (hereinafter: "Plaza") for the implementation of this video offer. Like Plaza, the server used by Plaza is located in Germany. Only the data absolutely necessary for the operation and to enable the use of the player, such as IP address, browser type, operating system, log files, date and time of access, are processed to enable you to play the video as requested. With Plaza, we use a carefully selected service provider who is committed to complying with the GDPR requirements and have concluded an order processing contract with them to protect your data. We only receive the number of video views and use the player to present the video to you in the best quality and in 16 languages. The legal basis for the processing is § 6 para. 1 lit. f GDPR. Our legitimate interest lies in being able to present our video to you in good quality and in several languages via a functional player at your request and to check whether this offer is being used.

Your data will be stored for 7 days.

You have the option of contacting us through our e-mail address or using the various contact forms. We will of course only use any personal data transmitted to us in this way for the purpose for which you provide it when contacting us.

Any entries on a contact form that are not necessary in order to make contact with you have always been marked as optional. This information helps give us a more concrete understanding of your query and respond to it more effectively. Such information is provided on an expressly voluntary basis and with your consent. Insofar as this involves information concerning communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via those communication channels in order to answer your inquiry.

You can of course withdraw this consent at any time, effective for the future. To do this, please contact our Data Protection Officer, whose contact details you will find at the beginning of this page.

We use a UTM parameter that allows us to add trackable extensions to your URLs. We are responsible for this cookie. The "source parameter" we use allows us to define the source of the link, such as a Google website or a social media channel. When you access the RATIONAL AG page via a RATIONAL AG link tagged with a UTM parameter, this information is stored to the cookie sf_utms; when you register for an event via our contact form, this information is transmitted to RATIONAL AG. This allows us to identify the source (e.g., the page) from which you came to us.

The legal basis for the data processing described is your consent, Art. 6(1) sentence 1 lit. a GDPR, Art. 25(1) TTDSG. You can withdraw this consent at any time, effective for the future, by changing your tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all of them, or only those linked to this website). The banner linking to the selection options will then be displayed again. If you do not consent, or if you withdraw consent, you will be prohibited from using the service.

The data transmitted via the UTM parameter is deleted as soon as it is no longer required for processing purposes, barring statutory archival requirements to the contrary. The storage period for contact in such situations is a maximum of three years after the expiration of the processing purpose.

The collected data may be forwarded to other companies, including international members of the RATIONAL AG corporate group. Please note that as part of this service, the data may be transferred to a country without the required data protection standards in place. The countries to which the data will be transferred are listed below.

Various white papers, articles, and infographics are available for download on our website. Before downloading, you will be asked to enter your contact details (salutation, first and last name, email address, ZIP code, city, country, company). We store this data and use it for purposes of addressing you in marketing emails. The personal data you provide constitutes your contractual consideration in return for the provision of the documents.

We use a double-opt-in procedure to verify your email address. This means that, after you provide your email address, we will send a confirmation email to the specified address and ask you for confirmation. If you do not provide confirmation within 24 hours, your registration will be automatically deleted from the database. Once you have registered, you will receive the materials you have requested.

We also save the IP addresses from which you register and confirm registration, as well as the times at which each occur. We do this in order to establish proof of your registration within the framework of our accountability obligations and, if necessary, to be able to clarify any potential misuse of your personal data. These accountability obligations constitute a legitimate interest pursuant to Art. 6(1) sentence 1 lit. f GDPR in processing data associated with the double opt-in procedure.

You may object to the use of your personal data for marketing purposes at any time, effective for the future. To do this, click on the unsubscribe link found at the end of each newsletter email or email us directly at privacy@rational-online.com and express your request to withdraw consent going forward

We use the Microsoft Teams service to conduct video and audio conferences and webinars, to interact via the message function, and to collaborate on documents in different file formats. Microsoft Teams is software by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052–6399, USA.

In this context, participants' personal data is processed as part of communication processes with us, and it is also stored on Microsoft’s servers. These servers are located in the Netherlands (Evert van de Beekstraat 354, 1118 CZ Schiphol, Netherlands) and Ireland (1, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland).

The data processed also depends on the scope of communication and the purpose of use. It may include, in particular, login and contact details, visual and auditory contributions, chat messages, and the contents of shared files and screens. Types of processed data therefore include contract data (e.g., name, address), contact data (e.g., e-mail address, telephone number), content data (e.g., text entries, photo and video files), usage data (e.g., access times, interest in content), and metadata (e.g. device information, IP address).

Microsoft processes usage and metadata for security purposes and the optimization of its own service. More information on this can be found in the Microsoft privacy policy .

If we ask for your consent to the use of certain functions – e.g., regarding a recording of the video conference – your consent is the legal basis for data processing (Art. 6 para. 1 p. 1 lit. a GDPR). Otherwise, your data will be processed on the basis of our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) to ensure efficient, secure communication with our partners. We have a legitimate (economic) interest in providing our employees, customers, and partners with many different communication channels in order to promote user-friendliness and make interaction as easy and convenient as possible. These interests are to be weighed against the interests of data subjects not to have their data captured through data processing and to refuse the processing of their personal data by certain providers or using certain techniques. Since everyone is free to use other means of communication to make contact (e.g. e-mail or telephone), Microsoft Teams gives users the choice to opt out of the processing of their data. These alternatives are also common and reasonable, so no pressure or force can be assumed. Consequently, no interests of data subjects are evident that outweigh our interests as the controller in processing. As a result, the use of Microsoft Teams is considered necessary as an additional means of contacting us to protect our legitimate interests.

If you have given us your consent to the use of certain functions, you can also revoke this at any time by sending an e-mail to privacy@rational-online.com .

In accordance with the legal requirements for processing your data in the Microsoft Cloud, you can notify us of your objections.

The data will be deleted after the expiry of the following periods:

• Contract data (e.g., name, address): after 180 days
• Contact details (e.g., e-mail address, telephone number): after 180 days
• Content data (e.g., text entries, photo and video files): after two years
• Usage data (e.g., access times, interest in content): after 180 days
• Metadata (e.g. device information, IP address): after 180 days

Furthermore, an agreement on order processing has been concluded with Microsoft.

Further information on data processing can be found in Microsoft’s privacy policy . If Microsoft processes personal data in the USA, we refer you to the EU-SCC concluded with the Microsoft Group.

The following types of personal data, among others, are processed in context of entering and processing reports in the internal reporting system:

• Information that identifies the reporting party personally, such as first and last name, address, telephone number, and email address;
• Employment status;
• Information about data subjects, i.e. natural persons identified in a report as having committed the breach or being associated with that person. Such information includes, for example, first and last name, gender, address, telephone number, and e-mail address or other information that enables identification;
• Information about violations that may allow conclusions to be drawn concerning the identity of a natural person.

Such personal data will be processed for the purpose of investigating the reports. In addition, the data will be processed to detect, prevent, and/or respond to violations of statutory or company regulations (such as actions to verify the validity of the allegations made in the report and, where applicable, to address the reported breach, including internal investigations, investigations, prosecution, actions to (recover) funds or close the proceedings).

Any personal data processed as part of such a report is processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, Germany, on behalf of RATIONAL AG and in accordance with its instructions. Personal data is generally only transferred to third parties if there is a legal basis for this. This is particularly the case if such transfer serves to fulfil legal requirements obliging us to provide information on, report, or forward data; if you have given us your consent to such transfer; or if a balance of interests justifies this. In addition, external service providers, such as external data centers or telecommunications providers, process personal data on our behalf on a contract basis. Depending on the area of responsibility under which the report falls and its relevance to the effective initiation of follow-up measures, the personal data may be forwarded to our specialist departments with corresponding responsibilities.

Compliance-relevant information shall be archived for three years after conclusion of the proceedings in accordance with Section 11 para. 5 HinSchG. Reports without compliance relevance shall be archived for up to 1 year for reporting purposes.

Your personal data will not be forwarded to third parties for purposes other than those listed.

We will only share your personal data with third parties if:

• you have given your explicit consent for us to do so;
• disclosure is necessary for purposes of establishing, exercising or defending legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;
• we are legally obligated to such disclosure; or
• such disclosure is legally permissible and necessary for purposes of processing contractual relationships with you.

In principle, data transferred outside the European Union is not protected to the same high standard provided within Europe. In the event that such a transfer occurs, there is a possibility that no adequacy decision has been reached by the EU Commission within the meaning of Art. 45(1) and (3) GDPR. This means that the EU Commission has not yet positively established that the country-specific level of data protection corresponds to the level of data protection in the European Union on the basis of the GDPR, which is why we have created the aforementioned suitable guarantees. Potential risks that may not be completely excluded in connection with the transfer of data include, but are not limited to, the following:

Your personal data may be processed beyond the actual purpose.

There is also a possibility that you may not be able to sustainably assert and enforce your rights under data protection law, such as your right to information, rectification, erasure or data portability.

There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully meet the requirements of the GDPR in terms of quantity and quality.

We have taken extensive technical and operational preventative measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

Third-party content like YouTube videos and map information from Google Maps is integrated into our online presence on the basis of Art. 6(1) sentence 1 lit. f GDPR. This is always contingent on the providers of this content (hereinafter referred to as “third-party providers”) being able to detect the user's IP address. Without the IP address, they would not be able to transmit the content to that user's browser. As such, IP address information is required in order to display this content. We strive only to use content whose providers do not require any additional information beyond the IP address for delivery purposes. However, we have no influence on whether third-party providers store IP addresses, for example for statistical purposes. To the extent that we are aware of such instances, we provide that information to users.

Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure.

You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us.

You can withdraw your consent to the processing of your personal data at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the application of the General Data Protection Regulation, aka before 25 May 2018. Please note that such revocation will only apply going forward. Processing that took place before consent was withdrawn will not be affected.

Pursuant to Art. 21(2) GDPR, you have the right to object to the processing of your personal data at any time. In the event that you object to processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes. Please note that such objection will only apply going forward. Processing that took place before said objection will not be affected.

If we base the processing of your personal data on a balance of interests, you may object to such processing. When exercising such an objection, we ask that you explain the reasons why we should not process your personal data as we have described. In the event that your objection is justified, we will evaluate the situation and either modify or cease data processing or explain our compelling legitimate reasons to you.

Our websites may contain links to other providers' websites. Please note that this privacy policy applies exclusively to the RATIONAL AG websites. We have no influence on this and do not monitor whether other providers comply with the applicable data protection regulations.

We reserve the right to amend or adapt this privacy policy at any time in compliance with the applicable data protection regulations.

Version: July 2022