Data Privacy Statement

Your privacy is very important to us. We would therefore like to inform you in the following about what data is used and for what purpose. If you have any further questions about how we handle your personal data, you can contact our Data Protection Officer.

In the following, you can deactivate or reactivate all services, with the exception of those that are technically necessary (see next paragraph).

You will also find the link to the privacy settings at the bottom of each page.

The term personal data is defined in the GDPR. Accordingly, means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, your name, your address, your telephone number or your date of birth.

For mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we will only collect the personal data transmitted by your browser to our server. If you would like to view our website, we will collect the following data, which we require for technical reasons in order to deliver our website to you and to ensure the stability and security thereof (the legal basis is a legitimate interest pursuant to Art. 6 (1) S. 1 lit. f GDPR

Within the framework of the balancing of interests pursuant to Art. 6(1)(f) GDPR, we have taken into account and weighed our interest in providing and your interest in processing your personal data in accordance with data protection guidelines. Since the following data is sometimes technically necessary for the provision of our service in order to be able to offer you our website and also to ensure stability and security, in particular to provide protection against misuse, we have concluded that this data can be processed - with a guarantee of data security taking into account the state of the art - taking due consideration of your interest in data protection-compliant processing.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

There are various legal grounds for the processing of personal data. If we need your data to fulfil a contract with you or to respond to enquiries from you regarding a contract, the legal basis for this data processing is Art. 6(1)(b) GDPR.

If we obtain your consent to process specific data, the legal basis is Art. 6(1) (a) GDPR. We process some data for the purposes of pursuing our legitimate interests, whereby a balancing of your interests requiring protection and our legitimate interests is always undertaken. The legal basis for this is point (f) of Article 6(1) GDPR. If processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6(1)(c) GDPR.

Below we explain how we process personal data via our website.

Our website uses cookies. Cookies are files that are placed on your computer by a website you visit and allow your browser to be recognised. Cookies transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of visits on our website or the entries you have made there. This prevents you, for example, from having to re-enter required form data each time you use the site. The information stored in cookies can also be used to recognise preferences and tailor content according to areas of interest.

There are different types of cookies: Session cookies are sets of data that are only temporarily held in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are stored by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are stored by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is point (a) of Article 6(1) GDPR. If the data processing is based on our overriding legitimate interests, the legal basis is point (f) of Article 6(1) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and - with your consent - to tailor our services to preferred areas of interest.

You can delete cookies already stored on your end device at any time. If you want to prevent cookies from being stored, you can do this via the settings in your internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

When accessing our website, all users of our website are also informed by an information banner about our use of cookies and referred to this data protection notice. Users will also be asked for their consent to the use of certain cookies, in particular those relevant for the personalisation of services and for marketing measures. Consent can be revoked at any time with future effect by calling up the tracking settings via the link at the end of each page (footer) and removing the tick behind the processing for which consent had been given. "

We use the Usercentrics service to manage consents on our website. Usercentrics is software developed by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.

Usercentrics determines the language used by your browser. A cookie is set to check whether you have already made a selection in our cookie management tool during a previous visit to our website. This cookie is necessary because it allows the website to recognise whether you have consented to tracking or not. In addition, a log file is created in order to be able to prove that consent has been given. This file contains the IP address in anonymised form, information about the browser that was used, data about the scope of the consent, and the date and time of the visit.

The legal basis for the processing is our legitimate interest in accordance with point (f) of Article 6(1) GDPR.

The purpose of data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and increase the transparency of data processing by means of cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of data processing.

Your consent or refusal to use / receive services that may also set cookies is stored on your end device in its local storage. The consent data (consent granted and revocation of consent) remain stored on your computer until the local storage is deleted. To enable matching, Usercentrics stores this as hash values for 3 years.

For reasons of transparency, we would like to point out that we use Google Tag Manager. Google Tag Manager does not collect any personal data itself. Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that are used to measure traffic and visitor behaviour, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimise websites, among other things. We use the Tag Manager for all digital services listed in this data privacy statement. If you have deactivated it, Google Tag Manager will take this deactivation into account. For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html .

For the purpose of analysing and optimising our websites, we use various services which are described below. We use these services to analyse how many users visit our site, which information is most in demand or how users find the offer. We also collect data on which website a user came to our website from (the referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.

On our website, we use the open source web analytics software Matomo, a service of “InnoCraft Ltd”, a company based at 7 Waterloo Quay PO625 Wellington, New Zealand. Since InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg (privacy@innocraft.com). The software is only operated by its own servers.

Cookies are used to analyse the use of the website. For this purpose, the usage information collected in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. With Matomo, no data is transmitted to servers beyond our control. Your IP address is immediately anonymised during this process, so that you as a user are not identifiable to us. The information collected about your use of this website will not be passed on to third parties.

We use the data collected for the statistical analysis of user behaviour for the purpose of optimising the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing lies in optimising our website, adapting the content and improving our offer. The interests of the users are sufficiently protected by anonymisation. We only store the analysis data for as long as the purpose of the data processing requires, but for a maximum of 14 months.

The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR. Once you have given your consent, you can withdraw it at any time with future effect by changing your selection in the cookie settings (see above, Tracking settings). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options is then displayed again.

We use cookies for marketing purposes to target our users with interest-based advertising. We also use cookies to limit the probability of an advertisement being displayed and to measure the effectiveness of our advertising measures. This information can also be shared with third parties, such as such as ad networks. The legal basis for this is point (a) of Article 6(1) GDPR.

As part of usage-based online advertising, we use the Custom Audiences service of Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA). The processor for us (as a company from the EU) is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For this purpose, we define target groups of users based on certain characteristics in the Facebook Ads Manager, who will subsequently be shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently reaches our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website.

In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set. This collects information about your activities on our website (e.g. browsing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.

We do not use Facebook Custom Audiences via the customer list or the “advanced comparison” function.

The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR. You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with the selection options is then displayed again.

Further information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, can be found in Facebook's privacy policy. You can apply settings regarding which advertisements are displayed to you on Facebook under this link and in the Facebook account settings.

If you consent to the data processing described, Facebook will of course also have access to your data. In particular, it is possible that Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA, alongside Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland may have access to your data. Facebook Inc. is located in an insecure third country where the level of data protection is lower.

Facebook has made available online a "Facebook EU Data Transfer Addendum" since 31/08/2020, which is intended to incorporate the standard contractual clauses in cases where Facebook Ireland Limited processes data from the EU/EEA as a processor and transfers it to Facebook Inc. as a sub-processor.

You can find further information on the Custom Audiences service by Facebook at: https://de-de.facebook.com/business/help/449542958510885 .

You can obtain further information on data processing and storage duration from the provider or at https://www.facebook.com/about/privacy .

The deactivation of the “Facebook Custom Audiences” function is possible for logged-in users under https://www.facebook.com/settings/?tab=ads# .

We use the LinkedIn Conversion Tracking service of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA to evaluate our online advertising. The controller for users in the EU/EEA and Switzerland is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

For this purpose, we define target groups of users based on certain characteristics in the LinkedIn Campaign Manager, who are subsequently shown advertisements within the LinkedIn network. Users are selected by LinkedIn based on the profile information they provide, as well as other data provided when using LinkedIn. If a user clicks on an advertisement and subsequently reaches our website, LinkedIn receives the information that the user has clicked on the advertising banner via the Conversion Tag integrated on our website.

The LinkedIn tag therefore allows the following data to be logged:

• Website visited, including the URL,
• Referrers
• IP address
• device and browser properties (user agent)
• and timestamp.

The IP addresses are shortened or (for cross-device use) hashed by LinkedIn. The direct identifiers of the members are removed within 7 days for pseudonymisation of the data. The remaining pseudonymous data is then deleted within 180 days.

LinkedIn does not share the personal data with us, as the website operator, but only provides us with reports and notifications (which do not identify the user) about website visits and ad performance. LinkedIn also offers retargeting, which allows us, as the website operator, to show personalised ads outside of our website using this data without identifying individual members. Data that does not identify you is also used to improve ad relevance and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link to customise advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.

We process this data to evaluate our advertising campaigns. The legal basis for the processing is your consent, point (a) of Article 6(1) GDPR. Without your consent via our cookie banner, no data is processed for LinkedIn conversion tracking. You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. That’s it. The banner with the selection options is then displayed again.

As part of LinkedIn conversion tracking, LinkedIn naturally has access to the listed data. In particular, it is possible that in addition to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA may also have access to your data.

The LinkedIn Corporation is located in an insecure third country where the level of data protection is lower. Since a transfer of the data collected by the pixel described here to the LinkedIn Corporation cannot be ruled out, appropriate guarantees are required to ensure an adequate level of data protection.

In this regard, LinkedIn provides, as part of the respective LinkedIn services contract, a Data Processing Agreement with linked standard contractual clauses for customers of its LinkedIn services, which can be found here: https://www.linkedin.com/legal/l/dpa .

Further information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your setting options for protecting your privacy, can also be found in LinkedIn's privacy policy.

For more information on LinkedIn conversion tracking, please visit: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started

You can find further information on data processing and storage duration at https://www.linkedin.com/help/linkedin/answer/65521?lang=de .

We use the Google Ads service. Google Ads is an online advertising programme of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This means that we place Google Ads and also use Google remarketing, conversion tracking and the conversion linker as part of this. The advertisements are displayed on Google’s search results pages and on websites of the Google advertising network. We also use ads remarketing lists for advertisements. This allows us to customise campaigns for users who have previously visited our website. The services allow us to combine our advertisements with certain search terms or to place advertisements for previous visitors promoting, for example, services that visitors have viewed on our website. This means that we can display interest-based advertising to users of our website on other websites within the Google advertising network (as a "Google ad" within Google Search or on other websites).

For interest-based offers, an analysis of online user behaviour is necessary. Google uses cookies to perform this analysis. When clicking on an advertisement or visiting our website, a cookie is set on the user’s computer by Google. These cookies have a duration of 90 days. The information collected by means of the respective cookie is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google's notices on website statistics and in the privacy policy. With the conversion linker, we can also store click data to effectively measure conversion tracking information. This allows us to see whether users perform a certain action on the website specified by us (e.g. whether services are ordered) after clicking on an ad placed by us via Google Ads. We therefore use the conversion linker tag on our pages, which you can land on as a visitor if you have clicked on one of our advertisements. With the conversion linker tag, we are then able to record our ad click information in the URLs of the conversion page and store it in our own first-party cookies (instead of third-party cookies) on our domain.

With the help of this technology, Google and we as a customer receive information that a user has clicked on an advertisement and been redirected to our websites. The information obtained in this way is only used for statistical evaluation to optimise the advertisements. We do not receive any information that could personally identify visitors. Your IP address will be transmitted to Google, but since we use Google Analytics IP masking on this website, your IP address will be anonymised.

The log data is anonymised after 9 months and the cookie information is anonymised after 18 months.

The statistics provided to us by Google include the total number of users who clicked on one of our advertisements and, if applicable, whether they were redirected to a page on our website that was tagged with a conversion tag. Based on these statistics, we can trace which search terms were clicked on our advertisement particularly often and which advertisements lead to the user contacting us via the contact form.

You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=de .

Insofar as data is processed outside the EU/EEA, in order to establish a secure level of data protection with the service provider, we must comply with the standard data protection clauses adopted by the EU Commission pursuant to Article 46 GDPR, which allows the transfer of personal data to a third country in individual cases.

The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR. You can withdraw your consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with a link to the selections is then displayed again.

You also have the option of changing the display setting ( https://adssettings.google.com/authenticated?hl=de ) to select the types of Google advertisements or to deactivate interest-based advertisements on Google.

You have the option on our website or via "Advertising Lead Forms" (see below) to register for our newsletter and also to leave your telephone number for the purpose of advertising contact, so that we can provide you with information by e-mail and telephone/SMS as part of the consent you have given, provided you have expressly consented (point (a) of Article 6(1) GDPR). By agreeing to receive the newsletter and to be contacted by telephone, you consent to receive:

• Product and service information (such as accessories, cooking system instructions, kitchen advice)
• Invitations to events and appointments (such as cooking events, expert's kitchen, academy events, trade fair events)
• Customer satisfaction survey

by RATIONAL AG, Siegfried-Meister-Strasse 1,86899 Landsberg am Lech, or its responsible group companies. Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.

We use the double-opt-in procedure to register for our newsletters and for further consent to be contacted by e-mail for advertising purposes. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm this within 24 hours, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will store your email address until you unsubscribe. The sole purpose of storing this data is to be able to send you the newsletter. Furthermore, we store your IP addresses and the times of registration and confirmation in order to be able to prove your registration in case of doubt and to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest pursuant to point (f) of Article 6(1) GDPR on the proof of previously granted consent, see also Article 7(1) GDPR.

The provision of further, separately marked, information is voluntary and will only be used to personalise the newsletter and/or the promotional telephone calls. The legal basis for this is your consent as defined by point (a) of Article 6(1) GDPR.

You can revoke your consent to receive the newsletter or to be contacted by telephone for advertising purposes at any time. You can revoke your consent by clicking on the link provided in every newsletter e-mail or by e-mail to privacy@rational-online.com , as well as during the telephone call.

We use "Advertising Lead Forms" on Facebook and LinkedIn to offer potential purchasers the opportunity to contact us directly and voluntarily via a contact form displayed there. Alternatively, you can of course also use the contact forms on our website or by e-mail to contact us directly.
You can register for events using the Advertising lead forms. We then process the data in order to answer your questions and process your requests and to enable you to participate in our webinar offers as requested. This also constitutes our legitimate interest in processing as defined by point (f) of Article 6(1) GDPR.

Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

The provision of your personal data is neither legally nor contractually required.
Automated decision making including profiling by us does not take place.

Various recipients within and outside the EU/EEA receive the aforementioned personal data.
In detail, these are the following recipients:

Recipients within the RATIONAL Group (national subsidiaries) and partner companies
Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.

External service providers as part of contract processing pursuant to Article 28 GDPR:

• LinkedIn Ireland Unlimited Company
  Wilton Place,
  Dublin 2, Ireland
  Here you will find the current data processing agreement and the standard contractual clauses of LinkedIn https://legal.linkedin.com/dpa/DE.
• Facebook Ireland Ltd.
  4 Grand Canal Square
  Grand Canal Harbour
  Dublin 2 Ireland
  Facebook has made available online a "Facebook EU Data Transfer Addendum" since 31/08/2020, which is intended to incorporate the standard contractual clauses in cases where Facebook Ireland Limited processes data from the EU/EEA as a processor and transfers it to Facebook Inc. as a sub-processor.

We expressly state that LinkedIn and Facebook store the data (e.g. IP address, possibly personal interests, behaviour on the pages of the two providers, personal information stored in the networks, etc.) of users and use it for business purposes.

We have no control over the processing and further use of this data, as Facebook/ LinkedIn alone determine the processing. It is currently not possible for us to trace to what extent, where and for what duration the data are stored, to what extent the data are linked and analysed and to whom the data are transferred. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.

Further information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as your setting options for protecting your privacy, can be found in LinkedIn's privacy policy.

We use the Google Ads lead forms to offer potential purchasers the opportunity to contact us directly and voluntarily via a contact form displayed there. Google Ads lead form extensions are a service of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Alternatively, you can of course also use the contact forms on our website or by e-mail to contact us directly.

You can register for our (cooking) events using Google Ads lead forms.

When you contact us via a Google Ads lead form, the data you provide (your e-mail address, your full name, your telephone number, your postcode and place of residence as well as your job title and the company name of your place of employment) will be processed by us solely to process your request to participate in one of our cooking events and to enable you to take part in this requested cooking event. This also constitutes our legitimate interest in processing as defined by Article 6(1)(f) GDPR. Processing of the data for further purposes is not intended.

Personal data that must be provided is marked as mandatory in the respective registration form; any additional information is voluntary.

If you register for one of our cooking events, your data that we have received in the course of our contact will be deleted after 24 months at the latest, provided that no further communication with you is required, requested by you or initiated by you by that time.

You can object to the described processing of your personal data communicated via Google lead form at any time with effect for the future. To do this, send us an e-mail at privacy@rational-online.com and express your wish to withdraw with future effect.

Various recipients within and outside the EU/EEA receive the aforementioned personal data.

In detail, these are the following recipients:

Recipients within the RATIONAL Group (national subsidiaries) and partner companies

Only the company responsible for you will contact you. Jurisdiction is determined by the location of your company/place of business.

In the case of data transfer outside the European Union, the high level of data protection in Europe does not apply.

If data is processed outside the European Economic Area/EU, where there is no level of data protection corresponding to the European standard, Google states that it uses standard contractual clauses. You can find more information on how user data is handled in the order data processing conditions for Google advertising products: https://business.safety.google/intl/de/adsprocessorterms/

If you interact within the scope of Google services, Google in the USA will of course also have access to your data. We expressly state that Google stores the data (e.g. IP address, possibly personal interests, behaviour on Google pages, personal information on file with Google, etc.) of users and uses it for business purposes.

We have no control over the processing and further use of this data, as Google alone determines the processing. It is currently not possible for us to trace to what extent, where and for what duration the data are stored, to what extent the data are linked and analysed and to whom the data are transferred. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are adhered to.

You can find Google’s privacy policy and terms of use HERE .

Information on the data processing conditions between data controllers for Google advertising products can be viewed HERE .

Further information on how Google’s data is handled can also be found at: https://business.safety.google/ .

You can find information on the lead form extensions here:

https://support.google.com/google-ads/answer/9423234?hl=de&ref_topic=9716366

The information on Google Ads, remarketing and conversion tracking also apply here.

We use the Google Maps service. Google Maps is a mapping service provided by Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In order to use the functions of Google Maps, information, including the IP address and the address entered as part of the routing function, may be transmitted to the provider's servers. This information is usually transmitted to a Google server in the USA and stored there.

When visiting a website that contains maps from Google Maps, your browser normally establishes a direct connection with Google's servers even without using the map, whereby the map content is sent to your browser and integrated by it. The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to Google Maps. Due to the integration of Google Maps, no data is transferred without your consent.

The provider of this site has no control over this data transfer. As far as we know, this comprises the following data:

• the date and time of the visit to the website concerned,
• Internet address or URL of the website accessed,
• IP address, (start) address entered as part of route planning

Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website.

By activating this option in the tracking settings, you consent to Google setting cookies on your device, which may also be used to analyse your usage behaviour for market research and marketing purposes. The legal basis for the described data processing is therefore your consent, point (a) of Article 6(1) GDPR. You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with a link to the selections is then displayed again. If you do not consent or withdraw your consent, your use of the service will be restricted.

You can find more information on how user data is handled in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/ .

We use services from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. If you access a page in which a YouTube video is embedded, a connection to the YouTube servers is normally established and the content transmitted to your browser and displayed on the website. The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to YouTube. Due to the integration of YouTube, no data is transferred without your consent.

In this context, we also use the extended data protection option provided by YouTube to protect your personal data. According to YouTube, however, data is only transmitted to the YouTube server in "extended data protection mode" if you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Further information on YouTube's privacy policy is provided by Google at the following link: https://policies.google.com/privacy

By activating this in the tracking settings, you agree that YouTube receives data through your use, which may also be used to analyse your usage behaviour for market research and marketing purposes. The legal basis for the described data processing is therefore your consent, point (a) of Article 6(1) GDPR. You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your local storage from this website. The banner with a link to the selections is then displayed again. If you do not consent or withdraw your consent, your use of the service will be restricted.

We use the service of Vimeo.com, Inc, 330 West 34 Street, 5th Floor, New York NY 10001, USA ("Vimeo") to display and play video content about product information (keynote presentation for a product launch).

These are loaded from Vimeo or transferred via Vimeo. In the process, data may be transferred from you to Vimeo. The purpose of integrating Vimeo videos is to make our website more interesting and attractive for users and to achieve a better presentation of content for the introduction and use of our products. In addition to text and images, Vimeo allows us to present information as video content directly on our website, rather than just providing a link.

When you visit our website that has video embedded via Vimeo, a connection to the Vimeo servers is typically made and data is sent to servers in the USA, which tells the Vimeo server which website you have visited.

We expressly draw your attention to the fact that Vimeo acts as its own data controller and collects personal data from you, including through the use of cookies.

We have no control over the processing and further use of this data, as Vimeo alone determines the processing. The extent to which, where and for what duration the data is stored, the extent to which the data is linked and analysed, and to whom the data is transferred, is only apparent to us from the information in their privacy policy .

The use of our consent management tool (Usercentrics) will prevent this if you have not consented to data processing with regard to Vimeo. Due to the integration of Vimeo, no data will be transferred without your consent.

By opting in to Usercentics, you agree that whether or not you have a Vimeo account, information about you will be transmitted to Vimeo using cookies and similar technologies used by Vimeo when you watch a video. This may include, but is not limited to, your IP address, technical information about your browser type, operating system, pages visited, referrer URL, information provided by users on the site, search queries, geographical location, content viewed or very basic device information. If you are logged in to Vimeo at this time, the information about the videos you have viewed may be assigned to your Vimeo member account. You can prevent this by logging out of your member account before visiting platform.

RATIONAL receives the following video-related data from Vimeo as a controller: Calls, i.e. the number of live video calls, peak viewers, i.e. the highest number of concurrent viewers during the stream, and average dwell time, i.e. the average time a viewer stays with the live event, and dwell time.

Vimeo is based in the USA and therefore in an insecure third country where the level of data protection is lower than in the EU/EEA. Vimeo also uses data centres in the USA to provide the service. Your data may therefore also be processed on servers in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks to the lawfulness and security of data processing. In order to ensure an adequate level of data protection, Vimeo concludes the EU standard contractual clauses in accordance with Article 46 GDPR, which are provided by the EU Commission to ensure that your data is processed in accordance with the European data protection standard even if it is transferred to and stored in third countries such as the USA. Vimeo is also certified for the EU-US Privacy Framework (DPF), the UK extension of the EU-US DPF, and the Swiss-US DPF. This certification can be viewed here: DPF list

For RATIONAL, the legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR and Section 25(1) TTDSG.

You can revoke this consent at any time with future effect by accessing the tracking settings via the link at the bottom of each page (footer) and removing the tick behind the processing to which you had consented. If you do not consent or withdraw your consent, your use of the service will be restricted.

Further information on Vimeo's privacy and cookie policy is provided by Vimeo under the following links:

• https://vimeo.com/privacy
• https://vimeo.com/cookie_policy

By clicking on the link "To the keynote" you will be taken directly to our video streaming page and have the opportunity to play our video of the keynote. We use the player of the Plaza Media Group, Münchener Straße 101, 85737 Ismaning, Germany (hereinafter: "Plaza") for the implementation of this video offer. Like Plaza, the server used by Plaza is located in Germany. Only the data absolutely necessary for the operation and to enable the use of the player, such as IP address, browser type, operating system, log files, date and time of access, are processed to enable you to play the video as requested. With Plaza, we use a carefully selected service provider who is committed to complying with the GDPR requirements and have concluded an order processing contract with them to protect your data. We only receive the number of video views and use the player to present the video to you in the best quality and in 16 languages. The legal basis for the processing is § 6 para. 1 lit. f GDPR. Our legitimate interest lies in being able to present our video to you in good quality and in several languages via a functional player at your request and to check whether this offer is being used.

Your data will be stored for 7 days.

You have the option of contacting us via our e-mail address or the various contact forms. We will, of course, use the personal data transmitted to us in this way exclusively for the purpose for which you provide it when contacting us.

Where we ask for information in our contact forms that is not required for making contact with you, we have always marked this as optional. This information is used to specify your request and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request.

Of course, you can revoke this consent at any time for the future. For this purpose, please contact our data protection officer, whose contact details can be found at the top of this page.

We use a UTM parameter that allows us to add trackable extensions to your URLs. We are the controller for this cookie. The source parameter we use allows us to define the source of the link. These can be Google websites or social media channels. If you access the RATIONAL AG website via a RATIONAL AG link that is tagged with a UTM parameter, this information is stored in the sf_utms cookie and transmitted to RATIONAL AG when you register for an event via our contact form. This serves the purpose of recognising from which page, i.e. from which source, you have reached us.

The legal basis for the described data processing is your consent, point (a) of Article 6(1) GDPR, and Section 25(1) TTDSG (German Telecommunications Telemedia Data Protection Act). You can withdraw this consent at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with a link to the selections is then displayed again. If you do not consent, or withdraw your consent, your use of the service will be restricted.

The data transmitted via the UTM parameter is deleted as soon as it is no longer required for the processing purposes and there are no statutory retention obligations to the contrary. The maximum storage period for a contact is three years after the processing purpose has expired.

The data collected may be forwarded to other companies, including the international Group companies of RATIONAL AG. Please note that in the context of this service, data may be transferred to a country that does not have the necessary data protection standards. Below you will find a list of the countries to which the data is transferred.

You can obtain various whitepapers, articles and infographics from us on our website. Before downloading, you will be asked to enter your contact details (form of address, first and last name, e-mail address, post code, city, country, company). This data is stored by us and used to contact you by e-mail for advertising purposes. The personal data provided constitute the contractual consideration for the provision of the documents.

To verify your e-mail address, we use the double opt-in procedure. This means that after you have provided us with your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you for confirmation. If you do not confirm this within 24 hours, your data will be automatically deleted from the database. Once you have registered, you will receive the materials you require.

Furthermore, we store your IP addresses and the times of registration and confirmation each time you register and confirm. The purpose of the procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfilment of accountability, we have a legitimate interest in accordance with point (f) of Article 6(1) GDPR in processing the data of the double opt-in procedure.

You may object to the commercial use of your personal data at any time with future effect. To do this, click on the unsubscribe link at the end of each newsletter e-mail or send us an e-mail to privacy@rational-online.com and express your wish with effect for the future

We use the Microsoft Teams service to hold video and audio conferences, webinars and exchanges using the messaging function, as well as to work together on documents in different file formats. Microsoft Teams is software produced by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

In this context, personal data of the participants is processed as part of the communication processes with us and is also stored on Microsoft's servers. These servers are located in the Netherlands (Evert van de Beekstraat 354, 1118 CZ Schiphol, the Netherlands) and Ireland (1, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland).

The data also depends on the scope of communication and the purpose of use. This may include, in particular, login and contact details, visual and audio contributions as well as chat entries, content of shared files and of shared screens. Processed data types are therefore inventory data (such as name, address), contact data (such as e-mail address, telephone number), content data (such as text entries, photo and video files), usage data (such as access times, interest in content), metadata (e.g. device information, IP address).

Microsoft processes usage and metadata for security purposes and to optimise its own service. You can find more information on this in Microsoft’s privacy policy .

If we ask for your consent to use certain functions, such as regarding a recording of the video conference, the legal basis for the processing is your consent (Article 6 (1)(a) GDPR). Otherwise, your data will be processed on the basis of our legitimate interests (Article 6 (1)(f) GDPR) to ensure efficient and secure communication with our communication partners. We have a legitimate (economic) interest in providing our employees, customers and partners with many different communication channels in order to promote user-friendliness and to make the exchange as simple and convenient as possible. On the other hand, data subjects have an interest in not being recorded by data processing and in refusing the processing of their personal data by certain techniques and service providers. Due to the fact that everyone is free to use other means of communication to make contact (e.g. email or phone), users are given the choice to opt out of having their data processed by Microsoft Teams. These alternatives are also common and reasonable, so that a situation of pressure or constraint cannot be assumed. Therefore, there are no apparent interests of the data subjects which outweigh our interests as data controllers in the processing. As a result, the use of Microsoft Teams as an additional means of contacting us is deemed necessary to safeguard our legitimate interests.

If you have given us your consent to the use of certain functions, you can also revoke this at any time by sending an e-mail to privacy@rational-online.com .

You can object to the processing of your data in the Microsoft Cloud in accordance with legal requirements.

The data will be deleted after the expiry of the following periods:

• Master data (such as name, address), after 180 days
• Contact details (such as e-mail address, telephone number), after 180 days
• Content data (such as text entries, photo and video files), after two years
• Usage data (such as access times, interest in content), after 180 days
• Metadata (e.g. device information, IP address), after 180 days

In addition, an order processing agreement has been concluded with Microsoft.

Further information on data processing can be found in Microsoft’s privacy policy . Insofar as Microsoft processes personal data in the USA, we refer to the EU SCC concluded with the Microsoft Group.

The following types of personal data are processed as part of the entry and processing of reports in the internal reporting system:

• Information that identifies the whistleblower, such as first and last name, address, telephone number and e-mail address;
• Employee status;
• Information on data subjects, i.e. natural persons designated in a report as a person who committed the offence or with whom the designated person is associated. Such information includes, for example, first and last name, gender, address, telephone number and e-mail address or other information that enables identification;
• Information about offences that may allow the identification of a natural person.

The personal data will be processed for the purpose of investigating the reports. In addition, the data will be processed to prevent, detect and/or follow up on violations of applicable law or company policies (such as measures to verify the validity of the allegations made in the report and, where appropriate, to address the reported violation, including through internal enquiries, investigations, prosecutions, measures to (re-)recover funds or close the case).

The personal data processed as part of a notification is processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, Germany, on behalf of and in accordance with instructions. Personal data will only be transferred to third parties if there is a legal basis for this. This is the case in particular if the transfer serves to fulfil legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent to do so or if a weighing of interests justifies this. In addition, external service providers, such as external data centres or telecommunications providers, process personal data on our behalf as processors. Depending on the area of responsibility of the report and for the effective initiation of follow-up measures, the personal data may be passed on to our relevant specialist departments.

Compliance-relevant information is stored for 3 years after completion in accordance with Section 11(5) Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG). Reports with no relevanec to compliance are stored for up to 1 year for reporting purposes.

Your personal data will not be transferred to third parties for purposes other than those listed.

We will only share your personal information with third parties if:

• You have given your express consent to do so,
• The disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest requiring protection in the non-disclosure of your data,
• In the event that there is a statutory obligation for the transfer, and
• this is legally permissible and necessary for the processing of contractual relationships with you.

In the case of data transfer outside the European Union, the high level of data protection in Europe does not apply. Where data is transferred, it is possible that there is no adequacy decision by the EU Commission as defined in Article 45(1), (3) GDPR. This means that the EU Commission has not yet decided that this country ensures an adequate level of protection in accordance with the data protection standards of the European Union on the basis of the EU GDPR, and we have therefore made the above-mentioned appropriate guarantees. Possible risks that may not be completely excluded in connection with the transfer of data are in particular:

There is a possibility that your personal data could be processed outside the scope of the actual purpose.

In addition, there is the possibility that you may not be able to sustainably assert and enforce your data protection rights, such as your right of access, to rectification, erasure or data portability.

There could also be a higher probability that your data is not correctly processed and that the protection of your personal data does not fully meet the requirements of the EU GDPR in terms of quantity and quality.

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.

Third-party content such as YouTube videos or map material from Google Maps is used within our online presence on the basis of point (f) of Article 6(1) GDPR. This always requires that the providers of this content (hereinafter referred to as "third-party providers") perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. As far as we are aware, we will inform the users of this.

Every data subject has a right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions according to Sections 34 and 35 BDSG (Federal Data Protection Act) apply.

You also have the right to lodge a complaint with the competent data protection supervisory authority about our processing of your personal data.

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Pursuant to Article 21(2) GDPR, you have the right to object to processing of personal data concerning you at any time. In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected by this.

Insofar as we base the processing of your personal data on a balancing of interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have described. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or explain to you our compelling reasons worthy of protection.

Our websites may contain links to websites of other providers. We would like to point out that this data privacy statement applies exclusively to the websites of RATIONAL AG. We have no influence on and do not check whether other providers comply with the applicable data protection regulations.

We reserve the right to change or adapt this data privacy statement at any time in compliance with the applicable data protection regulations.

Last revised: July 2022