This is the Privacy Statement of Adaptive Regelsysteme Gesellschaft m.b.H. Should you need a different language version, kindly contact us at below contact details.

1 Scope

This Privacy Statement provides information on the processing of personal data related to all customers, sales partners, other business partners and website visitors (“You”) of
Adaptive Regelsysteme Gesellschaft m.b.H. (“ADRESYS”, “we”).

Your privacy is important to ADRESYS. So is the active sharing of expert knowledge and ADRESYS news with You. We make such information available through our various communication channels such as:

• ADRESYS Website (www.adresys.com, angelreact.com)
• ADRESYS newsletters and individual e-mail-communication
• Social media platforms like Facebook, LinkedIn, Vimeo and Instagram

The processing of Personal Data in the course of Your use of ANGEL React Products is described in the ANGEL React Privacy Statement and not subject to this document.

For the purposes defined in this Privacy Statement, we process Your Personal Data in our role as Your reliable business partner.

This statement gives You full transparency on our use of Your Personal Data.

2 Data Controller and Contact Details

The processing of Your Personal Data is in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) in addition to any other applicable local data protection laws.

Data Controller is:

Adaptive Regelsysteme Gesellschaft m.b.H.
Oberndorferstraße 35/C
5020 Salzburg
Austria

In case of questions regarding data protection, you can reach out to us via office@adresys.com.

3 Processing of Personal Data

We understand the term “Personal Data” in the sense of the EU General Data Protection Regulation (GDPR), i.e. any information relating to an identified or by means of available neutral information identifiable natural person.

3.1 From where does ADRESYS receive Your personal data?

We collect Personal Data from You directly. This means You have either forwarded or otherwise made known this data to us, e.g. by using our website, subscribing to our newsletters, interacting with us on social media platforms, submitting a request, or otherwise communicating with us.

Besides, we might collect Personal Data in the course of financial or compliance checks to ensure contract fulfilment and compliance with applicable laws, including adhering to due diligence requirements. Doing so, we consult publicly available data sources on relevant information. For long-term business partners with enhanced risk profile, internal compliance standards could also require consulting the services of specialized due diligence research agencies, subject to your prior consent.

3.2 Why does ADRESYS process Your Personal Data?

We process Your Personal Data based on the following legal reasons:

a) Customer and business partner management (including maintenance of contact details, endorsement of active interaction and knowledge exchange, and communication);
b) Order handling and contract fulfilment (including contract initiation, execution, billing and after-sales services and obligations such as warranty services);
c) Compliance with legal obligations;
d) Enforcement of and defense against legal claims resulting out of or in connection with our business relation;
e) Controlling and Reporting;
f) Website operation and maintenance, including the evaluation of usability and improvement potential;
g) Marketing and advertising activities such as newsletters and other promotional activities (but only to the extent accepted by You).

3.3 Why is ADRESYS allowed to process Your Personal Data?

We are allowed to process Your Personal Data for the reasons stipulated in 3.2 based on the following legal justifications:

3.3.1 Data Processing necessary for the fulfilment of (pre-)contractual obligations

Data processing according to purposes 3.2.a) to 3.2.b)

The data you have provided are required for the performance of a contract or to take steps prior to entering into a contract. Without this data, we cannot conclude the contract with You, or are unable to fulfil it.

3.3.2 Data Processing necessary for compliance with our legal obligations

Data processing according to purpose 3.2.c)

Data processing according to this purpose is necessary for compliance with legal obligations such as documentation, disclosure, notification and export control obligations.

3.3.3 Data Processing necessary for the protection of legitimate interests

 Data processing according to purposes 3.2.d), 3.2.e) and 3.2.f)

The processing of Your Personal Data for these purposes is based on our legitimate interest to

• secure enforcement of and defense against any claims in relation to the acts and omissions of ADRESYS;
• compile our internal cost and performance calculation, controlling and internal reporting to assess past, current and future business activities;
• report about our events; and
• enhance and secure our website in order to render our web appearance for You as attractive as possible.

3.3.4.   Data Processing according to Your consent

Data Processing according to Purpose 3.1.2 g)
Additional data and data processing not necessary for purposes 3.3.1 – 3.3.3

If you provide us with Personal Data not required for the aforementioned purposes, we process such data only according to your provided consent.

We only perform general marketing and advertising activities according to Your consent.

You can withdraw provided consent at any time. Withdrawal will result in Your data no longer being processed for the defined purposes from that time on. To withdraw Your consent, please contact us via the contact details mentioned in Section 2 of this document.

3.4  To whom does ADRESYS forward Your Personal Data?

We may forward Your Personal Data if and to the extent necessary for the purposes stated in this document, thereby considering the need-to-know principle.

Your Personal Data may be forwarded to our Sales Partners or affiliated legal entities (a complete list is available here).

Besides, we may forward Your Personal Data to public authorities (including tax authorities, export and foreign trade agents) and competent courts, and to all legal and tax consultants of ADRESYS.

We use certain cloud-based services (e.g. Microsoft Azure, OneDrive for Business). In such situations the cloud service provider stores Your Personal Data as a lawful data processor. We ensure to have written agreements in place with all cloud service providers which contain at least the minimum requirements as per applicable data protection laws. Data transfers outside the European Union are only authorized in case appropriate or suitable safeguards comparable to European data protection laws are ensured.

We do not submit any Personal Data outside the European Union without Your prior written confirmation (which you can withdraw at any time) except – if required to fulfil a legitimate purpose according to Section 3 of this document – to affiliated companies of ADRESYS, Sales Partners or other service providers reasonably required to support the purposes listed in 3.2 above, all of which ensure appropriate or suitable safeguards which are comparable to European data protection rules.

Links to other websites

Content provided via various communication channels may include hyperlinks to other websites and other online-offerings. Access to such websites is in Your sole responsibility and exclusively according to the privacy policy of the provider. We have no active control over those linked websites and no influence on which data is collected by the provider. We therefore disclaim any responsibility for the contents contained therein or data processing. In case we become aware of any unlawful content on any linked websites, we will remove such hyperlinks without undue delay.

3.5 How long does ADRESYS store Your Personal Data?

We do not store Your Personal Data longer than reasonably necessary to fulfil the purposes indicated in this document or allowed by applicable law. In any case, we store Your Personal Data based on the statutory storage obligations and periods. We may store Your Personal Data longer than the minimum statutory retention periods if and as long as this is needed for the enforcement against and defense of specific legal claims.

3.6 Do I need to provide Personal Data?

You are not obliged to share your Personal Data with us. However, in the absence of certain Personal Data we might not be able to fulfil our contractual obligations, provide You with the requested services, or grant You access to digital services such as our website.

4 Cookies and other third-party website services, Social Media

For the purposes described in this Policy, we use the following Cookies and other third-party services.

a) Third-party services on our website

 We use the following third-party services on our website:

Vimeo. Our website includes videos that are stored on Vimeo and can be played directly on our website (Vimeo API Services). By using these services, the website user agrees to the Vimeo Terms of Service. Whenever subpages are visited which contain embedded Vimeo videos, Vimeo gets the information that you have visited the corresponding subpage of our website. Vimeo may use Your data for the purposes of advertising, market research and for the design of its own website offerings. Further information on data processing of Vimeo can be found in the Vimeo Privacy Policy. Website users can configure their browser to refuse the storage of cookies or prevent the collection of data generated by cookies and related to the use of the website as well as the processing of this data by Vimeo. More information can be found in the Vimeo Cookie Policy. ADRESYS integration of Vimeo videos and its associated data processing is based on ADRESYS’s legitimate interest of an attractive web appearance by adding video content.

Google Maps. Our website uses Google Maps to display ADRESYS’s locations on the map. Google Maps is the map service of Google Ireland Limited. To use Google Maps services Your browser must connect to a Google server. Google thereby gets forwarded the information that the IP address of Your device accessed the ADRESYS website. This data processing is based on ADRESYS’s legitimate interest to integrate a map service in the design of our website. Further information on Google’s data processing and possibilities to deactivate such processing can be found in the Google Privacy Policy and the Google Maps/Google Earth Additional Terms of Service.

b) Cookies

Whereas some Cookies are technically mandatory to facilitate Your access to our website, some Cookies help us to understand Your use of our website and thereby enable us to further improve and adapt both our website performance in general and our online offerings to Your needs and preferences, as part of our legitimate interest.

You can block the use of Cookies any time by adjusting the settings in Your internet browser. Please be aware that You may not be able to take full advantage of the functions and comfort of our website when cookies are disabled (e.g. some videos might not work).

With Your consent, cookies are analyzed with Matomo (an open-source software for statistical analysis of user requests). The information contained in the Cookie about Your use of the website (including Your IP address) is transmitted to and consequently stored at a Matomo server in Germany. Matomo anonymizes Your IP address immediately after processing and before storage.

To see the full list of cookies we use, visit our Cookie Declaration.
We inform you about the usage of Google Remarketing, a service used for online advertising purposes.

c) Online presence in social media

We maintain online presences on social networks in order to communicate with customers and interested parties and to provide information about ADRESYS products and services. User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on the interests of users. For this purpose, cookies and other identifiers are stored on the computers of the persons concerned. Based on these user profiles, advertisements are then placed within the social networks, but also on third-party websites.

In the course of operating our online presence, we may have access to information such as statistics on the use of our online presence provided by the social networks. These statistics are aggregated and may include demographic information (e.g., age, gender, region, country) as well as data on interactions with our online presence (e.g., likes, subscriptions, sharing, viewing images and videos) and the posts and content shared there. These may also provide information about the interests of users and which content and topics are particularly relevant to them. We may also use this information to tailor the design and our activities and content on the online presence and to optimize it for our audience.

The collection and use of these statistics is subject to joint responsibility in some cases. Further information can be found in the list below.

The legal basis for data processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 (1) lit. b GDPR, in order to stay in contact with our customers and inform them, as well as to carry out pre-contractual measures with interested parties.

If you have an account with the social network, we may be able to see your publicly available information and media when we visit your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or posted posts. The content of communication via the social network and the processing of content data is the responsibility of the social network as the messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are solely responsible for this and this is done for the purpose of implementing pre-contractual measures and fulfilling a contract in accordance with Art. 6 para. 1 lit. b GDPR.

We would like to point out that data protection requests can be made most efficiently to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. You can, of course, also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.

Below is a list of information about the social networks on which we maintain an online presence:

• Facebook (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
  • Operation of the Facebook fan page in joint responsibility based on an agreement on joint processing of personal data (so-called Page Insights supplement regarding the controller): https://www.facebook.com/legal/terms/page_controller_addendum
  • Information on the processed Page Insights data and contact details for data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
  • Privacy policy: https://www.facebook.com/privacy/policy/
  • Opt-out: https://www.facebook.com/settings?tab=ads.
• Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
  • Privacy policy: https://policies.google.com/privacy
  • Opt-out: https://www.google.com/settings/ads.
• Vimeo (com, Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA)
  • Privacy Policy: Privacy Policy on Vimeo
  • Opt- : To limit the use of cookies by Vimeo, see their Cookie Policy for options.
• Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
  • Privacy Policy: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
  • Opt-out: https://www.facebook.com/privacy/policies/cookies?subpage=subpage-4.3
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
  • Operation of the LinkedIn company page under joint responsibility based on an agreement on the joint processing of personal data (known as the Page Insights Joint Controller Addendum): https://legal.linkedin.com/pages-joint-controller-addendum
  • Information on the processed Page Insights data and contact details for data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
  • Privacy policy: https://www.linkedin.com/legal/privacy-policy
  • Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5 Data Security

We make all commercially reasonable efforts to protect collected data against loss and unauthorized access. To this end, we employ state of the art information security techniques and measures. Access to Your information is limited to those ADRESYS employees who have a legitimate business need to know the information. Our website and its supporting systems use SSL (secure socket layer), and access control procedures to appropriately protect information from unauthorized access.

6 Your Rights

You have the right to access, rectification, erasure, restriction, data portability and to object to the processing of Your Personal Data.

If we process Your Personal Data based on our own legitimate interests, You have a right to object to this processing of Personal Data on grounds relating to Your particular situation.

In case we process the data for direct advertising, You can at any time object to this processing
(i) with the “Unsusbcribe” button in the respective newsletter e-mail, or
(ii) by contacting us at the details provided in Section 2 of this document.

In case data processing takes place based on Your consent, You can revoke any consent provided for the future by contacting us at the contact details listed in Section 2 of this document.

Additionally, if You believe that the processing of Your data contravenes data protection law or Your legal claim to protection of Your Personal Data has been violated in some other way, You have the right to raise a complaint with the competent supervisory authority – for ADRESYS in Austria, the ”Österreichische Datenschutzbehörde” (Barichgasse 40-42, 1030 Vienna) is responsible.