We are delighted that you are interested in the services and content of Exolink GmbH. We inform interested parties about our services and current developments on our websites and our company pages on various social media platforms. Transparency and trustworthy handling of your personal data is an important basis for good cooperation. We would therefore like to inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation (GDPR). If you wish to use this offer from us, you agree to our privacy policy with regard to the processing of your personal data.

Exolink GmbH (hereinafter: Exolink) is embedded in the data protection organization of the parent company Adacor Hosting GmbH.

Adacor Hosting GmbH (hereinafter: Adacor) is a company audited in data security and risk management in accordance with IDW PS 951 and ISAE 3402.

Data protection and data security are essential components of our business operations. To this end, Adacor has implemented a data protection and data security organization consisting of the company data protection officer, the information security officer, the IT compliance officer, an information security team, comprehensive security concepts, internal and external audits and security reviews.

To ensure that its services are always up to date and in line with the latest data protection and data security standards, Adacor is a member of the German Association for Data Protection and Data Security (GDD), the Alliance for Cyber Security of the German Federal Office for Information Security and the Cloud Services Made In Germany initiative, among others.

Dr. Thomas Jäschke has been appointed as data protection officer. For questions and comments on data protection, please contact us by e-mail at datenschutz(at)adacor.com and by telephone on +49 231 543 803 00.

You have the following rights in relation to your personal data.

At any time, provided that Exolink has sole or joint responsibility for the data processing, you can assert these rights against Exolink at datenschutz@adacor.com.

Right of access (Art. 15 GDPR): You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.

In addition, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. You can also request that we make all personal data that you have provided to us available to you or to a person or company of your choice in a structured, commonly used and machine-readable format.

You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. If we base data processing on your consent, you have the right to withdraw your consent at any time with effect for the future. If possible, please send your revocation by e-mail to datenschutz@adacor.com. The legality of the processing of your data up to the time of revocation remains unaffected.

You also have the right to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. f GDPR (data processing to safeguard a legitimate interest) (Art. 21 GDPR). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

If you are of the opinion that our processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your choice in accordance with Art. 77 para. 1 GDPR.

This also includes the data protection supervisory authority responsible for Exolink and Adacor:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Postfach 200444 40102 Düsseldorf Germany 0211/38424-0 poststelle@ldi.nrw.de

Exolink uses various services and content as well as cookies that enable data processing to improve the offer by increasing user-friendliness and for statistical purposes.

You have the option of preventing or restricting processing by these services at the start of your visit to our website with the help of our consent management systems. If these contents are suspended, functionalities of the offer may be restricted or no longer usable. In particular, such settings prevent the respective consent to specific individual processing operations so that the scripts concerned cannot be executed.

On the pages of https://www.exolink.com and https://www.exolink.de, Exolink uses the integrated consent tool from Onepage.io. You can make your individual settings regarding your consent via the "lock icon" on the edge of the website.

The description of the functions of the individual cookies and their function, in particular with regard to the use of Google services, can also be found in the settings screens.

You have various options for contacting us via the website. User information collected via the contact form is used to process the request and for possible follow-up questions.

Through Exolink GmbH, we cover a very comprehensive service portfolio regarding an e-mobility cloud platform for the connection, integration and analysis of chargers and wallboxes. If you contact us with an inquiry about our services (request for information, tender, request for quotation, price inquiry or similar), your inquiry will be made available to the following recipients in the Adacor Group:

Exolink GmbH, Developer Team Adacor Hosting GmbH, Sales Team, Customer Success Management, Operations Teams

A contact form is integrated on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. At the time the message is sent, the user's IP address and the date and time of registration are also stored.

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the email addresses provided. In this case, the personal data transmitted with the e-mail will be stored. The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Business communication is stored in accordance with commercial and tax law retention obligations.

The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by email, this constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Via Nicereply, contacts can use a link in the email signature to access a form where they can provide feedback on the communication. Exolink uses this to measure the satisfaction of customers and interested parties. A free text field can be used to submit a suggestion for improvement.

Nice Reply, s.r.o., Štefanovičova 2971/8, 811 04 Bratislava, Slovakia, gdpr@nicereply.com supports us in this processing, Privacy policy: https://www.nicereply.com/privacy-statement-for-customers.

The data is stored for 12 months.

The legal basis is the processing of data with the consent of the data subject in accordance with Art. 6 para. 1 lit. a GDPR.

Based on the data entered when registering for the Exolink newsletter or downloading additional material, the relevant persons are researched using publicly available information from company websites or social and professional networks (e.g. XING, LinkedIn).

The data collected includes the name, company or employer, position, title and contact details such as telephone number, email, profiles on online platforms. All data is either added to the database of our interested parties or customers after contact has been made, otherwise it is deleted on request or after 6 months at the latest.

On our websites, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH. The legal basis for the processing of this data is Art. 6 para. 1 a) GDPR, therefore it only takes place if you have given your consent via our consent tool when visiting our website.

A javascript-based code is used for this purpose, which is used to collect company-related data and the corresponding use. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website. From the remaining data, Salesviewer determines the company from whose network the website was accessed. The number of page views, which pages were viewed, the duration of the visit and the referrer (which website linked to us) are read out and transmitted to us by Salesviewer. If you have reached the website via a Google Ads ad, this and the search term you have entered will also be transmitted. Based on the company data, we identify potential contacts in professional networks (e.g. Xing, LinkedIn).

SalesViewer® uses Hetzer Online GmbH, Industriestr. 25, 91710, Gunzenhausen for server hosting (SalesViewer® infrastructure) and Host Europe GmbH, Welserstraße 14, 51149 Cologne for the provision of DNS servers for SalesViewer®. You can find Salesviewer's privacy policy here: https://www.salesviewer.com/de/datenschutzerklaerung.

You can object to tracking by Salesviewer here: https://www.salesviewer.com/de/opt-out

The data stored by Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

Exolink uses Hotjar to analyze the user experience of the website.

If you have given your consent via the Cookie Consent Tool, individual sessions and interactions on the website are stored. Exolink uses these sessions to analyze the behavior of visitors to the website and to improve the user experience.

The data is aggregated across all saved sessions and displayed as a "heat map".

his processing is supported by HOTJAR LIMITED, DRAGONARA BUSINESS CENTRE, 5TH FLOOR, DRAGONARA ROAD, PACEVILLE, ST. JULIANS, MALTA, Privacy Policy: https://www.hotjar.com/legal/policies/privacy/.

The data is stored for 365 days.

The data aggregated as a heat map is stored, but no longer has any personal reference due to the merging.

The legal basis is the processing of data with the consent of the data subject in accordance with Art. 6 para. 1 lit. a GDPR.

We use Pipedrive as a CRM tool to process and store contact requests and data. When contacting us (via contact form or e-mail), the user's details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b) GDPR. We use contact forms from our customer relationship management tool ("CRM tool") Pipedrive to process and respond to your request and messages as quickly as possible. The data transmitted when filling out the form is sent to Pipedrive and stored there on Pipedrive servers. https://support.pipedrive.com/de/article/how-secure-is-my-data-in-pipedrive

The "smart contact data" function is used to retrieve contact data from contact requests from public sources such as LinkedIn in order to comply with our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR to process the correct contact data of contact persons.

We also use the Pipedrive web chat tool. If you wish to use the feature within the meaning of Art. 6 para. 1 lit. a GDPR, we process your IP address, the date and time of the chat and the data contained in chats.

Pipedrive OÜ is a limited liability company under Estonian (EU) law with the address Mustamäe tee 3a, 10615 Tallinn, Estonia, registered in the Estonian Commercial Register under the code 11958539. You can access Pipedrive's privacy policy here: https://www.pipedrive.com/en/privacy.

On the social media platforms provided by Exolink, you have the opportunity to create your own comments and, if applicable, posts. Please also note the individual data protection notices of the respective social media platform operators. Exolink also only uses the infrastructure of the respective platform provided by these operators. Please note the following platform-specific information on the individual presences.

We use the software from onepage.io and emlen.io to collect, display and store the data collected via the website and landing pages:

The provider of onepage is ONEPAGE GmbH, Helmholtzstraße 2-9, 10587 Berlin. You can find more information on the processing methods we have entrusted to this provider in the provider's functional description (see https://onepage.io/). We have commissioned this provider to process your personal data in accordance with Article 28 GDPR. The content of the order processing agreement concluded for this purpose can be viewed here: https://onepage.io/de/avv

The provider of Emlen is emlen GmbH, Dudweilerstraße 71, 66111 Saarbrücken. You can find more information on the type and manner of processing we have entrusted to this provider in the provider's functional description (see https://de.emlen.io/features). We have commissioned this provider to process your personal data in accordance with Article 28 GDPR. You can find the service provider's privacy policy here: https://de.emlen.io/reference/data-privacy

We generally process the following data from you:

IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software.

Personal data that you disclose when visiting or communicating with our website (in particular via forms) (see "Business communication" above).

We use so-called session cookies on the landing pages. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. They store a so-called session ID, with which various requests from the visitor's browser can be assigned to the shared session. This allows the visitor's computer to be recognized when the visitor returns to your website. The purpose, from which our legitimate interest also follows, can be described as follows: The cookies are used to display and use the website in a way that suits you.

Exolink operates company profiles on the social media platforms of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Facebook") at https://www.facebook.com/Exolink.API and https://www.instagram.com/exolink.ocpp/ (also known as "fan pages"). When you access Exolink's company profiles, Facebook collects the personal usage data described under this link

Exolink does not receive this usage data directly, but only from Facebook in summarized form via the Facebook tool "Page Insights" (https://de-de.facebook.com/business/pages/manage and https://de-de.facebook.com/legal/terms/information_about_page_insights_data) ("Insights Data"). Exolink cannot assign Insights data to individual persons.

Without Exolink's company profiles, Facebook would not be able to collect the usage data. Exolink and Facebook are therefore jointly responsible for the processing of usage data. This means that Facebook and Exolink process this data for the joint purpose of learning about the usage behavior of Exolink's fan page users. As the operator of the platform, Facebook collects the detailed usage data from you; Exolink only receives the summarized Insights data from Facebook. Therefore, only Facebook makes the decisions about the organization of the processing of your usage data in connection with Page Insights. In the event of such joint responsibility, the EU General Data Protection Regulation requires that a special contract be concluded with Facebook. This contract is available at: https://de-de.facebook.com/legal/terms/page_controller_addendum. The contract contains further details and explanations regarding our joint responsibility with Facebook in the context of Page Insights. Facebook initially assumes primary responsibility in the internal relationship, particularly with regard to requests concerning your rights as a data subject. Further information regarding the collection and use of data as well as your rights and protection options vis-à-vis Facebook can be found at https://www.facebook.com/policy.php

Art. 6 para. 1 lit. f GDPR (balancing of interests) is the legal basis for Exolink's involvement in the processing of usage data. Exolink's interest here is the administration and improvement of the fan page as well as the information of visitors to the fan page. Exolink does not require any further legal basis for processing the summarized Insights data, as this information does not constitute personal data. In addition, we process your Facebook user name and your comments for communication with you if you have sent us messages yourself via the fan pages or by direct message.

In order to provide the company profiles on the Facebook platforms, your personal data is processed by Facebook Ireland Limited and transmitted to Facebook, Inc. in the USA (as well as other third countries, as shown at https://de-de.facebook.com/policy.php). By using standard contractual clauses as defined by the EU Commission, Facebook guarantees that the data protection requirements of the EU are complied with when processing data in the USA. Further information can be requested via https://www.facebook.com/help/566994660333381.

Exolink operates a LinkedIn company profile at https://www.linkedin.com/company/exolink-ocpp-platform on the platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn"). We maintain this LinkedIn page to draw the attention of potential applicants to our job advertisements, to communicate with them and to inform them about our services.

When you view this profile, your browser sends website usage data and possibly other data in accordance with LinkedIn's privacy policy (available at https://www.linkedin.com/legal/privacy-policy). Through this company profile, you can also comment on Exolink publications by replying, publish them on the LinkedIn platform with or without your own comment or mark the publications with "Like". The data collected in this way is processed by LinkedIn.

Without Exolink's company profiles, LinkedIn would not be able to collect their usage data. Exolink and LinkedIn are therefore jointly responsible for the processing of usage data. However, we have no influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the disclosure of this data to third parties. In the event of such joint responsibility, the GDPR requires that a special contract be concluded with LinkedIn. This contract is available at: https://legal.linkedin.com/pages-joint-controller-addendum. The contract contains further details and explanations regarding our joint responsibility with LinkedIn. LinkedIn initially assumes primary responsibility in the internal relationship, especially with regard to requests concerning your data subject rights. Further information regarding the collection and use of data as well as your rights and protection options vis-à-vis LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

Art. 6 para. 1 lit. f GDPR (balancing of interests) is the legal basis for Exolink's involvement in the processing of usage data. Exolink's interest here is the administration and improvement of the visibility of the company profile as well as the information of visitors to the site. Exolink does not require any further legal basis for processing the summarized Insights data, as this does not constitute personal data.

We also process the following personal data in connection with LinkedIn for the purpose of business communication:

- LinkedIn usernames and comments on our LinkedIn page and messages sent to us via LinkedIn.

- Other information necessary to respond to requests from our visitors

- To determine the professional and technical situation of potential business partners and applicants based on the information in their LinkedIn profiles.

In order to provide the company profile on LinkedIn, personal data is transferred from LinkedIn to the USA (as well as other third countries, as shown at https://www.linkedin.com/legal/privacy-policy). By using standard contractual clauses as defined by the EU Commission, LinkedIn guarantees that the data protection requirements of the EU are complied with when processing data in the USA. Further information can be requested via https://www.linkedin.com/legal/l/eu-sccs.

Adacor operates a Xing company profile at https://www.xing.com/pages/adacor-group on the Xing platform, operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter referred to as "Xing"). We maintain this Xing page to draw the attention of potential applicants to Exolink job advertisements, to communicate with them and to inform them about our services.

When you view this profile, your browser sends website usage data and possibly other data in accordance with Xing's privacy policy (available at https://privacy.Xing.com/de/datenschutzerklaerung/informationen-die-sie-uns-mitteilen). Through this company profile, you can also comment on Adacor publications by replying, publish them on the Xing platform with or without your own comment or mark the publications. The data collected in this way is processed and statistically analyzed by Xing.

Without Adacor's company profile, Xing would not be able to collect the usage data. Adacor and Xing are therefore jointly responsible for processing the usage data. However, we have no influence on the type and scope of the data processed by Xing, the type of processing and use or the transfer of this data to third parties. In the event of such joint responsibility, the EU General Data Protection Regulation requires that a special contract be concluded with Xing.

We also process the following personal data in connection with Xing for the purpose of business communication:

- Xing user names and comments on our Xing page and messages sent to us via Xing.

- Other information that is necessary to answer our visitors' queries.

- The survey of the professional and technical situation of potential business partners and applicants based on the information in their Xing profiles.

Art. 6 para. 1 lit. f GDPR (balancing of interests) is the legal basis for Adacor's involvement in the processing of usage data. Adacor's interest here is the administration and improvement of the visibility of the company profile as well as the information of visitors to the site. Adacor does not require any further legal basis for processing the summarized Insights data, as this does not constitute personal data.

In order to provide the company profiles on Xing, your personal data is transferred by Xing to the USA (as well as other third countries, as shown at https://privacy.Xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender). By using standard contractual clauses as defined by the EU Commission, Xing guarantees that the data protection requirements of the EU are complied with when processing data in the USA.