Privacy Policy

DATA PROTECTION POLICY

The purpose of these standard contractual clauses is to ensure that the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)1 are complied when transferring personal data to a third country.

Where these clauses use terms defined in Regulation (EU) 2016/679 those terms shall have the same meaning as in that Regulation.

These clauses shall not be interpreted in a way that conflicts with the rights and obligations under Regulation (EU) 2016/679.

According to Art. 4 (7) of the EU General Data Protection Regulation (GDPR), the responsible party is LOEWI GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany, e-mail: de@bioniq.com.

We are legally represented by James Hardy. Our data protection officer is hey Data UG (haftungsbeschränkt), Gormannstr. 14, 10119 Berlin, www.heydata.eu, e-mail: info@heydata.de.

LOEWI GmbH ("LOEWI")

We are committed to protecting and respecting your privacy. This policy sets out the basis on which the personal data we collect is processed by us.

Please read this privacy policy carefully to understand our views and practices and your rights in relation to your personal data. When you visit our website or mobile applications, use our services or otherwise provide us with your personal data, it will be processed as described in this policy.

COLLECTION AND USE OF PERSONAL DATA

We may collect personal information that you provide us with when you: purchase, order, return, exchange or request certain information about our products and services; contact us;

visit or register on our website or participate in any other feature of our website;

enter a competition or sweepstake or respond to one of our surveys;

participate in consultations with a nutritionist offered as part of our services; or

disclose your health information (e.g. results of blood tests and similar tests) to us or third parties or

send us comments or suggestions.

1.1 We may also collect personal data about you from service providers who provide us with e-commerce services in connection with the website.

1.2 Personal data or personal information is any information about an individual from which that individual can be identified. This does not include data where the identity has been removed (anonymous data).

1.3 We may collect, use, store and transfer different types of personal data about you, which we have summarised as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact data includes billing address, shipping address, email address and phone numbers.

Financial data includes bank account and payment card details.

Transaction data includes details of payments made to and from you and other details about products and services you have purchased from us.

Technical data includes IP address, your log-in details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access this website.

Profile data includes your username and password, purchases or orders you have made, your interests, preferences, feedback and survey responses.

Usage data includes information about how you use our website, products and services.

Marketing and communications data includes your preferences about receiving marketing materials from us and our third parties and your communication preferences.

Special categories of personal data include details about your ethnicity, information about your health and genetic and biometric data.

1.4 We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data, but is not legally considered personal data because it does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a particular feature of the site. However, if we combine or link aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data used in accordance with this Privacy Policy.

1.5 Below is a tabular description of all the ways in which we intend to use your personal data and the legal basis on which we do so. Where appropriate, we have also indicated our legitimate interests.

1.6 Please note that we may process your personal data for more than one legal ground, depending on the specific purpose for which we use your data. Please contact us if you require details of the specific legal ground on which we rely to process your personal data, where more than one ground is set out in the table below.

1.7 In addition, we use your contact information to send you newsletters, emails, push notifications and in-app notifications about our products, services, sales and special offers where you have signed up to receive these and have not opted out. Customer journey emails may still be sent after you have unsubscribed if your subscription is still active.

1.8 We may combine the information we receive about you through our websites with the information we receive through our apps for the purposes described above. We may also use the information we receive in other ways, which we will explicitly inform you about at the time of collection or with your consent.

If you do not provide us with this information or if you remove it from our website or ask us to remove it, we will not be able to provide the services to you.

Purpose/Activity/ Type of data legitimate basis for processing, including legitimate interest.

In order to register you as a new customer and open your account.

(a) Identity (b) Contact

To process a contract with you

To process and deliver your order, including: (a) managing payments, fees and charges (b) collecting and recovering amounts owed to us (c) keeping you informed of the status of your order

(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications

(a) To perform a contract with you (b) Necessary for our legitimate interests (to collect debts due to us)

To provide our services and products to you, including: (a) Collecting and analysing your health, biometric and genetic data by taking blood, DNA and other samples from you directly or through our partners (b) Making personalised recommendations based on the data in (a) above

(a) Special categories of personal data (b) Identity (b) Contact

(a) Your explicit consent (b) Performance of a contract with you (c) Necessary for our legitimate interests (to improve and develop our products/ services and to grow our business)

To manage our relationship with you, which includes: (a) notifying you of changes to our terms or privacy policy (b) requesting you to submit a review or participate in a survey (c) communicating with you about your account or transactions and sending you information about features and enhancements (d) complying with and enforcing applicable legal requirements, relevant industry standards and our policies, including this Privacy Policy and the Terms and Conditions.

(a) Identity (b) Contact (c) Profile (d) Marketing and Communications

(a) To perform a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to update our records and study how customers use our products/ services).

To enable you to enter a prize draw, competition or survey.

(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and communication.

(a) To perform a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/ services in order to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

(a) Identity (b) Contact Information (a) Identity (b) Contact (c) Technical

(a) Necessary for our legitimate interests (for the conduct of our business, the provision of administrative and IT services, network security, the prevention of fraud and in connection with a corporate reorganisation or group restructuring) (b) Necessary to comply with a legal obligation

To provide you with relevant website content and advertising, and to measure or understand the effectiveness of the advertising we provide to you.

(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and communication (f) Technical.

Necessary for our legitimate interests (to study how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy).

Use of data analytics to improve our website, products/services, marketing, customer relationships and experience.

(a) Technical (b) Use

Necessary for our legitimate interests (to define types of customers for our products and services, to update our website and keep it relevant, to develop our business and to inform our marketing strategy).

To make suggestions and recommendations to you about goods or services that may be of interest to you.

(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and communication.

Necessary for our legitimate interests (to develop our products/ services and grow our business).

1.9 We will only provide members of our staff with access to the personal data only to the extent strictly necessary for the performance, administration and  monitoring of the contract. It shall ensure that the persons authorised to process   the personal data have committed themselves to confidentiality or are subject to a corresponding legal obligation of secrecy.

2. LEGAL BASIS FOR DATA PROCESSING

The scope of the data processing, the purposes of the processing and the legal basis are described in detail below:

6 para. 1 S. 1 lit. a GDPR serves us as the legal basis for processing operations for which we obtain consent.

6 para. 1 p. 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. if a visitor of the website buys a product from us, or we provide a service for him/ her. This legal basis also applies to processing that is necessary for pre-contractual measures, such as enquiries about our products or services.

6 para. 1 S. 1 lit. c GDPR applies when we process personal data in order to fulfil a legal obligation, as may be the case, for example, in tax law.

6 para. 1 S. 1 lit. f GDPR serves as the legal basis if we rely on legitimate interests in the processing of personal data, e.g. for cookies, which are necessary for the technical operation of our website.

- If we collect your personal data by relying on our legitimate interests (or those of a third party), that interest is usually to improve our websites and services, to manage our relationship with you and to communicate with you to the extent necessary to provide our services to you, and for our legitimate business interests, such as responding to your requests.

responding to your enquiries, improving our websites and our services, carrying our marketing services, or for the purposes of ensuring the security of our websites and services.

to detect or prevent illegal activities such as fraud. We may also have other legitimate interests and will, where appropriate, inform you of these legitimate interests in due course.

- If we ask you to provide personal information in order to comply with a legal requirement or to enter into a contract with you, we will clarify this at the appropriate time and inform you whether providing your personal data is mandatory or not (and the possible consequences if you do not provide your personal data).

In cases, it may be necessary for you to provide us with personal data for the described above in order for us to be able to provide you with all of our services and for you to be able to use all the features of our websites.

- We need to obtain your explicit consent to process the special categories of

personal data and to use automatic profiling and artificial intelligence processing and training. We obtain your consent by signing up to the service and accepting the terms and conditions. If you withdraw your consent in accordance with the section below, we will no longer be able to provide our services to you.

- In certain cases, we may retain your personal data for as long as we have an ongoing legitimate business need to do so, for example, to provide you with services or products, or as required or permitted by applicable laws, such as tax and accounting laws. If we do not have an ongoing legitimate

business need to process your personal data, we will either delete it or make it anonymous, or if this is not possible (e.g. because your personal data is stored in backup archives), we will keep your personal data secure and isolate it from any further processing until erasure is possible.

If you have any questions about the legal bases on which we collect and use your personal data, or require further information, please contact us at: de@bioniq.com

3. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Our business may require us to transfer your personal data outside the European Economic Area ("EEA"), including countries that may not have the same level of data protection as your home country, such as the United States and China. We take appropriate steps to ensure that your personal data is handled in accordance with this privacy policy, for example, through standard contractual clauses approved by the Commission.

To the extent that we transfer data to service providers or other third parties outside the EEA, the security of the data during transfer, where available (e.g. for Canada or Israel), is guaranteed by adequacy decisions of the EU Commission (Art. 45 para. 3 GDPR). If there is no adequacy decision (e.g. for the USA), the legal basis for the transfer of data is usually standard contractual clauses, unless we provide a different indication.

This is a set of rules adopted by the EU Commission that is part of the contract with the respective third party. According to Art. 46 para. 2 lit. B GDPR to ensure the security of the data transfer. Many of the providers have issued contractual guarantees that protect the data beyond the standard contractual clauses.

These are, for example, guarantees regarding the encryption of the data or regarding the obligation of a third party to inform the data subjects if law enforcement authorities want to access data.

The transfer of data to third parties in the United Kingdom of Great Britain and

Northern Ireland currently takes place on the basis of the transitional arrangement in the Trade and Cooperation Agreement between the European Union and the United Kingdom.

4. YOUR RIGHTS

You have the following data protection rights, which you can exercise at any time by contacting us at de@bioniq.com:

The right to access, correct, update or request deletion of your personal data.

The right to object to the processing of your personal data, if it is based on our legitimate interests, unless there are compelling reasons for such processing and, separately, the right to object to direct marketing.

The right to ask us in certain situations to restrict the processing of your personal data or to request the portability of your personal data.

The right to unsubscribe from marketing communications sent to you by us at any time. You can exercise this right by clicking on the "unsubscribe" or "Opt-out" link in the marketing emails we send you. If you choose other forms of marketing (e.g. postal marketing or telemarketing), please contact de@bioniq.com

If we have collected and processed your personal data with your consent, you have the right to withdraw your consent at any time. The revocation of your consent will not affect the lawfulness of the processing that we carried out prior to your revocation, nor on the processing of your personal data based on lawful grounds other than consent.

You have the right to complain to a data protection authority at any time about our collection and use of your personal data. For further information, please contact your local data protection authority. We ask you to report any complaints or concerns and allow us time to resolve the issue, before raising these concerns with a data protection authority.

We will respond to all requests we receive from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws.

If you are aware of any changes or inaccuracies in your information, you should inform us so that our records can be updated or corrected.

We will endeavour to update, provide information or delete your account within 30 days of being requested to do so.

5. COOKIES

We use "cookies" which, if you allow their use, store small amounts of data on your computer when you visit the website. With the help of cookies, we can determine which features of the website you like best. Cookies therefore enable us to tailor our content to your preferences. You have to accept or reject cookies by changing the settings of your browser. Our website can also be displayed if you deactivate the cookie function in your browser. However, if you disable cookies, key features such as account login and checkout will not work.

We may use cookies for a number of purposes, including, but not limited to: tracking preferences you indicate while using the Site; providing advertising and content relevant to your interests; the provision of general internal and customer analytics; the retention of information in both identifiable and anonymous form; accessing your information when you "sign in". Information when you "opt in" to provide you with tailored content; conducting research to provide you with tailored content; conducting research to improve our content, products and services; supporting security measures, such as the requirement to re-register after a certain, requesting you to log in to the website again after a certain period of time; and assisting in identifying possible fraudulent activity.

Some of this technology uses internet "cookies". Cookies are stored on your hard drive in the form of text files. Most cookies are "session cookies", i.e. they are automatically deleted when you leave the site. Other cookies are called "persistent" because they do not expire. These cookies usually enable us to provide targeted information about products and prices. You can easily remove them by following the instructions in the help file of your browser. Whilst this statistical data is collected, it is important to know that we do not sell, rent or lease any of your personal information.

6. PROMOTIONAL INFORMATION AND MARKETING MATERIAL

We would like to inform you about products and services, sales and special offers which may be of use to you. When you register online or participate in a survey, you will have the opportunity to sign up to receive emails about our products, services, sales and special offers.

We reserve the right to unsubscribe customers who have already used our services or purchased goods from us from time to time by email or other means, unless you have opted out.

The legal basis for this data processing is Art. 6 para. 1 S. 1 lit. F GDPR.

Our legitimate interest lies in direct advertising (recital 47 GDPR). Customers

can object to the use of their e-mail address for advertising purposes at any time at no additional cost, for example via the link at the end of each email or by sending an email to our email address. Interested parties have the option to subscribe to a free newsletter.

We process the data provided during registration solely for the purpose of sending the newsletter.

Registration takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document or by another clear document or by any other unambiguous act by which the interested party consents to the processing of its data, so that the legal basis is Art. 6

Abs. Pp. 1 lit. A GDPR.

The consent can be revoked at any time, e.g. by clicking on the corresponding link in the newsletter or by sending a message to our e-mail address mentioned above.

The processing of the data until revocation remains lawful even in the event of revocation.

Based on the consent of the recipients (Art. 6 para. 1 p. 1 lit. a GDPR), we measure

the opening and click-through rates of our newsletters.

We send the newsletters with HubSpot, Inc. 25 First St., 2nd floor, Cambridge,

Massachusetts 02141, USA (privacy policy:

https://legal.hubspot.com/de/privacy-policy ).

The provider processes content, usage, meta/communication data and contact data.

We send newsletters with Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA ("Mailchimp" and/or "Mandrill", privacy policy:

https://mailchimp.com/legal/privacy /).

The provider processes content, usage, meta and communication data as well as

contact data.

7. SECURE ORDERING

When you enter personal information on our website, it is protected both online and offline. We may only access your credit card (but not your actual credit card details) to issue credits, never for actual charges. Only you can make a charge by placing an order in your password-protected account.

If you are on a secure site, such as our order form, which is hosted in a secure data facility, your web browser's lock icon will be locked. This indicates that the connection between your web browser and our web server is secure. When you are on a secure site, the "http" in your browser will change to "https".

When you enter confidential information (e.g. your credit card number), this information is encrypted and protected with encryption software that meets or exceeds industry standards (Secure Socket Layer).

We do not store credit card numbers on our website or in the back-office systems associated with it. We store the last 4 digits of your credit card for reference and to be able to communicate with you.

For repeated orders of our services that you have placed through our website, your details will be stored for future payments if you choose to have our payment processor to securely store your credit card details and provide us with a unique token representing the relevant card.

We take reasonable and appropriate steps to protect your personal information from unauthorised disclosure or access. However, data that is transmitted over the Internet or stored on a server can never be 100% secure. Therefore, while we strive to protect your privacy and personal information, we cannot guarantee the security of any information transmitted or disclosed to us online. If you have chosen to register with us, you have set a password for your account, and in this case your online account information will be protected by your password. We recommend not to disclose your password to any third party. You are responsible for the confidentiality of your account and password and are fully responsible for all activities that occur under your account and password. We recommend that you create strong passwords, e.g. those with alphanumeric combinations. In the event of closure of this website, all personal data will be destroyed, or you will be informed about a new way of how the data will be used.

8. LOEWI WEBSITE & THIRD PARTY PROVIDERS

Like most retailers, we collect information about your visit to our website. This information includes your IP address, the type of device and software you use to access our website, your internet service provider, how you interact with our website, such as which pages you visit or links you follow to enter or leave our website.

We collect this information to help us improve information and services. To collect this information, we use third party technologies such as Google. This software is used to anonymously aggregate information about how the LOEWI website is used. We collect this information to ensure that the websites are optimised on the basis of the technologies that the majority of users used to access our websites.

On the basis of a contract processing agreement (Art. 28 GDPR), our

website is hosted by Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, USA,

(privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.).

The provider processes the personal data transmitted via the website, e.g. about content, usage, meta/ communication data or contact data.

It is our legitimate interest to provide a website, so the legal basis for the data processing is Art. 6 para. 1 S. 1 lit. F GDPR. We use a content delivery network that helps to make our website available.

The provider is Kinsta Inc. from the USA. The provider processes the personal

data transmitted via the website, e.g. on content, usage, meta/communication data or contact data. Our legitimate interest is the provision of a website, so that the legal basis for the data processing is Art. 6 Abs. 1 S. 1 lit. F GDPR.

9. DISCLOSURE OF PERSONAL INFORMATION

We may engage in direct marketing of LOEWI products or services by email, direct mail, telemarketing, fax and/ or other forms of communication with you.

We may share your personal information with one of our affiliated companies. Furthermore, we enter into marketing relationships with advertisers or other companies that offer products or services that we believe may be of interest to our customers.

With your consent, we may send you information by post, email or telephone about products and services of these advertisers or other companies if you provide us with your name and address, email address or telephone numbers.

If in the future you no longer wish to receive promotional or direct marketing materials from LOEWI or any of our affiliates, please send your request to LOEWI Customer Service via the following communication channel:

By email: de@bioniq.com

10. ACCESS TO PERSONAL DATA BY COMPANIES WORKING WITH OR ON BEHALF OF LOEWI

Some of our activities, such as our e-commerce, may be managed by service providers that are non-affiliated companies. These companies may disclose personal information to their affiliates and to service providers that they engage to provide services in connection with our website or the operation of our business. Examples of these services include payment processing and authorisation, fraud protection, and credit risk mitigation, product customisation, order fulfilment and order processing and shipping, distribution of marketing and promotional materials, website evaluation, data analysis and data cleansing where applicable. These companies may have access to your personal information on a confidential basis only to the extent necessary for the performance of their functions. In no event will we authorise these companies to use your personal data for any purpose other than for the provision of those specific services.

When your purchases are shipped to you, your shipping information will be shared with our delivery service providers. Our delivery service providers are asked to use your personal information for delivery purposes only.

Your personal information may also be used by certified third party providers such as medical laboratories that perform blood tests, phlebotomists and nutritionists. These companies may have access, on a confidential basis, to your personal data only to the extent necessary for them to perform their functions. We will not authorise these companies to use your personal data for any purpose other than for the provision of these specific services.

11. SALE OF BUSINESS

In the event that we or some of our assets are sold or transferred or used as collateral, your personal data may be transferred to third parties as part of that transaction.

12. DISCLOSURE OF PERSONAL INFORMATION IN LEGAL PROCEEDINGS

If we or any of our service providers are requested by law enforcement or judicial authorities to provide personal information about individual users, we or the relevant service provider may provide that information without your consent.

In matters involving personal or public safety, we or the relevant service provider may disclose your personal information without your consent or legal proceedings.

We or our service providers may also provide your personal information in response to a search warrant or other valid request or order, or to an investigative authority in the event of a breach of contract or the law, or in a legal proceeding in which we or the applicable service provider is involved, or otherwise as required by law. We may also disclose personal information to assist in debt collection if you owe us a debt.

13. PRIVACY POLICY AND EXTERNAL LINKS

Our website may contain links to the websites of our business partners, vendors and advertisers. These other websites are outside our control. Please be aware that these websites may collect information about you and operate under their own privacy practices, which may differ from those in our privacy policy. Remember to consult the privacy policy of each website, because once you leave the website, any information you submit is no longer under our control.

14. BIOMARKER INFORMATION

We will use your biomarker test data and self-reported data to provide you with LOEWI recommendations, create your individual supplement formula, customise your user experience and improve our services.

Self-reported information is used to customise your user experience. We may use your anonymised test data and the data you self-reported to third parties for research or other uses.

No identifying information will be shared without your prior knowledge and consent.

15. Other

15.1 CONTACT FORM

When you contact us via the contact form on our website, we store the data requested there and the content of the message. The legal basis for the processing is our legitimate interest in responding to the enquiries sent to us. The legal basis for the processing is therefore Art. 6 para. 1 S. 1 lit. F GDPR.

We delete the data accruing in this context after the storage is no longer necessary, or restrict the processing if statutory retention obligations exist.

15.2 JOB OFFER / VACANCY

We advertise vacancies in our company on our website, on sites linked to the website, or on third-party websites.

The processing of the data provided in the application is carried out for the purpose of carrying out the application procedure.

Insofar as this is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG.

We have marked the data required to carry out the application procedure to you.

If applicants do not provide this data, we will not be able to process the application. Further information is voluntary and not required for an application. If applicants provide further information, the basis is their consent (Art. 6 para. 1 p. 1 lit. a GDPR).

We ask applicants not to include in their CV and cover letter any information on political opinions, religious convictions and similarly sensitive data. They are not required for an application. If applicants nevertheless provide such information

we cannot prevent their processing in the course of the CV or cover letter processing.

Their processing is then also based on the consent of Art. 9 para. 2 lit. a GDPR.

Finally, we process the applicants' data for further application procedures if you have given us your consent to do so. The legal basis in this case is Art. 6 Para. 1 S. 1 lit. a GDPR. We pass on the applicants' data to the relevant employees of the personnel department, to our order processors in the area of recruiting, and to the other employees involved in the application process. If there is an employment relationship with the applicant after the application process, we delete the data only after the employment relationship has ended. Otherwise, we  delete the data no later than six months after the rejection of an applicant.

If applicants have given us their consent to use their data for further application procedures, we do not delete their data until one year after receipt of the application.

15.3 MEETING

Website visitors can book appointments with us via our website. For this purpose

we process metadata or communication data in addition to the data entered. We

have a legitimate interest in offering interested parties a user-friendly way to  make an appointment.

The legal basis for the data processing is therefore Art. 6 para. 1 S. 1 lit. F GDPR. If we use a third-party tool for the agreement, you will find the information under "Third-party tools".

15.4 PAYMENT SERVICE

For the processing of payments, we use payment processors who are themselves

responsible under data protection law within the meaning of Art. 4 No. 7 GDPR.

Insofar as these process the data and payment data entered by us during the ordering process, we thereby fulfil the contract concluded with our customers (Art. 6 para. 1 p. 1 lit. b GDPR).

15.5 Third-party tools

Google Analytics

Provided that the site visitor has consented, we use Google Analytics, a web analytics service of Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland ("Google").

The service uses cookies.

The cookies generate information about the use of the website by the site visitors, including the pages viewed, achievement of "site goals" (e.g. contact requests and newsletter sign-ups), behaviour on the pages (e.g. clicks, scrolling behaviour and dwell time), the approximate location (country and city), the IP address of the site visitor (in shortened form, so that no clear assignment is possible), technical information such as browser, internet provider, terminal device and screen resolution and the source of the visit (i.e. via which website or advertising medium a site visitor has come to us).

These are usually transmitted to a server of Google in the USA and stored there. The legal basis for the processing is the consent of the site visitor (Art. 6 para. 1 p. 1 lit. a GDPR). The site visitor consent at any time by contacting us using the contact details provided above.

The revocation does not affect the lawfulness of the processing until the revocation. Google will use this information to monitor the use of website visitors for us, to compile reports about the activities on this website, and to provide other services relating to website activity and internet usage.

The data can be used to create pseudonymised usage profiles of website visitors.

Google does not combine the IP address transmitted by the visitor's browser with other data.

Further information on the use of data by Google can be found in Google's privacy policy (https://policies.google.com/privacy). The personal data of website visitors will be deleted or anonymised after 14 months.

Standard data protection clauses adopted by the EU Commission (Art. 46 para. 2 lit. c GDPR), which we have agreed with Google.

Google Ads (formerly Adwords)

For the placement of advertisements, we use the tool Google AdWords of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ("Google") on the basis of an order processing agreement.

The tool collects and transmits cookies with usage data, in particular which pages have been visited, which elements have been clicked, device and browser information, IP-address, operating system, data about the advertising displayed and data from advertising partners, in particular pseudonymised user IDs to the provider of the tool.

The legal basis for the data processing is Art. 6 para. 1 S. 1 lit. a GDPR.

Consent can be revoked at any time using the data provided on this contact page.

The revocation does not affect the lawfulness of the processing until the revocation. The security of the data when transferred to servers in the USA is guaranteed, as our contract with the provider contains standard data protection clauses published by the EU Commission (Art. 46 para. 2 lit. c GDPR). Further information on data processing can be found in the provider's privacy policy at

https://www.google.com/intl/de/policies/privacy.

Google Tag Manager

For the administration of Google tags, we use the Google Tag Manager tool from

the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ("Google").

The tool collects and transmits cookies to the provider of the tag management tool.

The legal basis for the data processing is Art. 6 para. 1 S. 1 lit. A GDPR.

Consent can be revoked at any time using the data provided on this contact page.

The revocation does not affect the lawfulness of the processing until the revocation.

Further information on data processing can be found in the privacy policy of the provider at https://www.google.com/policies/privacy.

Facebook's Visitor Action Pixel

Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

("Facebook") uses the "Visitor Action Pixel" on our website on the basis of a commissioned processing.

With the help of the visitor action pixel, we can track the behaviour of website visitors after they have been redirected to our website by clicking on a Facebook ad (so-called "conversion").

In this way, we can also measure the effectiveness of Facebook ads for statistical and market research purposes.

The data collected in this way is anonymous for us, i.e. we do not see the personal data of the individual users.

However, this data is stored and processed. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage guidelines. More Information at https://www.facebook.com/about/privacy

The "visitor action pixel" is triggered by Facebook when our website is accessed and may store a cookie on the site visitor's device.

If the visitor of the website is then logged into Facebook or visits Facebook, the visit to our website will be noted in his or her profile. The data collected about them remains anonymous to us, so that we cannot draw any conclusions about the identity of the user.

However, Facebook stores and processes the data in such a way that it is possible to link the data to the respective profile of the site visitor and can be used by Facebook and for its own market research and advertising purposes.

The legal basis for the use of this service is the consent of the page visitor (Art. 6 para. 1 p. 1 lit. a GDPR). The visitor to the website can revoke his/ her consent at any time by contacting us using the contact details provided above.

The revocation does not affect the lawfulness of the processing until the revocation affected. The security of the data is guaranteed because the contract with Facebook contains standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR, which have been adopted by the EU-Commission.

Custom Facebook Audiences

Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

("Facebook") offers "Custom Audiences" on our website on the basis of an order processing agreement (Art. 28 GDPR).

The offer allows us to divide visitors to our website into groups based on the actions they have taken on the website. These groups are called customised target groups.

We can serve ads to other Facebook users who meet the criteria of that audience.

The offer therefore processes the data already collected through other actions, e.g. the Visitor Pixel.

The legal basis for the use of this service is the consent of the page visitor (Art. 6 para. 1 p. 1 lit. a GDPR). The site visitor can revoke his/ her consent at any time by contacting us using the contact details provided above. The revocation shall not affect the lawfulness of the processing not affected until the revocation.  

The security of the data is guaranteed, as the contract with Facebook contains standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR, which have been adopted by the EU Commission.

Hotjar

On the basis of an order processing agreement (Art. 28 GDPR), we use the

web analytics service of Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter "Hotjar").

Hotjar uses, among other things, cookies which are stored locally in the cache of the site visitor's web browser and which enable an analysis of the use of our website by the visitor.

This allows personal data to be stored and analysed. This activity of the site visitor (e.g. which pages he/ she visits and which elements he/ she has clicked on), device and browser information (in particular the IP address and the operating address and operating system) and a tracking code in the form of a pseudonymised user ID.

The information collected in this way is transmitted by Hotjar to a server in Ireland

and stored anonymously there.

Further information on the processing of data by Hotjar can be found at

https://www.hotjar.com/legal/policies/privacy. The use of Hotjar enables us to better understand the needs of visitors to our website and to optimise the

website.

The legal basis for the processing of the personal data of the users is basically the consent of the user pursuant to Art. 6 para. 1 S.1 lit. a GDPR.

Visitors to the website can withdraw their consent by contacting us using the contact details above. The withdrawal does not affect the lawfulness of the processing until the revocation. The aforementioned data will be stored for as long as it is necessary to fulfil the purposes described in this privacy policy or as required by law.

HubSpot

On the basis of an order processing agreement (Art. 28 GDPR) we use HubSpot, a software of HubSpot Inc., USA ("Hubspot"), for various marketing and CRM activities.

This software helps us, among other things, through statistical analyses and evaluations of the behaviour to better coordinate our marketing strategy and optimise the content provided to you.

Hubspot processes the following data:

Geographic location

Browser type

Navigation information

Reference URL

Performance data

Information about how often the application is used

HubSpot subscription service credentials

Files displayed on the website

Domain names

Pages viewed

Aggregated usage

Operating system version

ISP

IP address

Device identification

Duration of visit

Where the application was downloaded from

Operation

Events that occur within the application

Access time

Clickstream data

Device model and version.

The legal basis for the processing is the consent of the site visitor (Art. 6 Para. 1 p. 1 lit. a GDPR). The site visitor can revoke his or her consent by contacting us via the contact details provided above. The revocation has no influence on the lawfulness of the processing until the revocation.

Further information can be found in HubSpot's privacy policy at https://www.hubspot.com/privacy-policy. Standard data protection clauses adopted by the EU Commission (Art. 46 Para. 2 lit. c GDPR) that we have agreed with HubSpot.

Maps from Google Maps

For the integration of an interactive map directly on our website, we use the Google Maps service provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, California 94043, USA ("Google").

The tool collects and transmits browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request to the provider of the tool.

The legal basis for the data processing is Art. 6 para. 1 S. 1 lit. a GDPR. Consent can be revoked at any time under the data provided on this contact page. The revocation does not affect the lawfulness of the processing until the revocation.

Videos from YouTube

We embed videos from YouTube into our website.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

(Privacy policy: https://policies.google.com/privacy ).

An opt-out plugin can be accessed by visitors to the website here: https://tools.google.com/dlpage/gaoptout?hl=de.

The settings for the display of advertisements can be changed here: https://adssettings.google.com/authenticated.

The data processed includes usage data and communication data. The legal basis for data processing is Art. 6 para. 1 S. 1 lit. a GDPR. The consent can be revoked at any time using the data provided on this contact page.

The revocation does not affect the lawfulness of the processing until the revocation.

Social plug-ins from Facebook

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") integrates social plug-ins on our website.

The privacy policy of Facebook is available at https://www.facebook.com/about/privacy.

Facebook processes the IP address of the site visitor in order to display the content or to execute the functions. In addition, usage data as well as meta and communication data may be processed. The legal basis for data processing is Art. 6 para. 1 S. 1 lit. a GDPR.

Consent can be revoked at any time using the data provided on this contact page.

The revocation has no influence on the lawfulness of the processing until the revocation.

Social plug-ins from LinkedIn

Social plug-ins from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") are integrated on our website.

The privacy policy of LinkedIn is available at https://www.linkedin.com/legal/privacy-policy.

LinkedIn processes the IP address of the site visitor in order to display the content or to execute the functions.

In addition, usage data as well as meta and communication data may be processed. The legal basis for the data processing is Art. 6 para. 1 S. 1 lit. a GDPR.

Consent can be revoked at any time under this contact page. The revocation does not affect the lawfulness of the processing until the revocation.

Involve.me

For lead generation, we use the service involve. me of stereosense GmbH,

Margaretenstraße 29/7, 1040 Vienna.

The service manages the connection protocols, which are essentially logs of each request to each application.

These connection logs may include information such as the web request, the

Internet Protocol ("IP") address, browser type, referring/exit pages and URLs, number of clicks, domain names, destination pages, pages viewed and other such information.

It is our legitimate interest to carry out direct marketing measures, so that the

legal basis is Art. 6 para. 1 S. 1 lit. f GDPR.

Messagebird

For the communication with our customers and interested parties, we use the service Messagebird from MessageBird B.V., Trompenburgstraat 2C, (1079 TX) Amsterdam.

The service processes the content of the messages. It is our legitimate interest,

to contact customers and interested parties, so the legal basis is Art. 6 para. 1 S. 1

lit. f GDPR.

16. SOCIAL NETWORK

We are represented on social networks in order to present our company and our services there.

The operators of these networks regularly process the data of their users for advertising purposes. Among other things, they create profiles from the users' online behaviour, for example, to display advertising on the pages of the networks and elsewhere on the internet that corresponds to the interests of the users.

For this purpose, information about user behaviour is stored in cookies on the user's computer.

Furthermore, it cannot be ruled out that the operators combine this information with other data.

Information on how users can object to processing by the site operators, can be found in the data protection declarations of the respective operators, listed below.

It may also be that the operators or their servers are located in non-EU countries, so that they process data there. This may result in risks for users, e.g. because enforcement of their rights is made more difficult or government agencies gain access to the data.

If users of the networks contact us via our company profiles, we process the data provided to us in order to answer the enquiries.

This is our legitimate interest, so the legal basis is Art. 6 para. 1 S. 1 lit. f GDPR.

Facebook

We maintain a company profile on Facebook.

The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The privacy policy is available here: https://www.facebook.com/policy.php.

The option to object to data processing is available via the settings for advertisements: https://www.facebook.com/settings?tab=ads

Due to an agreement with Facebook, we are co-responsible for the processing of the data of visitors to our profile within the meaning of Art. 26 GDPR. Facebook explains exactly what data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data.

Data subjects can assert their rights both against us and against Facebook. However, Facebook has agreed to this, and we are obliged to pass on requests to Facebook. Data subjects will therefore receive a quicker response if they contact Facebook directly.

Instagram

We maintain a company profile on Instagram. The operator is Facebook Ireland

Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The privacy policy is available here: https://help.instagram.com/519522125107875.

Tiktok

We maintain a company profile on Tiktok. The operator is musical.ly Inc, 10351

Santa Monica Blvd #310, Los Angeles, CA 90025 USA.

The privacy policy is available here: https://www.tiktok.com/de/privacy-policy.

Pinterest

We maintain a company profile on Pinterest. The operator is Pinterest Inc, 635

High Street, Palo Alto, CA, 94301, United States.

The privacy policy is available here: https://about.pinterest.com/de/privacy-.

policy.

One way to object to data processing is via the settings for advertising: https://about.pinterest.com/de/privacy-policy.

YouTube

We maintain a company profile on YouTube. The operator is Google Ireland

Limited Gordon House, Barrow Street Dublin 4, Ireland.

The privacy policy is available here: https://policies.google.com/privacy?

hl=en.

Twitter

We maintain a company profile on Twitter. The operator is Twitter Inc, 1355

Market Street, Suite 900, San Francisco, CA 94103, USA.

You can find the privacy policy here: https://twitter.com/de/privacy. One possibility

to object to the data processing is via the settings for advertising:

https://twitter.com/personalization.

LinkedIn

We maintain a company profile on LinkedIn.

The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The privacy policy is available here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

You have the option of objecting to data processing via the settings for advertising:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Xing

We maintain a company profile on Xing. The operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg.

The privacy policy is available here:

https://privacy.xing.com/de/datenschutzerklaerung.

17. CHANGES TO THE PRIVACY POLICY

From time to time, we may change or amend this privacy policy to comply with new laws or regulations or to reflect future changes in our business practices.

Any changes to our policy will be posted on this page, so you should check back occasionally.

We may also post a notice on our website or send an email describing the changes.

18. CONTACT US

If you have any requests, questions or concerns about the use of your personal information and this privacy policy, please contact us at: de@bioniq.com  

The data controller for the purposes of data protection laws is LOEWI Agnes-.

Pockels-Bogen 1, 80992 Munich, Germany, e-mail: de@bioniq.com.