I. Introduction

We, Siloy B.V. and our affiliated companies (‘Siloy’ or ‘we’), appreciate your interest in our company, our services and products, and want you to feel secure when visiting our website and social media pages and communicating with us, including with regard to the protection of your (personal) data.

Compliance with statutory data protection regulations, in particular the General Data Protection Regulation (GDPR), is a matter of course for us. This privacy policy is intended to inform you, in accordance with the provisions of Articles 13, 14 and 21 of the GDPR, about the extent to which personal data is collected, the purposes for which we process it and your data protection rights and claims. Please note the following information.

As changes to legislation or our internal company processes may require adjustments to this privacy policy, we ask that you review this privacy policy regularly. We therefore reserve the right to change these guidelines at any time in compliance with data protection regulations.

The current version, dated February 2026, applies to your visit.

II. For everyone

The following data protection information applies across the board to all different categories of persons covered by this data protection policy.

II.1. General information

Siloy has taken numerous technical and organisational measures to ensure the most comprehensive protection possible for the (personal) data collected and processed via this website. However, even this cannot always guarantee absolute protection, as data transmission over the Internet can always be subject to security vulnerabilities. For this reason, you are free to contact us by other means, such as by telephone or letter.

To facilitate our business activities, we may share information that may contain personal data with any of our affiliated companies. If we disclose, transfer or otherwise grant access to data to other companies in our group, this is done in particular for administrative purposes as a legitimate interest and, beyond that, on a basis that complies with legal requirements.

We are happy to answer any questions, suggestions or comments you may have on the subject of data protection. Simply send an email to: privacy@siloy.com.

II.2. Definitions

Our privacy policy is intended to be simple and understandable for everyone. This privacy policy generally uses the official definitions in Article 4 of the GDPR, to which we refer here.

II.3. Data controller under the GDPR

Siloy Group B.V.,
Het Laar 26,
6733 BZ Wekerom,
The Netherlands
email: privacy@siloy.com

Registered with the Chamber of Commerce under: 93884540

Under current legislation, our company is not obliged to appoint a data protection officer. If you have any questions about data protection, you can contact the data controller directly.

II.4. Data security

The personal data of every individual who has a contractual, pre-contractual or other relationship with our company deserves special protection. We aim to maintain a high standard of data protection. That is why we are committed to the continuous development of our data protection and data security concepts. We are therefore committed to protecting your privacy and treating your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational security measures, which are regularly reviewed and adapted to technological progress.

This includes, among other things, the use of recognised encryption methods (SSL or TLS). 
However, we would like to point out that, due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data – e.g. when sent by email – may be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data they provide against misuse by means of encryption or other measures.

II.5. Right of data subjects

If your personal data is processed, you are considered a data subject under the GDPR. Every data subject has the following rights with regard to the controller in relation to the processing of their personal data:

• pursuant to Art. 15 GDPR, to request information about the personal data we process. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipient to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored, the existence of a right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with a supervisory authority, the source of your personal data, if it has not been collected from you, and the existence of automated decision-making, including profiling, pursuant to Art. 22 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• pursuant to Art. 16 GDPR, to request the immediate correction of inaccurate or incomplete personal data stored by us.
• pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
• pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the personal data, the processing is unlawful but you oppose its erasure and we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
• pursuant to Art. 19 GDPR, that you will be informed if you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller. The controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
• pursuant to Art. 20 GDPR on data portability: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller, where technically feasible.
• pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that we are violating national or European data protection law in the processing of your personal data. As a rule, you can contact the supervisory authority of the federal state in which we are based or, if applicable, that of your usual place of residence or workplace. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right of withdrawal

If data is processed on the basis of your consent, you are entitled under Article 7 of the GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal only applies to the future. Processing that took place before the withdrawal is not affected. In the event of revocation, we will delete the data concerned without delay, but please note that we may be required to retain certain data for a specific period of time in order to comply with legal requirements.

Right to object:

If we process your personal data on the basis of legitimate interest (Art. 6(1)(f) GDPR), you may object to this data processing at any time in accordance with Art. 21 GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to specify a particular situation.

If you wish to assert any of the above rights against us, please contact the controller, whose contact details are given at the beginning of this privacy policy. In case of doubt, we may request additional information to confirm your identity.

II.6. Automated individual decision-making, including profiling

As a responsible company, we refrain from decision-making based solely on automated processing – including profiling – in individual cases in accordance with Article 22 of the GDPR for all of the processes mentioned.

III. For website users

Website users include any person who accesses our Siloy website. In this section, we provide information about data processing when visiting and interacting with our websites.

III.1. Website operation and maintenance, Web hosting and content delivery networks (CDN)

a. Website operation and maintenance

The operation of our website is technically managed by our affiliated company Webs Inbound B.V., Oude stadsgracht 1, 5611 DD Eindhoven, Netherlands. The use of our subsidiary is based on our legitimate interest in a professional internet presence (Art. 6 para. 1 lit. f GDPR). Some of the personal data collected on our website can be viewed in the backend of the content management system used. Access to the data is regulated by a rights and role system and is based on the need-to-know principle. Our subsidiary can only view your data to the extent necessary to fulfil its service obligations. It processes data only in accordance with our instructions and on the basis of a data processing agreement.

b. Web hosting

The external service provider ‘HubSpot’ is used for the general provision of our website (hosting and content management system). The personal data collected on our website is stored on the host's servers in the United States. This may include IP addresses, contact enquiries and data, meta and communication data, website accesses and other data generated via a website.

The use of the host is in our interest of a secure, fast and efficient provision of our online presence by a professional provider (legal basis: legitimate interest pursuant to Art. 6 (1) (f) GDPR). Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data. Our subsidiary has concluded a data processing agreement with the provider.

Details on the external providers can be found in the section ‘Overview of sub-processors’.

c. Content Delivery Networks (CDN)

HubSpot uses its sub-processor ‘Cloudflare’ for the integrated content delivery network, protection against DDoS attacks, internet security and distributed DNS services. Cloudflare provides a globally distributed high-speed network that enables secure and fast processing of internet traffic. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. Cloudflare thus has full access to the data traffic between the web server and your browser and acts as a filter between our servers and potentially malicious data traffic from the internet. Cloudflare may also use cookies or other technologies to recognise internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6(1)(f) GDPR).

Details about this provider can be found in the section ‘Overview of sub-processors’.

III.2. Website visit

a. Nature and purpose of processing

When you visit our website for informational purposes, it is technically necessary that data is transmitted via your internet browser, which you use on your device, to the web server on which our website is hosted.

The website host automatically collects and stores the following transmitted data in so-called server log files:

• IP address from which the request is made
• Browser type / version / language / operating system
• Content of the request (specific page)
• Amount of data transferred and access status (file transferred, file not found, etc.)
• Date and time of the request
• If applicable, the website from which the request originates (referrer)

In this case, the IP address is attributed to personal data. The other information does not provide any clues about your identity.

The data is processed for the following purposes in particular:

• Ensuring a smooth connection to the website,
• Ensuring the smooth use of our website,
• Evaluating system security and stability.

We do not use your data to draw conclusions about your person. This data is not merged with other data sources.

b. Legal basis for processing

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the above-mentioned purposes. In addition, access to information already stored on the end user's terminal device or the storage of such information is absolutely necessary for the technically error-free provision of our digital service (website) and is carried out on the basis of the Dutch Telecommunications Act (Telecommunicatiewet, Tw), Article 11.7a(3)(2).

c. Data categories

• Server log files

d. Recipients

Processors for the general provision of our website:

• HubSpot
• Cloudflare

e. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For data used to provide the website, this is generally the case when the respective session has ended. According to Cloudflare, no personal data processed on behalf of HubSpot is collected.

III.3. Use of cookies

a. Nature and purpose of processing

Like many other websites, we also use so-called ‘cookies’. Cookies are small text files or other types of information storage that store information about our website and your use of it. These are automatically created by your browser when you use our website and stored locally on your device, but this does not mean that we immediately obtain knowledge of your identity. The use of cookies serves, for example, to make the use of our website more pleasant for you. Via the cookie banner on our website, you can view the management of cookies and manage your consent there.

In addition to cookies, we also use so-called ‘pixels’. Pixels are not cookies, but they can serve similar tracking purposes. A tracking pixel (also known as a ‘pixel tag’, ‘web beacon’ or ‘counting pixel’) is an invisible image (usually 1×1 pixel in size) that is loaded from the provider's server when a website or email is loaded. A pixel does not store any data in the browser itself, but collects data when the page is loaded and sends it directly to the operator's server (e.g. HubSpot, etc.).

We use a combination of cookies and pixels to track user behaviour more accurately, particularly for measuring success or tracking purposes.

Generally, we differentiate between technically necessary and non-necessary cookies:

Technically necessary cookies (‘first-party cookies’) are required for the operation of a website and are essential for navigating the site, using its functions and storing the user's decision when confirming the cookie banner. Depending on the purpose, temporary (session cookies) and permanent cookies are used. A randomly generated unique identification number, known as a session ID, is stored in a session cookie. A cookie also contains information about its origin and duration of storage. These cookies cannot store any other data. Depending on their purpose, permanent cookies store and manage, for example, the login to restricted areas of the website, user settings for language, the user's consent status for cookies on the current domain, or information for detecting malicious bots.

Non-essential cookies, on the other hand, are mostly preference cookies, statistics cookies and marketing & third-party cookies, which enable, for example, the number of visitors and traffic sources to be recorded and counted in order to measure and improve the performance of the website. In the case of a contact registration, e.g. by submitting a form, page visits can also be directly associated with a contact. These cookies are also required to enable the loading of third-party content and media. They also serve the purpose of finding out whether certain pages have problems or errors, which pages are most popular and how visitors navigate the website. These cookies are set from the moment you give your consent in the cookie banner.

An overview of all technically necessary and non-necessary cookies can be found under the tab “Customize” in our cookie banner, which you can access at any time by clicking on the icon with the black bracket in the lower left corner of our website.

b. Legal basis for processing

The use of technically necessary cookies (“first-party cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services within the meaning of Art. 6 (1) (f) GDPR or is absolutely necessary under the Dutch Telecommunications Act (Telecommunicatiewet, Tw), Article 11.7a(3)(2) in order, for example, to comply with the legal requirements for obtaining consent, in particular for setting cookies that are not absolutely necessary.

The use of non-essential cookies, such as preference cookies, statistics cookies, and marketing & third-party cookies, is subject to the consent of the website visitor in accordance with Art. 6 (1) (a) GDPR or is also considered consent within the meaning of the Dutch Telecommunications Act (Telecommunicatiewet, Tw), Article 11.7a(1) . You can view, revoke, or change your cookie settings for non-essential cookies at any time. To do so, click on the icon with the black bracket in the lower left corner of our website to access the cookie settings again.

The use of the consent management service “Cookiebot by Usercentrics” itself is necessary to fulfill a legal obligation (Art. 7 (1) GDPR) to which we are subject (Art. 6 (1) (c) GDPR).

c. Recipients

Necessary cookies are set by the external service providers “Cloudflare” and “Cookiebot by Usercentrics.” The providers of non-essential cookies (e.g., HubSpot) can be found in the cookie banner on our website.

d. Duration of storage

Session cookies are not permanently stored on your computer or device and are automatically deleted when you close the browser window or exit the browser after using our online services.

You can find the storage period for permanent cookies for each cookie set in the cookie banner on our website. They remain stored on your device until you delete them yourself or your web browser automatically deletes them.

As a user, you can set your web browser to generally prevent cookies from being stored on your device or to ask you each time whether you agree to cookies being set. Once cookies have been set, the user can delete them at any time in the browser's system settings. How this works is described in the help function of the respective web browser.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. However, a general deactivation of cookies can lead to functional restrictions on this website.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.

III.4. Consent management platform & consent management

a. Nature and purpose of processing

We use the consent management service “Cookiebot by Usercentrics” on our website. This service is used to provide our website visitors a comprehensive cookie notice. In addition, the consent of our website visitors to the setting of cookies and similar technologies in their browser is obtained and the consent status for cookies on the current domain is stored.

This data is logged on the provider's servers. As part of data processing, data is stored in the browser's session storage and local storage, and a pixel is used to store your consent status on your device, which is then read and checked again when you return to the page.

This enables us to check your consent status for all subsequent and future visits to our websites and to activate or deactivate cookies and other technologies when you visit the page again, in accordance with your decision.

b. Legal basis for processing

The use of the consent management service “Cookiebot by Usercentrics” itself is necessary to fulfill a legal obligation (Art. 5 (2) GDPR) to which we are subject (Art. 6 (1) (c) GDPR).

The legal basis for setting cookies can be found in the section “Use of cookies.”

c. Data categories

If you give or refuse consent via our consent banner, the service processes the following data with the help of cookies:

• Device information (e.g., web browser, operating system, browser language, device ID),
• Website and banner data (e.g., language, version, URL from which consent was sent),
• IP address and geographic location,
• date and time of consent,
• your consent ID for assigning and requesting your consent data,
• the consent status of the end user, which serves as proof of consent.

d. Recipients

External service provider for the consent management service. You can find more information about this service provider in the “Overview of sub-processors” section further down in this privacy policy.

e. Duration of storage

The key and consent status are stored in the browser for 12 months using the “CookieConsent” cookie. This ensures that your cookie preference is retained for subsequent page requests. The key can be used to verify and track your consent. Your personal data will be deleted after 12 months or immediately after termination of the contract between us and our consent management service.

III.5. Enquiries by email or post

a. Nature and purpose of processing

If you contact us as a prospective customer or customer by e-mail or post, your enquiry and the personal data contained therein will be processed by authorised persons for the purpose of processing your enquiry.

The transmission, i.e. the connection and transport of our emails, is TLS-encrypted. Please note, however, that encryption also depends on the configuration of your email programme and we therefore cannot guarantee complete data security during transport.

For information requiring a high level of confidentiality, we recommend that you send it by post.

b. Legal basis for processing

The legal basis for data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

c. Data categories

Automatic data processing includes the metadata of the message transmission (email address of the sender and recipient, email subject, date/time of email receipt and delivery, IP addresses of the servers involved in the communication, SMTP error code and text), content of emails and the classification of the email (clean, spam, virus, info email).

d. Recipients

External service provider for providing and securing our email traffic. Data will not be passed on to third parties.

e. Duration of storage

All data is stored in protected databases and exclusively on servers in Europe. We comply with legal requirements when storing your business correspondence in our systems.

III.6. Web forms for submitting data

a.Nature and purpose of processing

The following sections list all web forms used on our website to collect data. Unless otherwise stated, we use the form tool provided by HubSpot for all web forms on our website. When data is submitted via a HubSpot form, the system collects both the data entered in the fields and a range of automatically generated information. All fields contained in a form — such as name, email, company, phone number, etc. — are transferred directly to the customer relationship management system (CRM) of our subsidiary and stored in the corresponding contact record, or a new contact record is created.

If consent has been given via the cookie banner, we collect the user's IP address and derived geolocation information, the date and time of the form submission, and the number of form submissions each time a form is submitted. This data is used to: estimate the geographical location, provide context for the contact (e.g. regional segmentation), measure the interaction rate with a contact, or analyse form submissions (e.g. in the event of suspicious behaviour).

b.Legal basis for processing

The logging of the form submission is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. We process the additional information on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

III.7. Contact form

a. Nature and purpose of processing

The data you enter will be stored for the purpose of individual communication with you. We process your first name*, last name*, company name*, job title*, e-mail address*, phone number and your message. All information marked with an asterisk (*) is mandatory so that we can address you personally. This information is also used to classify your enquiry and respond to it. The provision of your personal data is voluntary. However, we can only process your enquiry if you provide us with the mandatory data mentioned above.

Further information on data processing when using our forms can be found in the section ‘Web forms for submitting data’.

b. Legal basis for processing

The data entered in the contact form is processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR). By providing the contact form, we want to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions. If you contact us to request a quote, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6(1)(b) GDPR). If you voluntarily provide additional, non-mandatory data, data processing will be based on your consent (Art. 6 (1) (a) GDPR).

c. Data categories

Contact data, communication data and content data.

d. Recipients

The recipients of the data are internal employees of our subsidiary according to the need-to-know principle. The provision of the form and the processing of your data in the customer relationship management system are handled via the software-as-a-service application ‘HubSpot’. You can find more information about this processor in the ‘Overview of sub-processors’ section further down in this privacy policy.

e. Duration of storage

We delete personal data when it is no longer necessary for the purpose for which it was collected or otherwise processed. We continuously review the necessity of this; we store enquiries from customers who have an active contractual relationship with us permanently, unless a request for deletion has been made. If a contractual relationship is established, we are subject to the statutory retention periods under the Dutch law and delete your data after these periods have expired.

f. Revocation of consent

You may revoke your consent to the storage of your personal data at any time with future effect. Please send us your revocation to the controller named above in this privacy policy.

III.8. External links

Where links to other websites are provided, we have no influence or control over the linked content and the data protection provisions applicable there. We recommend that you review the privacy policies on the linked websites. This will enable you to determine whether and to what extent personal data is collected, processed, used or made available to third parties.

III.9. Social media links

Our online presence within social networks (e.g. LinkedIn) is only integrated into our website in the form of a link to the corresponding services. After clicking on the integrated text/image link, you will be redirected to our respective online presence on the provider's pages. Only after the redirection will user information be transferred to the respective provider. For information on how your personal data is handled when you use our social media sites, please refer to the section ‘IV. For social media visitors’ in our privacy policy.

IV. For social media visitors

Social media visitors include individuals who visit or interact with our social media pages. In this section, we provide information about data processing when visiting our social media pages.

IV.1. Online presence on LinkedIn

a. Nature and purpose of processing

We appreciate your interest in our company profile on LinkedIn. When you visit our social media presence, data is collected immediately and we are therefore also involved in the data processing of the platform operator. Here, we are jointly responsible with the operator. In addition, your data is processed jointly in connection with so-called ‘Page Insights’.

The operator of the ‘LinkedIn’ platform is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA 94085, USA. We are the operator of our company profile on LinkedIn.

We have concluded an agreement with the operator of the platform in accordance with Art. 26 GDPR on joint responsibility for the processing of your personal data (Page Insights Joint Controller Addendum). This agreement specifies which data processing operations we or the platform operator are responsible for when you visit our company profile on the platform. You can view this agreement at the following link: https://legal.linkedin.com/pages-joint-controller-addendum.

When you visit our company profile, the platform operator uses cookies and similar technologies on your device to store or read data. In addition to the necessary cookies, functional, marketing or statistical cookies may also be set with your consent. Your personal data may therefore be collected even if you are not logged in or do not have an account on LinkedIn. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you both on and off LinkedIn. Alternatively, you can disable cookies in your browser settings. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both inside and outside LinkedIn. Alternatively, the data is also processed for market research purposes.

If you are logged into your LinkedIn account and visit our social media presence, LinkedIn may assign this visit and your interactions (clicks, comments and reactions) to your user account (including, for example, master data and demographic data). If you have an account on LinkedIn, interest-based advertising may be displayed on all devices on which you are or have been logged in.

One feature provided by LinkedIn that is based on personal data, among other things, is Page Insights. This provides us with summarised (aggregated) data about visitor interaction on or with our company profile and in connection with the content provided, but does not allow any conclusions to be drawn about individual persons.

Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by being able to place appropriate advertisements within or outside the platforms based on the target groups identified by the platform operator. Furthermore, we process your personal data for marketing purposes (e.g. increasing the reach and awareness of our company profile through the design of posts tailored to specific target groups, evaluating the success of marketing campaigns).

Please note that we have no influence on the data collection and further processing carried out by LinkedIn. For information on the purposes for which LinkedIn processes your personal data and the legal basis for this data processing, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

b. Legal basis for processing

In cases where visiting our company profile on LinkedIn requires access to information or the storage of information in order to ensure the technically error-free provision of services, this is done on the basis of the Dutch Telecommunications Act (Telecommunicatiewet, Tw), Article 11.7a(3)(2). If access to information or the storage of information serves other purposes (e.g., the needs-based design of our social media presence), this is done on the basis of the Dutch Telecommunications Act (Telecommunicatiewet, Tw), Article 11.7a(1) only with your consent in accordance with Art. 6 (1) (1) (a) GDPR. Consent can be revoked at any time for the future.

Any subsequent data processing by us, such as the use of Page Insights, is carried out on the basis of Art. 6 (1) (1) (f) GDPR on the basis of our legitimate interest in using aggregated information about interactions with our company profile for advertising purposes. The analysis processes initiated by LinkedIn may be based on different legal grounds, which are to be specified by LinkedIn (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

c. Data categories

For details on what specific data is collected and how it is used, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

d. Recipients

• Internal marketing department
• LinkedIn

e. Duration of storage

We cannot provide any information about the extent to which, where, and for how long LinkedIn stores data. Furthermore, we cannot make any statements about the extent to which LinkedIn complies with existing deletion obligations, what evaluations and links LinkedIn makes with the data, and to whom LinkedIn passes on the data. Please refer to LinkedIn's terms of use and privacy policy for more information.

f. Third-country transfer

When you visit our company profile on LinkedIn, your data may be processed in third countries, in particular the USA. LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework (adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR; https://www.dataprivacyframework.gov/list; Active Participants) and undertakes to comply with appropriate data protection standards. In the case of a transfer to a third country without an adequacy decision, there is a risk that authorities may access your data. To ensure an adequate level of data protection, LinkedIn Corp. uses the EU's standard contractual clauses and takes additional security measures where necessary. These are regularly reviewed by the platform operator and adjusted if necessary.

g. Exercising your rights in the event of joint responsibility

If you are visiting our company profile and wish to exercise your rights as a data subject (see details under “Rights of data subjects” in this privacy policy), you can contact both LinkedIn and us. You can use the LinkedIn settings to restrict the visibility of your LinkedIn account (also) to us.

To contact LinkedIn's data protection officer, you can use the contact form at https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

V. Overview of processors

If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if the transfer of data to third parties is necessary for the fulfilment of a contract), users have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we disclose data to other companies in our group, transfer it to them or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, beyond that, on a basis that complies with legal requirements.

Below you will find the organisations, companies and individuals that we, as the operator of this website, authorise to process data.

V.1. HubSpot

HubSpot, Inc. is a software company based in the United States (HubSpot, Inc. Two Canal Park, USA, Cambridge, MA 02141, USA; https://legal.hubspot.com/de/impressum). Our contractual partner is the branch office HubSpot Ireland Ltd, 1 Sir John Rogerson's Quay Dublin 2 Ireland.

We use the platform to manage business and contact data (e.g. prospects, applicants, customers, suppliers) and, if necessary, to create, enrich and evaluate profiles. In a marketing context, we use the application to create our website, our email marketing campaigns and lead management components. We also analyse and evaluate interactions with our digital marketing assets.

This software provider acts on our behalf and may therefore also view (receive) your data to the extent necessary. A data processing agreement has been concluded with HubSpot (https://legal.hubspot.com/dpa). We have no influence on further data processing by the third-party provider.

Hosting takes place in a data centre in the United States. When HubSpot transfers personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, additional safeguards are required to ensure the level of data protection provided by the GDPR.

For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

For more information about HubSpot's privacy policy, please visit: https://legal.hubspot.com/de/privacy-policy.

An overview of HubSpot's policies, technologies and certifications can be found in the Trust Centre at: https://trust.hubspot.com/

An overview of the subcontractors used by HubSpot can be found at: https://legal.hubspot.com/sub-processors-page

V.2. Cloudflare

Cloudflare (Cloudflare Inc.) is one of the largest networks on the internet, ensuring the security and performance of web applications. Cloudflare provides a content delivery network, internet security services and distributed DNS services, and acts as a subcontractor to HubSpot in the context of our website.

Due to the way Cloudflare's features are integrated into our website infrastructure, the service filters all traffic passing through our website, i.e. communications passing through our website and the user's browser, while also enabling the collection of analytical data contained on our website. Cloudflare uses functional cookies that cannot be deselected when visiting our website.

Cloudflare, Inc. is a software company based in the United States (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA); https://www.cloudflare.com/trust-hub/.

According to information in HubSpot's list of subcontractors, subcontracting for a European data centre location takes place in the data centre closest to the data centre location (https://legal.hubspot.com/sub-processors-page). When HubSpot transfers personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, additional safeguards are required to ensure the level of data protection provided by the GDPR.

For the US, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-US Data Privacy Framework. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46(2)(c) GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

For more information about Cloudflare's privacy policy, please visit: https://www.cloudflare.com/privacypolicy/
For an overview of Cloudflare's policies, technologies, and certifications, please visit the Trust Hub at: https://www.cloudflare.com/de-de/trust-hub/

V.3. Cookiebot by Usercentrics

We use the cookie consent banner ‘Cookiebot’ from Usercentrics (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark) on our website to organise consent management for cookies.

With the cookie consent banner, Usercentrics offers a service that ensures that we can comply with the legal requirements for obtaining consent, in particular for setting cookies that are not absolutely necessary within the meaning of the Dutch Telecommunications Act (Telecommunicatiewet, Tw), Article 11.7a(1). It requests the consent of website visitors for the processing of personal data and collects, stores and manages this consent. It also informs website visitors about the cookies and services used on our website.

Usercentrics uses functional cookies that cannot be deselected when visiting our website. In this context, your browser may transmit personal data to Usercentrics. According to Usercentrics' own statements, all data is stored in protected databases and exclusively on servers in Europe. Further information on the handling of the transferred data can be found in Usercentrics' privacy policy: https://www.cookiebot.com/de/privacy-policy/

Our subsidiary has signed a data processing agreement with the service provider, in which we oblige them to protect our customers' data and not to pass it on to third parties: https://www.cookiebot.com/de/wp-content/uploads/sites/2/2025/01/DPA_EN_Template_UC-A_S_Without-signature-Aug-2024_V9.0.pdf