Privacy Policy.

Privacy Policy Manycreators

Manycreators GmbH (hereinafter: “Manycreators”) is a company that places persons who provide services as performers of videos in the social media area (so-called creators). With the following privacy policy, we provide you with an overview of our procedures regarding the collection, storage, use, disclosure or deletion (hereinafter collectively “processing”) of information of any kind about you (collectively “personal data”) in the context of the use of this website.

A. Person responsible for data processingupwards

I. Name and contact details of the controllerupwards

Manycreators GmbH
Münchener Straße 101 h
85737 Ismaning
Germany
Email: hello@manycreators.com
Phone: +49 89 960 60 8888

II. Contact details for data protection issuesupwards

Manycreators GmbH
-Data protection –
Münchener Straße 101 h
85737 Ismaning, Germany
Email: datenschutz@hse.de

B. Information on the processing of personal dataupwards

I. Use of the websiteupwards

1. Server log dataupwards

When using the website, certain information is sent to the server of our website by the browser used on your end
device for technical reasons. This data is stored and processed on our server.

(i) We process the data mentioned below for the purpose of providing the website content you have accessed, ensuring
the security of the IT infrastructure used, troubleshooting and managing cookies.

(ii) The data processed are:

▪ HTTP data
HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer
Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system
used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also
accrue on servers of service providers (e.g. when retrieving third-party content).
Cookie setting data
This includes the data you provide to manage the cookie settings for this website and data assigned to your terminal
device when using the cookie settings management function: This includes your consents, your objections (opt-out)
and, if applicable, your individual selection for the use of cookies on your terminal device.

▪ Error data
These are error messages from the server and individual applications that are saved.

(iii) The legal basis for the processing is our legitimate interest under Article 6(1)(f) of the GDPR. Our
legitimate interest is the provision of the content accessed by the user and the management of the cookie settings
made by the user and also to ensure the security of the IT infrastructure used for the provision of the website, in
particular for the detection, elimination and evidential documentation of faults (e.g. DDoS attacks).

(iv) The data is actively provided by the user himself or automatically by the user’s browser.

(v) For hosting and ensuring the security of the website, we use TransIP B.V., Vondellaan 47, 2332 AA in Leiden
(nl), as our processor. (vi) Data will be stored in server log files in a form that allows identification of the
data subjects for a maximum period of 14 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the
event of a security-relevant event, server log files are stored until the security-relevant event has been
eliminated and fully clarified. Search data is automatically deleted after 24 hours at the latest. Cookie management
data is deleted after 6 months.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication
via the website without disclosing data is technically not possible.

(viii) No automated decision making takes place.

2. Application procedure / contact form creator / active campaign /upwards

(i) We use a contact form on our websites so that you can apply to become a Creator. We ask for various information
to see if you roughly match our target criteria. We use the Active Campaign software to manage the data entered. On
the one hand, this enables us to send you service emails depending on the status of the application process (e.g.
invitation to the video call, contacting you, information on concluding a contract, information on influencer
marketing deals or how to proceed with content creation) and on the other hand, the software offers functionalities
of a CRM system so that we can manage your master data and the other information you provide.

(ii) The scope of the data processed depends on the data provided in the contact form and subsequent application
procedures. As a rule, these are:
-Master data (name, place of residence, e-mail address)
– Reach and social media data (TikTok username, number of followers, publicly available social media profiles,
previous experience and contractual relationship with TikTok).
– Other data (desired contract type [exclusive or non-exclusive, remuneration idea, desired sales category, target
channel for presentations, availability, information on creator friends, own brands)

(iii) The legal basis for the processing of data in the context of the application process is Article 6(1)(b) GDPR.
The management of data in Active Campaign is based on Article 6(1)(f) GDPR and serves our legitimate interest in
effective data management or effective control of our service messages.

(iv) The data is actively provided by the user.

(v) The recipient of the personal data is Active Campaign LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602
as our processor.
In the case of recipients, data may be transferred to third countries outside the EU. The data transfer is based on
standard data protection clauses. You have the right to receive a copy of these guarantees. If you wish to receive a
copy of the guarantees, please contact the contact address mentioned under A. 2.

(vi) The personal data will only be kept for as long as it is necessary for the respective processing purposes. If
an applicant has been rejected, we store the data for a period of 6 months to enable a legal defence with regard to
claims under the AGG. Any further storage of the data of rejected applicants will only take place if you have given
your consent in accordance with Art. 6 Paragraph 1 Letter a GDPR.

(vii) The information is required in order to classify your qualifications and to be able to make assessments under
employment law. The information is therefore also required for a subsequent conclusion of a contract.

(viii) No automated decision making takes place.

3. Data transfer to third countries outside the EU (e.g. USA)upwards

(i) We transfer your data to third countries outside the EU (e.g. USA) within the scope of certain analysis tools,
as described in this data protection declaration. You will find a note in each case with the corresponding
explanation of an analysis tool.

(ii) The data transfer takes place on the basis of your express consent pursuant to Art. 6 (1) a, 49 (1) p. 1 a
GDPR, unless other legal bases are named in the descriptions of the individual tools.

(iii) There is no data protection adequacy decision on the part of the European Commission for the USA and a large
number of other countries outside the EU. In addition, there are no appropriate safeguards for these countries
according to the requirements of the GDPR. Legal enforcement may not be promising. There is a risk for you that
state authorities access personal data without us and/or you knowing about it. This may already happen during the
transfer as such.

(iv) You can revoke your consent at any time with effect for the future. To do so, please use the opt-out link of
the respective tool or deactivate the sliders in the cookie dashboard.

4. Trengo chat toolupwards

(i) On our website we use the software of Trengo B.V. Burgemeester Reigerstraat 89, 3581 KP Utrecht (hereinafter:
“Trengo”). You can use it to contact us via our chat function, the contact form in the chat window or Whatsapp.

(ii) The scope of the data processed depends on the data provided in the Chat contact form. As a rule, these are:
– HTTP data
HTTP data is protocol data that is technically generated when the website is accessed via the Hypertext Transfer
Protocol (Secure) (HTTP(S)): This includes IP address (used for geolocation), type and version of your internet
browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of
access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content).
– device-related information
MAC address or browser fingerprint
-Master data (name, email address)
– Other data (message content, attached files)

(iii) The legal basis for the processing is Art. 6 para. 1 letter f GDPR. The processing serves our legitimate
interest in effectively managing the messages we receive and facilitating contact with our website visitors.

(iv) The data is actively provided by the user.

(v) The recipient of the personal data is Trengo B.V. Burgemeester Reigerstraat 89, 3581 KP Utrecht as our
processor.
Trengo uses subcontractors in third countries outside the EU. The data transfer is based on the standard data
protection clauses. You have the right to receive a copy of these guarantees. If you wish to receive a copy of the
guarantees, please contact the address mentioned under A. 2.

(vi) Personal data shall be kept only for as long as necessary for the purposes of the processing in question.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There
is no obligation on the data subject to provide the data.

(viii) No automated decision making takes place.

5. Invoice Makerupwards

(i) We provide our Creators with a service on our website to create invoices for the services provided by you, the
so-called Invoice Maker. In particular, we want to facilitate cooperation.

(ii) The following data are processed in the process:
-Master data (name, company name if applicable, address, telephone number, e-mail address)
– Financial data (VAT ID, amount of taxes, services rendered, invoice date, currency, invoice amount, invoice
number)

(iii) The legal basis for the processing is Art. 6 para. 1 letter f GDPR. The processing serves our legitimate
interest in providing the Creator with an additional service for invoicing.

(iv) The data is actively provided by the user.

(v) No personal data is transferred to third parties. However, we use service providers by way of order processing
in the provision of services, in particular for the provision, maintenance and care of IT systems.

(vi) We do not store the invoices generated by the tool.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There
is no obligation on the data subject to provide the data. If the data is not provided, we will not be able to
invoice the Creator.

(viii) No automated decision making takes place.

II. Cooperation with contractorsupwards

(i) In the course of the cooperation between Manycreators and the contractors, it is necessary for Manycreators to
process personal data of the contractors or their designated employees.

(ii) The data processed are:

• Contact person data (such as name, telephone number, email address) in order to efficiently arrange contact for
queries within the scope of the business relationship.

• Contractor data (insofar as they allow conclusions to be drawn about a natural person, these are considered
personal data), including name, address, telephone number, fax, e-mail address, turnover tax ID, turnover data, bank
details

(iii) Contact person data is processed on the basis of Art. 6(1)(f) GDPR for the purpose of facilitating contact in
the context of the cooperation. Contractor data is processed for the performance of the contract with Manycreators
pursuant to Art. 6(1)(b) GDPR.

(iv) The data is provided to Manycreators by the Contractor.

(v) Recipient of personal data is Active Campaign LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602 as our
processor.
Personal data will be transferred to third countries outside the EU. The data transfer will be based on standard
data protection clauses. You have the right to receive a copy of these safeguards. If you wish to receive a copy of
the guarantees, please contact us at the address mentioned under A. 2. For more privacy information about Active
Campaign, please see B. I. 2. and https://www.activecampaign.com/legal/privacy-policy.

(vi) The data will be deleted after expiry of the statutory retention periods pursuant to § 147 AO, § 257 HGB and
thus at the latest after 10 years after termination of the business relationship.

(vii) The provision of data is not required by law, but is necessary for the fulfilment of mutual contractual
obligations. In the event that the data is not provided, we will not be able to adequately fulfil the contract, in
particular payment obligations.

(viii) No automated decision making takes place.

III. Video Conferencing and Collaborationupwards

1. Zoomupwards

(i) We use the Zoom video conferencing tool of Zoom Video Communications Inc, 55 Almaden Blvd 6th Floor San Jose, CA
95113 United States (hereinafter: “Zoom”) in the course of our business communications.

(ii) The data processed depends on your use of the service:
– User Data (name, email address, password, phone number (optional), department (optional), profile picture
(optional).
– Meeting metadata (title, description (optional), device/hardware information, IP addresses of participants).
– If dialing in by phone (phone number, country, start and end time, IP address of the device if applicable).
– In case of recording, this is displayed during the conference: video data, audio data, data displayed in
presentations
– Video, audio, text data: Chat messages may be exchanged or survey functions used during a meeting. These are
stored with the date and the person who sent the message. Audio data from the microphone of your terminal device or
video data via the camera of your terminal device are processed during the meeting, unless muted or the camera is
switched off.
– For more information about Zoom’s processing of your personal data, please visit
https://explore.zoom.us/de/privacy/.

(iii) Your personal data will be processed on the basis of Art. 6(1)(f) DS-GVO for the purpose of facilitating
contact in the context of cooperation (including for the preparation of contract negotiations and for consultation
within existing contracts).

(iv) The data is provided to Manycreators by you actively or through your terminal device.

(v) The recipient of the Personal Data is Zoom Video Communications Inc, 55 Almaden Blvd 6th Floor San Jose, CA
95113 United States as our processor.
In this process, data is transferred to third countries outside the EU. The data transfer is based on standard data
protection clauses. You have the right to receive a copy of these guarantees. If you wish to receive a copy of the
guarantees, please contact us at the address mentioned under A. 2.

(vi) The data will be deleted when it is no longer required for our business purposes. If individual data is subject
to requirements under commercial or tax law, it will be deleted after 10 years at the latest in accordance with §
257 HGB, § 147 AO.

(vii) The provision of data is not required by law or contract.

(viii) No automated decision-making takes place.

2. Larkupwards

(i) We use the collaboration tool Lark of Lark Technologies Pte. Ltd., 8 Marina View Level 43 Asia Square Tower 1
Singapore 018960 (hereinafter: “Lark”) in the context of our business cooperation internally, as well as with
selected external business partners. The tool is used to conduct video conferences, manage appointments via a
calendar function, provides a chat function for internal communication and is used for file storage.

(ii) The data processed depends on your use of the service:
– User data (name, email address, password, phone number, profile picture (optional)).
– Messages, files, documents and other content exchanged by you in the course of using the Service
– Calendar entries that you create, edit, or are invited to join
– Voice messages, video conference data and audio data that are created while you issue voice commands. This data is
only collected when you activate the camera and microphone on your terminal device.
– Images that you exchange as part of the collaboration and data related to them, such as metadata
– Contact data from your address book, if it is shared.
– Meeting metadata (title, description, device/hardware information, IP addresses of participants).
– For more information about Lark’s processing of your personal data, please visit
https://www.larksuite.com/privacy-policy.

(iii) Your personal data is processed on the basis of Art. 6(1)(f) DS-GVO for the purpose of simplified and
effective collaboration internally, as well as with selected external partners, appointment and data management.

(iv) The data is provided to Manycreators by you actively or through your terminal device.

(v) The recipient of the Personal Data is Lark Technologies Pte. Ltd, 8 Marina View Level 43 Asia Square Tower 1
Singapore 018960 as our processor.
This involves the transfer of data to third countries outside the EU. The data transfer is based on standard data
protection clauses. You have the right to receive a copy of these safeguards. If you wish to receive a copy of the
guarantees, please contact us at the address mentioned under A. 2.

(vi) The data will be deleted when it is no longer required for our business purposes. If individual data is subject
to requirements under commercial or tax law, it will be deleted after 10 years at the latest in accordance with §
257 HGB, § 147 AO.

(vii) The provision of data is not required by law or contract.

(viii) No automated decision-making takes place.

IV. Cookiesupwards

We use cookies in connection with the website and the offers provided on the website. Cookies are small text files
with information that can be stored on the user’s end device when visiting a website via the browser. When the
website is called up again with the same end device, the information stored in cookies can be read out and
processed. In doing so, we use processing and storage functions of the browser of your end device and collect
information from the memory of the browser of your end device.
There are different ways of distinguishing between cookies:

▪ Firstly, the distinction between first and third party cookies, depending on where a cookie comes from:
First-party cookies are cookies that are set and accessed by the website operator as the controller or by a
processor acting on behalf of the website operator. Third-party cookies are cookies that are set and accessed by
controllers other than the website operator who are not acting as processors on behalf of the website operator.

▪ In addition, a distinction can be made between transient and persistent cookies, depending on the validity period:
Transient cookies (session cookies) are cookies that are automatically deleted when you close your browser.
Persistent cookies are cookies that remain stored on your terminal device for a certain period of time after you
close your browser.

▪ Furthermore, a distinction can be made between cookies that do not require consent and those that do:
Depending on their function and purpose, the user’s consent may be required for the use of certain cookies. In this
respect, cookies can be differentiated according to whether the user’s consent is required for their use.
Your consent is given by means of a so-called “cookie banner”:
When you access our website, we display a so-called “cookie banner”. In our cookie banner, you can declare your
consent to the use of all cookies requiring consent on this website by pressing the “Accept” button. Without such
consent, the cookies requiring consent will not be activated. You can also refuse the use of cookies requiring
consent completely by clicking on the “Refuse” button. This decision is stored in a cookie. Alternatively, you have
the option of accessing our “Cookie Dashboard” by clicking on the “Individual settings” button. In the cookie
dashboard, you can make an individual selection of cookies and customise them at a later date. We save your cookie
settings in the form of a cookie on your end device in order to determine whether you have already made cookie
settings when you call up the website again.
Cookies required for the function of the website cannot be disabled via the cookie management function of this
website. However, you can generally disable these cookies in your browser at any time. Different browsers offer
different ways to configure the cookie settings in the browser. You can find more detailed information on this at
http://www.allaboutcookies.org/ge/cookies-verwalten/, for example. However, we would like to point out that some
functions of the website may not work or no longer work properly if you generally deactivate cookies in your
browser.

1. Technically necessary cookiesupwards
a) Google Tag Manager 360upwards

We use the Google Tag Manager 360 (hereinafter: “Google Tag Manager”) on our website. The Google Tag Manager enables
us to manage cookies and control their playout. This enables us, for example, to implement your consent, a
revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process any
data stored in cookies.

(i) The purpose of the data processing is to control the playing of cookies on our website and to ensure the
security of the application.

(ii) The data processed are:

▪ HTTP data
HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer
Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your internet browser, operating system
used, the page accessed, the previously visited page (referrer URL), date and time of access.

(iii) The legal basis for the processing is our legitimate interest under Article 6(1)(f) GDPR in the simple and
reliable control of cookies.

(iv) The data is automatically provided by the user’s browser.

(v) The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04
E5W5, Ireland as our processor. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your
consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a GDPR. Corresponding information on the risks of such
data transfers and revocation options can be found under B. I. 3. We have integrated the Tag Manager on our website
in such a way that only a reference to an empty Tag Manager container is initiated without your consent. No personal
data is transmitted to Google in the process (only standard HTTP request logs, no IP address or other user-specific
data that would allow you to be identified). The reading of the container and thus an exchange of personal data with
Google only takes place once you have given your consent.

(vi) Server log data will be deleted when it is no longer necessary for the purposes of the processing.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication
via the website without disclosing data is technically not possible.

(viii) No automated decision making takes place.

b) Usercentrics Consent Managerupwards

We use Usercentrics Consent Manager to manage your consents, possible revocations of consents and objections to the
use of cookies.

(i) The purpose of the data processing is to manage user decisions on cookies (consent, revocation, opt-out), as
well as to ensure the security of the application.

(ii) The data processed are:

▪ HTTP data
HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer
Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system
used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Consent cookies
Decision of the user on individual cookies or groups of cookies. Time of decision and last visit.

(iii) The legal basis for the processing is our legitimate interest under Article 6(1)(f) GDPR in the simple and
reliable control of cookies.

(iv) The data is actively provided by the user (cookie decision) or automatically by the user’s browser (log data,
timestamp).

(v) The recipient of the data is Usercentrics GmbH, Rosental 4, 80331 Munich, as our order processor.

(vi) The withdrawal of consent previously given will be kept for three years (accountability). The administrative
cookie is deleted 6 months after the last visit. Server log data is anonymised before storage.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication
via the website without disclosing data is technically not possible.

(viii) No automated decision making takes place.

2. Statistics cookiesupwards
a) Google Analytics 360upwards

If you have given your consent, we use the web analysis tool Google Analytics 360 (hereinafter: “Google Analytics”)
on our website. With the help of Google Analytics, we can examine the user behaviour of visitors to our website in
pseudonymised and anonymised form.
You can deactivate data processing by Google Analytics at any time in our “Cookie Dashboard”. Alternatively, you can
install a browser plug-in from Google that prevents data collection by Google Analytics:
http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can prohibit the storage of cookies in the
settings of your browser.

(i) The purpose of the data processing is to increase the efficiency of our use of resources for our web offer and
our advertising measures, the design of the platform by (usage-based) optimisation of our web offer by measuring the
use of our web offer and (usage-based) optimisation of our advertising measures by measuring the success of the
advertising media we use in our web offer (advertising media success control). We cannot draw any conclusions about
the behaviour of a specific person.

(ii) The data processed are:

▪ Google Analytics HTTP data
This is log data that is technically generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when using the
Google Analytics web analysis tool used on the website: This includes IP address, type and version of your internet
browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of
access.

▪ Google Analytics end device data
Data generated by the web analysis tool Google Analytics and assigned to your terminal device: This includes a
unique ID for (re-)recognising returning visitors (so-called “client ID”) as well as certain technical parameters
for controlling data collection for web analysis.

▪ Google Analytics measurement data
Device-related raw data (so-called “dimensions” and “measured values”) that are collected and analysed by the Google
Analytics web analysis tool when using our website: This includes, above all, information about the sources through
which visitors reach our website, information about the location, the browser and the end device used, information
about the use of the website (in particular page impressions, frequency of calls and length of stay on called pages)
as well as information about the fulfilment of certain goals. The data is assigned to the client ID assigned to your
end device. As a result, device-related usage profiles are created in which all device-related raw data are combined
into one client ID. The data that we collect using Google Analytics does not enable us to identify you personally
(i.e. by your civil name). We also do not combine the device-related raw data and the resulting device-related usage
profiles with data that directly identifies you personally without your consent.

▪ Google Analytics report data
Data contained in aggregated segment and device-related reports generated by the Google Analytics web analytics tool
based on the analysis of raw device-related data.
In Google Analytics, four reporting categories are available to us: Audience (location, browser, devices used and
other device-related data), Acquisition (sources through which visitors arrive at the website), Behaviour
(information on the call-up of content of the website, in particular pages called up on the website), Conversions
(information on pre-configured goals).

(iii) The legal basis for the processing is Article 6(1)(a) of the GDPR (consent).

(iv) The data is automatically provided by the user’s browser.

(v) Recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5,
Ireland) and analysis and support service providers based in the EU as part of the order processing. Google Ireland
Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.
The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 Para. 1
Letter a, 49 Para. 1 Sentence 1 Letter a GDPR. Corresponding information on the risks of such data transfers and
revocation options can be found under B. I. 3.

(vi) On this website, so-called IP anonymisation is activated for the use of the web analysis tool Google Analytics.
This means that the IP address transmitted by the browser for technical reasons is anonymised by shortening
(deletion of the last octet of the IPv4 address or the last 80 bits of the IPv6 address) before storage. We store
the remaining log data for a period of 26 months.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There
is no obligation on the part of the data subject to provide the data. In the event that the data is not provided, we
will not be able to perform web analysis using Google Analytics.

(viii) No automated decision making takes place.

3. Marketing cookiesupwards
a) Vimeoupwards

(i) Insofar as you have consented to this, we use the services of Vimeo.com, Inc. 555 West 18th Street, New York
10011 (hereinafter: “Vimeo”). This enables us to show you videos of our creators. In addition, Vimeo processes data
under its own responsibility by means of cookies and other technologies in order to be able to track your web
activities and to improve or better tailor its own services or advertising activities to you. If you are logged into
your own Vimeo account at the time of viewing the video, your activity may be linked to your Vimeo account. You can
find out more about the exact scope of data processing by Vimeo at the following URL: https://vimeo.com/privacy.
You can deactivate data processing by Vimeo at any time in our “Cookie Dashboard”. Alternatively, you can prohibit
the storage of cookies in the settings of your browser. In this case, you will no longer be able to see the videos
on our website.

(ii) When using the service, the following data are processed:
– HTTP data
HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer
Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system
used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also
accrue on servers of service providers (e.g. when retrieving third-party content).
The IP address is already transmitted when the video is called up.
– web activity
Vimeo processes further information about your web activity, e.g. from which page you access the video, the duration
of the session or the bounce rate.
– logged-in users
If you are logged in to Vimeo at the same time as viewing the video, Vimeo may collect further data, e.g. whether
you have liked, shared or added the video to your watchlist and via which channel you have shared the video.

(iii) The legal basis for the processing is your consent pursuant to Art. 6(1)(a) GDPR.

(iv) The data is automatically provided by your browser.

(v) The recipient of the personal data is Vimeo.com, Inc. , 555 West 18th Street, New York 10011 as the independent
data controller.
Personal data is transferred to countries outside the EU (e.g. USA). The data will only be transferred if you have
given us your consent in accordance with Art. 6 Para. 1 Letter a, 49 Para. 1 Sentence 1 Letter a GDPR. Corresponding
information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) The cookies set by Vimeo have a maximum duration of 2 years.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There
is no obligation on the data subject to provide the data. However, if you do not consent, the video cannot be
displayed.

(viii) No automated decision making takes place.

b) Youtubeupwards

(i) If you have consented to this, we use the services of Youtube LLC, 901 Cherry Ave, San Bruno CA 94066, USA
(hereinafter: “Youtube”) on our website. This allows us to show you videos of our creators. In addition, Youtube
processes data under its own responsibility by means of cookies and other technologies in order to be able to track
your web activities and to improve its own services or advertising activities or tailor them better to you. If you
are logged into your own Google account at the time of viewing the video, your activity may be linked to your Google
account. You can find out more about the exact scope of data processing by Youtube at the following URL: https://policies.google.com/privacy?hl=de&gl=de.
You can deactivate data processing by Youtube at any time in our “Cookie Dashboard”. Alternatively, you can prohibit
the storage of cookies in the settings of your browser. In this case, you will no longer be able to see the videos
on our website.

(ii) When using the service, the following data are processed:

– HTTP data
HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer
Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system
used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also
accrue on servers of service providers (e.g. when retrieving third-party content).
The IP address is already transmitted when the video is called up.

– web activity
Youtube processes further information about your web activity, e.g. from which page you access the video, the
duration of the session or the bounce rate.

– logged-in users
If you are logged in to your Google account at the same time as viewing the video, Youtube may collect further data,
e.g. whether you have liked or shared the video or via which channel you have shared the video.

(iii) The legal basis for the processing is your consent pursuant to Art. 6(1)(a) GDPR.

(iv) The data is automatically provided by your browser.

(v) The recipient of the personal data is Youtube LLC, 901 Cherry Ave, San Bruno CA 94066, USA as the independent
data protection controller.
Personal data is transferred to countries outside the EU (e.g. USA). The data will only be transferred if you have
given us your consent in accordance with Art. 6 Para. 1 Letter a, 49 Para. 1 Sentence 1 Letter a GDPR. Corresponding
information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) The data will be deleted by Youtube as soon as it is no longer necessary for the original purpose of
collection.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There
is no obligation on the data subject to provide the data. However, if you do not consent, the video cannot be
displayed.

(viii) No automated decision making takes place.

4. Cookie dashboardupwards

We offer you the possibility on our website to determine the scope of data processing yourself. You can fully
consent or fully reject the data processing by cookies and other technologies by clicking on the respective word in
the consent banner. However, you can also make individual settings. To do so, click on the fingerprint sign and
select the desired settings by operating the respective slider.

C. Information on the rights of data subjectsupwards

As a data subject, you have the following rights in relation to the processing of your personal data:
▪ Right of access (Article 15 of the GDPR)
▪ Right to rectification (Article 16 GDPR)
▪ Right to erasure (“right to be forgotten”) (Article 17 GDPR)
▪ Right to restriction of processing (Article 18 GDPR)
▪ Right to data portability (Article 20 GDPR)
▪ Right to object (Article 21 GDPR)
▪ Right to withdraw consent (Article 7(3) of the GDPR)
▪ Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

To exercise your rights, you can contact us at the addresses mentioned in section A.
contact information to us. The full extent of your rights can be found in the
text of the General Data Protection Regulation, which you can find at the following link
at http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

For information on any specific modalities and mechanisms to facilitate the exercise of your rights, in particular
to exercise your rights to data portability and to object, please refer to the information on the processing of
personal data in section B of this privacy notice, where applicable.
Below you will find more detailed information about your rights in relation to the processing of your personal data.

I. Right of accessupwards

As a data subject, you have a right of access under the conditions of Article 15 of the GDPR.
This means in particular that you have the right to ask us to confirm whether we are processing personal data
relating to you. If this is the case, you also have a right of access to this personal data and to the information
listed in Article 15(1) of the GDPR. This includes, for example, information about the purposes of the processing,
the categories of personal data processed and the recipients or categories of recipients to whom the personal data
have been or will be disclosed (Article 15(1)(a), (b) and (c) of the GDPR).

II Right to rectificationupwards

As a data subject, you have a right of rectification under the conditions of Article 16 of the GDPR.
This means, in particular, that you have the right to request us to correct any inaccurate personal data relating to
you and to complete any incomplete personal data without delay.

III. Right to erasure (“right to be forgotten”)upwards

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions of Article 17 of the
GDPR.
This means that you generally have the right to request that we delete personal data relating to you without undue
delay and we are obliged to delete personal data without undue delay if one of the reasons listed in Article 17(1)
of the GDPR applies. This may be the case, for example, if personal data are no longer necessary for the purposes
for which they were collected or otherwise processed (Article 17(1)(a) GDPR).
Where we have made the personal data public and we are obliged to erase it, we are also obliged to take reasonable
steps, including technical measures, having regard to the available technology and the cost of implementation, to
inform other data controllers which process the personal data that a data subject has requested that they erase all
links to, or copies or replications of, that personal data (Article 17(2) of the GDPR).
The right to erasure (“right to be forgotten”) does exceptionally not apply insofar as the processing is necessary
for the reasons listed in Article 17(3) of the GDPR. This may be the case, for example, where processing is
necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims
(Article 17(3)(a) and (e) of the GDPR).

IV. Right to restriction of processingupwards

As a data subject, you have a right to restrict processing under the conditions of Article 18 of the General Data
Protection Regulation.
This means that you have the right to demand that we restrict processing if one of the conditions listed in Article
18(1) of the GDPR applies. This may be the case, for example, if you dispute the accuracy of the personal data. In
this case, the restriction of processing is carried out for a period of time that allows us to verify the accuracy
of the personal data (Article 18(1)(a) of the GDPR).
Restriction means the marking of stored personal data with the aim of limiting their future processing (Article 4(3)
GDPR).

V. Right to data portabilityupwards

As a data subject, you have a right to data portability under the conditions of Article 20 GDPR.
This means that you generally have the right to receive the personal data concerning you that you have provided to
us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to
another controller without hindrance from us, provided that the processing is based on consent pursuant to Article
6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing
is carried out using automated procedures (Article 20(1) of the GDPR).
For information on whether processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR
or on a contract pursuant to Article 6(1)(b) of the GDPR, please refer to the information on the legal bases for
processing in Section B of this Privacy Information.
When exercising your right to data portability, you also have, in principle, the right to obtain that the personal
data be transferred directly from us to another controller, insofar as this is technically feasible (Article 20(2)
GDPR).

VI. Right to objectupwards

As a data subject, you have the right to object under the conditions of Article 21 of the GDPR.
We will expressly inform you as the data subject of your right to object at the latest at the time of the first
communication with you.
You will find more detailed information on this below:

1. The right to object on grounds relating to the specific situation of the data subject
As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to
the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the
GDPR; this also applies to profiling based on these provisions.
For information on whether processing is carried out on the basis of Article 6(1)(e) or (f) of the GDPR, please
refer to the information on the legal bases for processing in Section B of this privacy information.
In the event of an objection on grounds relating to your particular situation, we shall no longer process the
personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override
your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. Right to object to direct marketing
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the
processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar
as it is associated with such direct marketing.
For information on whether and to what extent personal data is processed to carry out direct marketing, please refer
to the information on the purposes of processing in section B of this privacy information.
In the event of an objection to processing for direct marketing purposes, we will no longer process the personal
data concerned for these purposes.

VII. Right to withdraw consentupwards

If the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, you as the data
subject have the right to withdraw your consent at any time pursuant to Article 7(3) of the GDPR. The revocation of
consent does not affect the lawfulness of the processing carried out on the basis of the consent until the
revocation. We will inform you of this before you give your consent.
For information on whether processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR,
please refer to the information on the legal bases for processing in Section B of this privacy information.

VIII. Right to lodge a complaint with a supervisory authorityupwards

As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions of
Article 77 of the GDPR.
The supervisory authority responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Deutschland
Telefon: +49 (0) 981 180093-0
Telefax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de

D. Information on the technical terms of the General Data Protection Regulation used in this data protection
informationupwards

The technical terms used in this data protection information have the meaning given in the GDPR.
The full scope of the definitions of the General Data Protection Regulation
can be found in Article 4 of the GDPR, which you can access via the following link
can: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

More detailed information on the most important technical terms of the General Data Protection Regulation used in
this data protection information is provided below:
[In the case of a multi-layered presentation of information (“Layered Information”), the following information could
be hidden on the first layer].
Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural
person;
Data subject” means the identified or identifiable natural person to whom personal data relate;
Processing” means any operation or set of operations which is performed upon personal data, whether or not by
automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction;

▪ “Profiling” means any automated processing of personal data which consists in using such personal data to evaluate
certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that
natural person’s performance at work, economic situation, health, personal preferences, interests, reliability,
behaviour, location or change of location;
Controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with
others determines the purposes and means of the processing of personal data; where the purposes and means of such
processing are determined by Union or Member State law, the controller or the specific criteria for its designation
may be provided for under Union or Member State law;
Processor” means a natural or legal person, public authority, agency or other body which processes personal data on
behalf of the controller;
Recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are
disclosed, whether or not a third party. However, public authorities that may receive personal data in the context
of a specific investigative task under Union or Member State law shall not be considered as recipients and the
processing of such data by those authorities shall be carried out in accordance with the applicable data protection
rules, in accordance with the purposes of the processing;

▪ “Third party” means any natural or legal person, public authority, agency or other body other than the data
subject, the controller, the processor and the persons authorised to process the personal data under the direct
responsibility of the controller or the processor;

▪ “International organisation” means an organisation governed by international law and its subsidiary bodies or any
other body established by or on the basis of an agreement concluded between two or more countries;

▪ “Third country” means a country that is not a member state of the European Union (“EU”) or the European Economic
Area (“EEA”);

▪ “Special categories of personal data” means data revealing racial or ethnic origin, political opinions, religious
or philosophical beliefs, or trade-union membership, as well as genetic data, biometric data uniquely identifying a
natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

E. Status and amendment of this data protection informationupwards

This data protection information has the status December 27th, 2021.
Due to technical developments, changes in the function of the website and/or due to changes in legal and/or
regulatory requirements, it may become necessary to adapt this data protection information.