luca App Privacy Policy

The controller of the processing of personal data collected directly by us is:

culture4life GmbH
Mörikestrasse 67
70199 Stuttgart
Germany
info@culture4life.de

You can contact our data protection officer at our Berlin location as follows:

culture4life GmbH
Data protection officer
Rotherstraße 20
10245 Berlin
Germany
privacy@culture4life.de

In order to be able to use the functionalities of your luca app, a one-time activation is required. The activation is not linked to your smartphone and can be transferred via an account.

It is possible for you to create an account in the luca app. To do this, verify your email address using a link. Once this is done, you will be logged into your luca app.

‍

1. Data categories

We process the following account details Which are necessary to register in the app:

• name
• First name
• email address
• user ID
• preferred name
• phone number

When using the app, continuous Temporary usage data collected: Data that can be generated when using the luca app, i.e. IP address, IP location, type and version of the terminal device used, information about the mobile network used, time zone settings, operating system and platform. We also use the open source software Matomo to measure reach. In addition, the following Analytical data raised. You can also object to Matomo's range measurement directly in the app in the Account/Settings section.

• Anonymized IP addresses
• Pseudo-anonymized location (based on the anonymized IP address)
• Pseudonymized visitor ID
• Date and time, time zone settings, and local time
• Accessed functions and elements of the app
• Files and links that were clicked on and downloaded
• External links that are used to open the app
• App charging time
• App settings (e.g. language settings, screen resolution)
• Converted destinations

If you've signed up for the newsletter in the app, you'll find here Information about this processing.

‍

2. Purposes and legal bases of processing

We will only process your personal data for a specific purpose in accordance with the listed legal bases. Processing operations are described below in relation to the respective purpose and the respective legal bases for processing your personal data are set out:

Paragraph Processing and purpose legal basis person responsible (1) If you want to use Luca, a user ID created for you.

Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app between you and us

culture4life GmbH (we)

(2) When you register, we collect and store your account data, to ensure that the services of our app are used. Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app between you and us

culture4life GmbH (we) (3) When using the account function, your account details After verification with your specified email address, transfer it to another device to sign in again. Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app between you and us

culture4life GmbH (we) (4) When registering and using the luca app, Temporary usage data collected and stored. The purpose is to ensure the security of the luca system and thus to guarantee the provision of services to you. Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app between you and us

culture4life GmbH (we) (5) You can sign up for the newsletter and activate app notifications to receive information about new features, promotions, offers and more from luca. To send the newsletter and evaluate it, your email address processed. Art. 6 (1) 1 a) GDPR: Your consent by subscribing to the newsletter and marketing campaigns. Withdrawal is possible within the mailing and in the app settings. culture4life GmbH (we) (6) We use the open source software Matomo to measure reach. It is configured so that no cookies are stored on the device.

In doing so, we collect Analytical datato analyze the behavior of our visitors for the purpose of optimising our offer.

Art. 6 (1) 1 f) GDPR

You can also object to Matomo's range measurement directly in the app.

The balancing of legitimate interests was documented.

culture4life GmbH (we)

3. Recipients of personal data

In order to achieve the purposes described above in this privacy policy, we share your personal data with the following recipients, with the proviso that they may not use this data in any way other than to provide services to us (as so-called contract processors within the meaning of Art. 28 GDPR):

Services provided by providers Providers Processed data Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin account data, temporary usage data

(Processing is limited to possible access to the listed data as part of carrying out software maintenance and software operating services)

IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Account data, temporary usage data.

Server location: Germany, Hungary (Open Telekom Cloud)

Newsletter delivery HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Email Address Push Notifications Google Firebase Cloud Messaging

Google, Inc. Mountain View, United States

Firebase Cloud Messaging Firebase Installation ID Hosting by Matomo Analytics SaaS Web Internet Solutions GmbH

Steinstraße 25, 76133 Karlsruhe

Analytical data

Further information on processing by Matomo can be found at: https://matomo.org/gdpr-analytics/

Analysis using Google Analytics Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland analysis data

Further information on processing by Google Analytics can be found at: https://policies.google.com/privacy?hl=en

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

‍

4. Duration of storage of personal data

Your personal data will be automatically deleted after the deadlines described below:

Account details:

• Within the luca app, you will find a so-called delete button. With this, you can delete your data.
• By simply uninstalling the app, the data stored locally on your device will be deleted even without using the delete button.

Temporary usage data:

• Temporary usage data is processed in log files. These are stored by us for a maximum of 7 days and then automatically deleted. No further storage takes place.

Analytical data:

• Your data is anonymized directly when collected. As a result of the measures mentioned above, we are unable to draw any conclusions about the identity of individual visitors. These are stored for a maximum of 14 months and then automatically deleted.

‍

With the location search, you can find operators in the desired search area in Germany or near your location, where you can use Luca.

1. Data categories

With luca Discovery, you have the opportunity to search for operators who are close to you.

In doing so, we process your location data. Using this feature requires you to turn on location services in your smartphone settings.

In addition, become Technical display data collected, which are necessary to be able to map all locations in your area. Google Maps is used for display, but this does not transfer any personal data, as we alone process it and transmit it without personal reference.

2. Purposes and legal bases of processing

The use of luca Discovery is voluntary, meaning that the processing of your location data only takes place after you have given your consent and is therefore based on Art. 6 (1) 1) a) GDPR. You can revoke your consent for the future at any time within your smartphone settings.

3. Recipients of personal data

To determine your location, we transfer your personal data to the following subcontractors:

Services provided by providers Providers Processed data Software maintenance and software operating services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Location data, technical presentation data IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Location data, technical display data

Server location: Germany, Hungary (Open Telekom Cloud)

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

4. Duration of storage of personal data

Your latest location search will be shown in your app. This is only saved locally on your smartphone. These are not stored in our systems any further.

‍

If a restaurant uses the reservation functionality, you can make a table reservation directly via your own luca app.

To do this, select the location within Luca Discovery and enter a date and time window. You then select the number of people. In the course of this, personal data is collected. Finally, you will receive a reservation confirmation.

1. Data categories

As part of the reservation, the operator processes your contact details. This includes your first and last name as well as your telephone number and email address.

In addition, your payment method information, In other words: bank and billing account details, credit card information, name of the card holder processed to process a reservation fee that may be due.

In addition, Information about the reservation request processed. This includes: the date, time and number of people.

2. Purposes and legal bases of processing

Contact details, payment method information and information about the reservation request are processed to ensure pre-contractual measures within the meaning of Art. 6 (1) 1 b) GDPR between you and the operator.

3. Recipients of personal data

The operator is responsible for collecting your data when making a reservation. We provide the operator with the technical service and are therefore the operator's contractor in accordance with Art. 28 GDPR.

In addition, the following subcontractors will receive your personal data:

Services provided by providers Providers Processed data Software maintenance and software operating services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Contact details, information about the reservation request IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Contact details, information about the reservation request

Server location: Germany, Hungary (Open Telekom Cloud)

Making any necessary payment of a reservation fee Rapyd Europe hf., Suðurlandsbraut 30, 108 Reykjavík, Iceland Payment method information

Rapyd's latest privacy information can here be retrieved.

Sending the reservation confirmation Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin, HubSpot, Inc.; 5 FirstStreet. Cambridge. MA 02141 USA contact details, information about the reservation request

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

4. Duration of storage of personal data

The data required for the reservation is stored and automatically deleted 12 weeks after the reservation expires.

‍

If a restaurant uses the ordering function, you can place an order directly via your own luca app.

You can plan and process orders in advance, so you can reserve your food and drinks for a fixed date and time. To do this, select the desired food and drinks from the stored menu and then pay for them. You can also place and pay for orders on site.

In the course of this, personal data is collected. Finally, you will receive an order confirmation.

1. Data categories

As part of the order, the operator can contact details process. This includes your first and last name, email address, and telephone number.

In addition, Order information processed. This includes: the type and number of food and drinks, the date and time of the order, the total amount of the order and other order history.

In addition, depending on the ordering process, Payment details processed as described in Section G of this Privacy Policy.

2. Purposes and legal bases of processing

The processing of contact details, Payment details and Order information is done to ensure contractual measures within the meaning of Art. 6 (1) 1 b) GDPR between you and the operator.

3. Recipients of personal data

The operator is responsible for collecting your data when you place an order. We provide the operator with the technical service and are therefore the operator's contractor in accordance with Art. 28 GDPR.

In addition, the following subcontractors will receive your personal data:

Services provided by providers Providers Processed data Software maintenance and software operating services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Contact details, information about ordering IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Contact details, information about the order

Server location: Germany, Hungary (Open Telekom Cloud)

Dispatch of order confirmation by Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin; HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA contact details, order information

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

4. Duration of storage of personal data

• Yours email address, phone number And your First and last name are automatically deleted after 12 weeks to ensure possible chargebacks.
• Die Order information must be related to Payment details can be stored for up to 10 years due to legal storage obligations.

‍

The luca app offers you the opportunity to pay digitally in various locations in cooperation with payment service providers, to give tips, to save your means of payment in Luca for repeated payment transactions and to view an overview of your past payments.

1. Data categories

If you want to make a payment via the luca system and/or save your means of payment, the following data will be processed and, if necessary, shared with the operator and with the payment service provider used during the payment process:

• User ID: user ID
• Optional user data: email address
• Payment method information: Bank and billing account details, credit card information, name of card holder
• Transaction information: transaction ID, time, date of transaction, invoice amount, tip, name or identification of the location, invoice items

2. Process description

As soon as you decide to pay using Luca Pay, the operator provides a QR code, which is placed at a table, for example, and contains the outstanding invoice amount. After scanning the QR code, the luca app will show you the information stored by the operator about the outstanding invoice. You can then decide to tip the desired amount. By confirming the invoice amount and the tip, you will be automatically redirected to the payment service provider. There you can see the payment amount and the recipient (i.e. the operator) again to check. You have several payment methods to choose from, including Mastercard, Visa card, ApplePay and GooglePay. Once selected, you can enter your payment method information. With a final confirmation, your payment will be processed by the payment service.

The payment service provider offers you the option to store your payment method information permanently so that you do not have to enter it again when making new payments using Luca Pay. Luca receives a reference number from the payment service provider and stores it for you. Using this number, the payment service provider can assign your data when you try to pay again.

luca provides a list (“payment history) of your payments made for viewing. In the payment history, you can view information about your transactions with operators.

3. Purposes and legal bases of processing

Processing operations as well as their purposes and legal bases are described below, which serve the purpose of payment processing.

Section Processing and purpose Legal basis Responsible person (1) After scanning a luca QR code, the luca app shows you the details of the outstanding invoice with the operator. If vouchers are available for you, we will reduce the invoice amount. You can also give a tip.

Your user ID and payment information will be processed and stored by us.

Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app that apply between you and us

culture4life GmbH (we) (2) When you have started and confirmed the payment process in your app, you will be redirected to the payment service provider. There you can find your preferred Payment method information enter. The payment service provider carries out the payment. Art. 6 (1) 1 b) GDPR Terms of use of the payment provider

Payment service provider

(3) The payment service provider offers you the option to Payment method information to save so that you don't have to enter your details again when making payments. In doing so, your Payment method information collected. luca stores the reference number for you and can assign it to the process when you request payment again. The payment service provider assigns the stored payment method information to the payment attempt. Art. 6 (1) 1 a) Payment service provider consent (4) After payment has been made, you can obtain all information about the

Transaction within the

View your own app.

Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app that apply between you and us

culture4life GmbH (we)

(5) After making the payment, you can optionally send the payment receipt (Information about the transaction with the operator) to your email address (Optional user data) have it sent. Art. 6 (1) 1 a) Consent to culture4life GmbH (we)

4. Recipients of personal data

The following payment service providers can be used to process payments. They are recipients of your data. You act on your own responsibility and process your data independently.

Services provided by providers Providers Processed data Implementation of payments and related services Rapyd Europe hf., Suðurlandsbraut 30, 108 Reykjavík, Iceland Payment method information, information about the transaction with the operator

Rapyd's latest privacy information can here be retrieved.

Carrying out payments and related services

Adyen N.V., Simon Carmiggeltstraat 6-50 1011 DJ Amsterdam
The Netherlands
Payment method information, information about the transaction with the operator

Adyen's latest privacy information can here be retrieved.

Order processing contracts in accordance with Article 28 GDPR have been concluded with the following recipients, so that they can only process your data for a specific purpose and on our instructions:

Services provided by providers Providers Processed data Software maintenance and software operating services neXenio GmbH, Charlottenstr. 59, 10117 Berlin user ID, information about the transaction with the operator, optional user data IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

user ID, information about the transaction with the operator, optional user data

Server location: Germany, Hungary (Open Telekom Cloud)

Delivery of payment receipt Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin; HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Optional user data, information about the transaction with the operator

5. Duration of storage of personal data

Your personal data will be automatically deleted after the deadlines described below:

• Yours User ID and your optional user data are deleted by pressing the delete button within your app or by revocation.
• Payment method information and information about the transaction with the operator are stored by the payment service provider for up to 10 years in accordance with banking regulatory regulations. Luca must also store the payment data for 10 years for settlements with the operator.

‍

The luca loyalty program allows you to collect and redeem loyalty points (luca points), which offer you benefits when using the luca app.

These loyalty points are linked to your account (see Section C).

Among other things, it is possible to use the digital payment function (see Section G) to collect payment-bound Luca Points and redeem them when making a payment.

1. Data categories

• User ID: user ID
• Information about the transaction with the operator: Transaction ID, time, date of transaction, invoice amount, name or description of operators

2. Purposes and legal bases of processing

Participation in the loyalty program is based on the terms of use between you and us for the luca app within the meaning of Art. 6 (1) 1 b) GDPR.

3. Recipients of personal data

Services provided by providers Providers Processed data Software maintenance and software operating services

neXenio GmbH, Charlottenstr. 59, 10117 Berlin

user ID,

Information about the transaction with the operator

IT infrastructure services (servers)

Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

user ID,

Information about the transaction with the operator

Server location: Germany, Hungary (Open Telekom Cloud)

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

4. Duration of storage of personal data

The data required for participation will be processed by us as long as it is necessary to fulfill our contractual and legal obligations.

‍

The hotel function provides for the case that you are planning a stay with an operator who runs a hotel.

You can then complete both your check-in upon arrival and your checkout upon departure with the luca app. In addition, the luca app creates a registration form for your stay at the hotel.

1. Data categories

As part of the hotel function, the operator processes your Check-in/check-out dates. This includes your date of birth, nationality, billing and home address, telephone number and the arrival and departure dates associated with the booking. If necessary, the serial number and identity card/passport may be collected by the hotel as part of the digital registration form.

In addition, if you request payment of the hotel bill upon check-out at the hotel, the operator may process payment data as described in section G of this privacy policy.

2. Purposes and legal bases of processing

The processing of check-in/check-out data and payment data as set out in Section G serves to execute the contract within the meaning of Art. 6 (1) 1 b) GDPR between you and the operator.

3. Recipients of personal data

The operator is responsible for collecting your data when making a reservation. We provide the operator with the technical service and are therefore the operator's contractor in accordance with Art. 28 GDPR.

In addition, the following subcontractors will receive your personal data:

Services provided by providers Providers Processed data Software maintenance and software operating services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Check-in/check-out dates IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Check-in/check-out dates

Server location: Germany, Hungary (Open Telekom Cloud)

Sending the confirmation Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin; HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Check-in/check-out dates

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

4. Duration of storage of personal data

The data required for the hotel function is stored and automatically deleted 1 year after departure of the guest (in accordance with the retention periods applicable to the client in accordance with Section 30 (4) BMG) or in accordance with the relevant provisions of applicable law.

‍

The luca app gives you the option to store your test, recovery and vaccination certificate in your luca app. The certificate is only stored locally on your own smartphone and is not connected to the account function.

1. Data categories

If you use the function to store your test result, vaccination or recovery card, we also collect the following data based on your consent:

Test result/recovery/vaccination document: First and last name as well as date of birth, infection status, the identification number of your document and in addition:

1. 1. With the test result: type of test (PCR or antigen test), information about the test manufacturer, the test site and the issuing authority of the certificate, time of test and issue
   2. In the case of the recovery certificate: date of positive testing, information about the issuing authority, period of validity
   3. In the case of the vaccination certificate: date of vaccination, number of vaccinations, information about the vaccine (disease, manufacturer, product), information about the issuing authority

2. Process description

The luca app offers you the option of saving a test result or a vaccination or recovery certificate (hereinafter referred to as “document”) in the luca app and, if necessary, to present it to authorized bodies. This is no longer based on the purpose of supporting contact tracing and only serves as a type of wallet (uniform storage location). When you check-in, you can also access any document required for access directly in the luca app. The respective document is not sent to the operator or to the health department. The document remains exclusively in your luca app and is not stored by us on the server. We therefore have no access to your data stored in this context. To enter a document, you can do this using the QR code or the link provided by the issuing body on your test result or digital recovery/vaccination certificate. If you choose to use this feature, you may need to turn on your smartphone's camera to scan the QR code. The negative test result or recovered or vaccination status is validated and stored locally on your device in the luca app. The validation is carried out by comparing the first and last name with the data stored in the app locally on your device. The validity, the electronic signature contained in the QR code and the authenticity of the document are also checked. To prevent misuse so that the document cannot be stored multiple times in the luca app by different people, a pseudonymized identifier is created by your luca app and transmitted to the LUCA system. Only this ID is stored in the LUCA system. We cannot assign them to you. Each document can only be stored once at a time. It is therefore not possible to use the same document on multiple devices.

3. Special categories of personal data in accordance with Art. 9 GDPR

If you decide to store your COVID test result or digital recovery or vaccination card in the luca app, this is also done in accordance with Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR only on the basis of your express consent.

4. Purposes and legal bases of processing

Processing operations and their supplementary purposes and legal bases are described below, which serve the purpose of simple and local filing and storage of a test result, a vaccination or recovery certificate (hereinafter “document”). If necessary, you can present this document to authorized bodies.

Section Processing and Purpose Rights Responsible(1) If you would like to store your document in the luca app on your smartphone, the data from the test results/recovery/vaccination documents will be transmitted locally to your smartphone.

This is for the purpose of depositing the document so that it can be presented as desired.

Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we) (2) If you want to store your document in the luca app by scanning the QR code (holding the smartphone camera via the QR code), it is necessary to switch on your camera. Only the QR code is read in. Surrounding data is not collected.

This is for the purpose of depositing the document so that it can be presented as desired.

Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR:

Consent by turning on the camera function, if necessary when prompted in the app.

You can withdraw your consent at any time in the future by turning off your camera function. (see also part D. 7.)

culture4life GmbH (we) (3) After inserting the document into your luca app, your app matches the first and last name of the document with your entries in the luca app. This is done exclusively locally on your device and is used to identify you. Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we) (4) the validity, the electronic signatures contained in the QR code and the authenticity of the document are also verified.Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we) (5) To prevent misuse, so that the document is not used multiple times by different people in the luca app can be stored, a pseudonymized identifier is created by your luca app and transferred to the LUCA system and stored there.Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we)

5. Recipients of personal data

Services provided by providersProviderprocessed dataSoftware maintenance and software operating servicesNexenio GmbH, Charlottenstr. 59, 10117 BerlinIdentification of test result, recovery or vaccination documents

(Processing is limited to possible access to the listed data as part of carrying out software maintenance and software operating services)

IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Identification of test result, recovery or vaccination documents

Server location: Germany, Hungary (Open Telekom Cloud)

Order processing contracts have been concluded with these recipients in accordance with Article 28 GDPR, so that they can only process your data for a specific purpose and on our instructions.

6. Duration of storage of personal data

An antigen/PCR test stored locally in the luca app is automatically deleted after 48 (antigen test)/72 (PCR test) hours. All locally stored documents are automatically deleted as soon as the document's validity is exceeded. You can also manually delete your COVID test result, recovered or vaccination status within your app at any time.

The pseudonymized document ID is automatically deleted from the LUCA system after 72 hours. The identification of the respective document is used exclusively to prevent misuse, so that the respective document cannot be stored multiple times in the luca app, possibly by different people.

‍

With regard to the processing of your personal data, you have the following rights under the GDPR, which you can assert against us for all processing for which we are responsible:

• The right to request a statement as to whether your personal data is being processed and, where this is the case, the right to access this data. Within the app, you can download your data stored with us by using the information button. The following explanations should be made with regard to the specifics of the individual data:

• Your test and certificate documents (part E) are only stored locally on your device. We only have the ID that is sent to us to prevent misuse. We are unable to assign this ID to you.
• For information about your luca Pay data (part G), you can use the information button to determine your user ID. If you share this with us, we as culture4life can research your data at Rapyd Europe and provide you with information about it.

• The right to request the correction of your personal data if they are incorrect or incomplete (Article 16 GDPR). You can only correct your contact details yourself (except for the history) in the luca app. We already fulfill this right through the functionalities provided. To exercise, all you have to do is go to the appropriate areas within the luca app and make the correct/change.
• The right, under certain conditions, to request that your personal data be deleted immediately (so-called “right to be forgotten”) (Art. 17 GDPR). We comply with this right by providing a delete button.
• The right to request that the processing of your personal data be restricted under certain conditions (Article 18 GDPR).
• The right to withdraw consent given to us with regard to the processing of your personal data at any time. This will be done in the future by changing your settings, as well as by deleting the stored certificates, identity document and payment details. Such a withdrawal does not affect the lawfulness of the processing that has taken place up to your withdrawal. In addition, the following should be noted for individual data:

To exercise these rights against us, you can also contact our data protection officer using the contact details set out in Part B of this Privacy Policy.

Notwithstanding the above rights, you have the right to lodge a complaint with a supervisory authority for data protection and freedom of information, for example with the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information responsible for us:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, P.O. Box 10 29 32, 70025 Stuttgart.

‍

This is the current version of our privacy policy (valid from 25.06.2024). We reserve the right to adapt this privacy policy (in particular in the event of changes in the legal situation or changes to our functionalities). For this reason, it is advisable to review this privacy policy at regular intervals.