Data protection

# Person responsible for the personal data

This website is operated by Recover Society GmbH, Niddastr. 63 D-60329 Frankfurt ("we", "us", "our" or "Recover Society").

You can contact us by e-mail at: hello@recoversociety.com

# Purpose

This document outlines the specific information we are required to provide to data subjects in the EU, EEA and UK under the EU's General Data Protection Regulation ((EU) 2016/679 GDPR) and the UK's General Data Protection Regulation (UK GDPR). These regulations set out the rights of data subjects and the protocols for the management of personal data.

# Scope of this privacy policy

This document relates to the processing of your personal data on our website https://recoversociety.com/.

This document also applies to the processing of your personal data for other purposes such as Information, communication, sales, bookings and provision of services.

# Contact information of the data protection officer (DPO)

## DATA PROTECTION OFFICER

Enobyte GmbH

Augustenstr. 49, 80333 Munich, Germany

Phone: +49 89 215 4774-30

E-Mail: dpo@enobyte.com

Web: https://www.enobyte.com/kontakt

# Legal bases for our processing

We only process your personal data if there is a legal basis for doing so. Under the GDPR/UK GDPR, there are three legal bases that we use.

(1) Consent (Art. 6 (1) a) GDPR/UK GDPR) - If you have given your consent voluntarily, we may only process your personal data for the purpose for which the consent was given.

(2) Contractual obligation (Art. 6 (1) b) GDPR/UK GDPR) - If we have a contract with you, we must store and use some information about you. The same applies if we take necessary steps at your request before entering into a contract.

(3) Legitimate interest (Art. 6 (1) f) GDPR/UK GDPR) - Legitimate interest allows us to process personal data if this is necessary for our legitimate interests and your interests or fundamental rights and freedoms do not outweigh our interest. In the following, we inform you whether we carry out such processing and what interests we pursue.

# Use of this website

When you visit our website, the servers automatically store server log file information transmitted by your browser. This information includes

Content data

- Any text that you enter or files that you upload

Usage data

- Websites visited

- Date and time of your request

Metadata

- Your IP address

- Time zone of your computer

- Date and time of your computer

- The website you have requested

- The website you came from

- Information about your browser (version, language, installed fonts)

- Information about your operating system (version, language)

- Possibly other information that your browser sends via the HTTP protocol.

The temporary storage of the IP address by the system is necessary to display the content of the website on your device. The information is used exclusively to maintain the technical operation of the servers and the network and to ensure its security. The legal basis is our legitimate interest in the secure provision of the website (Article 6 (1) f) GDPR/UK GDPR).

We automatically delete all server logs within 7 days. We store the logs for this period to detect suspicious activity on our server and to protect our infrastructure from external attacks such as DDoS.

We use an external hosting provider to operate the website. The provider receives and stores the content data, usage data and metadata on our behalf. We use the following external hosting provider:

Cloudflare

We use Cloudflare as a CDN provider to load some images and elements of this website. The CDN provider receives usage data and metadata about your visit. By using a CDN, we can provide you with the information you request more efficiently and ensure the security of our website. The legal basis for this use is our legitimate interest (Article 6 (1) f) GDPR/UK GDPR).

Cloudflare is a service provided by Cloudflare Inc. located at 101 Townsend St, San Francisco, CA 94107, United States. You can view their privacy policy here: https://www.cloudflare.com/privacypolicy

## Newsletter

You can subscribe to our newsletter to be informed about new products, events and promotions.

We have introduced the double opt-in procedure for our newsletter. If you enter your e-mail address in the registration form, you will receive an e-mail asking you to confirm your registration for the newsletter. If you do not confirm your registration, we will automatically delete your e-mail address from our system within one week.

Our legal basis for offering the newsletter is therefore your active consent.

You can withdraw your consent at any time by unsubscribing from our newsletter. In this case, we will no longer send you newsletters with immediate effect and will delete your e-mail address from our database. In every newsletter we send you, you will find a link with which you can unsubscribe.

For our newsletter we use the service HubSpot Marketing Hub from HubSpot, Inc. based in 25 First Street, Cambridge, MA 02141 USA. We have concluded a data processing agreement with this company, which obliges it to comply with strict data protection regulations.

We have activated "open tracking" in our newsletters. Each newsletter contains an invisible image. When you open the email, this image is loaded by the service provider and they can analyze how many people have opened our newsletter and when they did so. The service provider collects your IP address for this purpose. We cannot unsubscribe individual subscribers from this tracking function. If you do not agree to this tracking, you must unsubscribe from the newsletter.

We have activated "click tracking" in our newsletters. When you click on a link in our newsletter, your computer first establishes a connection to the servers of our service provider and shows it which link was clicked on and when. This is used to compile statistics on which links were attractive to our customers. The newsletter service provider learns your IP address, the link you clicked on and when you clicked on it. We cannot unsubscribe individual subscribers from this tracking function. If you do not agree to this tracking, you must unsubscribe from the newsletter.

To learn more about data protection at HubSpot, Inc. please read their privacy policy, which you can find here: https://legal.hubspot.com/privacy-policy

## Contact form

When you use our contact form, we receive and store the information you enter in addition to the information described above.

Some fields in the contact form are mandatory, i.e. you must fill them in to send your message. Others are optional and you can decide whether you want to provide the information.

We will use the information you provide to respond to your message and take the action you have requested.

We will not use the data for any other purpose and will delete it as soon as we have completed your request, unless we are required by law to keep the data for longer.

Our mandatory fields are:

- e-mail: We need this to reply to you

- Name: We use this to personalize our message and to see if you have contacted us before

- Your message

If you do not wish to provide certain information, you can also enter incorrect data. However, in some cases we will not be able to reply to your message if information is missing.

Our basis for this processing is our contractual obligation if your message concerns the purchase or the services we offer.

If you make a general request, our legal basis is legitimate interest, as we want to provide you with the best possible service.

## Cookies on this website

Cookies are small text files that every website can store in your browser. Cookies can be set by us (first party cookies) or by third parties. If we set a cookie in your browser, other websites cannot read it. If a third party sets a cookie in your browser, any other website that uses the same third-party cookies can read the information stored in these cookies.

This enables tracking on various websites. If we use third-party cookies, we will always ask for your consent before placing these cookies.

Below you will find a list of the first-party cookies we use:

The following table shows a list of the third-party cookies we use:

## Third parties

We may embed tools and content on our websites that are loaded from third-party servers. This may include, for example, graphics, videos, buttons for social media or other functionalities.

When you access a website on which such content is embedded, your IP address is transmitted to these third-party providers.

Occasionally, these tools may contain so-called web beacons, invisible graphics that are used to collect further statistics. If you notice such a web beacon, please notify us and we will endeavor to remove it from our websites.

Some third-party content also sets cookies in your browser to store certain information about your use of the tools and content.

Occasionally, the third party may combine your information collected on our websites with other information it has collected to create a profile of you.

### Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), which enables us to manage website tools via a single interface. Google Tag Manager itself does not process any personal data, but it is used to load other tools and content that may process personal data.

### Google Analytics

If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The legal basis for this data processing is your consent (Article 6 (1) a) GDPR/UK GDPR).

Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the United States and stored there.

We use the User ID function. The user ID enables us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behavior across devices.

IP anonymization is activated by default in Google Analytics 4 . IP anonymization means that your IP address will be shortened by Google within member states of the EU or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of "events". Events can be

- Page views

- First visit to the website

- Start of the session

- websites visited

- Your "click path", interaction with the website

- Scrolls (when a user scrolls to the bottom of the page (90%))

- Clicks on external links

- Internal search queries

- Interaction with videos

- File downloads

- Viewed ads / clicked ads

Also recorded:

- Your approximate location (region)

- Date and time of your visit

- Your IP address (in abbreviated form)

- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)

- Your Internet Service Provider

- the referrer URL (via which website/advertising media you came to this website)

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to compile reports on website activity. The reports generated by Google Analytics 4 are used to analyze the performance of our website.

Recipients of the data are/may be

- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR),

- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States

- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States

For the United States, the European Commission issued an adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Shield Framework. Since the Google servers are distributed worldwide and a transfer to third countries (e.g. to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider in order to achieve an adequate level of data protection in these countries.

The data sent by us and linked to cookies will be deleted after 12 months automatically deleted. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you set your browser to reject all cookies, this may lead to functional restrictions on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by selecting

- do not consent to the setting of the cookie or

- to download and install the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

Further information about Google and how Google handles data can be found at the following link:

- Terms of use: https://marketingplatform.google.com/about/analytics/terms/us/

- Data protection: https://support.google.com/analytics/answer/6004245?hl=en

- Use of cookies: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

- Data protection regulations: https://policies.google.com/privacy?hl=en

### Fonts

We use external fonts on our website to ensure a uniform presentation and a modern appearance of the website. These fonts are loaded by third parties to speed up the loading process in your browser or due to license restrictions imposed by the font provider. Our legal basis is our legitimate interest in providing our website with secure, efficient and maintenance-free fonts.

Google fonts

We use fonts provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

When you visit our website, Google learns which website you have visited and what your IP address is. The information collected is used exclusively to display the embedded fonts and to keep statistics on the popularity of the fonts.

Further information can be found under the following links:

FAQ: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users

### Meta pixel / Facebook pixel

We use the Facebook pixel to track user behavior on our website. Facebook Pixel is a service provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The parent company is based at 1 Hacker Way, Menlo Park, California 94025, United States.

We track events on our website such as page views, completed registrations or successful searches. If you agree to our use of the Facebook pixel, the following data will be passed on to Facebook:

- IP address

- HTTP header information, such as browser version, operating system version, language settings

- Information about the triggered event (e.g. "page view", "completed registration", "contact")

- Information about the actions that were performed before an event was triggered (e.g. buttons clicked)

We use this information to analyze the behavior of our visitors on our website and to target advertisements to previous users of our website.

Facebook links these actions to your account and adds you to a "custom audience" that we can target with ads or posts. This can happen even if you are not logged into an account.

Facebook Pixel also places a cookie ("_fbp") in your browser. This cookie has an expiration time of 90 days. It is stored as a first-party and third-party cookie. This means that Facebook can link your online behavior on other websites that also use the Facebook pixel and our website. This helps us to identify people with similar interests to whom we can target advertising.

Facebook may also use your data for its own market research and advertising purposes. Cookies may be stored on your computer to analyze our usage behavior. Other information about your devices, internet connection and more may be collected and linked to your account. Facebook can create a profile of you even if you are not logged in or do not have an account.

In some cases, your data will be processed outside the European Union. In particular, data transfer to the USA cannot be ruled out. For these cases, we have concluded standard contractual clauses (SCCs) approved by the European Commission.

Please note that as a company based in the USA, any information shared with Facebook may be subject to surveillance or access by authorities.

Where you are located in the EU: Facebook Ireland is a joint controller for joint processing and the information required by Article 13(1)a) and b) GDPR/UK GDPR is available in Facebook Ireland's Data Policy at. https://www.facebook.com/about/privacy to be found.

We have concluded an agreement with Facebook on joint responsibility for the processing of data for Facebook Pixel: https://www.facebook.com/legal/controller_addendum

We have agreed that we are responsible for informing you about the processing and that Facebook Ireland is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR/UK GDPR in respect of the personal data held by Facebook Ireland following the joint processing.

If you have an account with Facebook, you can object to processing for advertising purposes here: https://www.facebook.com/settings?tab=ads

There are external mechanisms to reject this type of targeting, for example via: http://www.youronlinechoices.eu/

### Advertising

We work with external service providers for the distribution of advertising. The providers receive and store information about access to the website, attribute information at the time of registration and other information. They also distribute advertising based on your interests. The legal basis for this data processing is your consent (Article 6 (1) a) GDPR/UK GDPR).

We use the following external service providers for the distribution of advertising:

(1) Google Ads

We use Google Ads, offered by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, to display ads for our products on the Google Ads network. These ads are displayed to users of Google products or visitors to websites that embed ads from the Google network. We receive information about the conversion rate of our ads when users click on one of our ads and are redirected to a website that uses a "conversion tracking tag".

We only receive total values and do not receive any information with which we can identify you.

You can find Google's privacy policy here: https://policies.google.com/privacy

You can find more information about the advertising network here: https://marketingplatform.google.com

(2) Facebook ads

We use Facebook Ads, offered by Meta Platforms, Inc. 1601 Willow Road, Menlo Park, CA 94025

United States to advertise our products on Facebook, Instagram and other platforms in the Meta ecosystem. These ads are displayed to users who have shown interest in similar products or services based on their interactions with meta platforms or third-party websites that embed Facebook's tracking technology, such as the Facebook Pixel.

We receive information about the performance of our ads, such as the number of people who have viewed or interacted with them and the conversion rate when users take certain actions after clicking on an ad (e.g. make a purchase on our website). This data is provided to us in aggregate form and does not contain any personally identifiable information that can be used to identify individual users.

You can find the Meta Privacy Policy here: https://www.facebook.com/privacy/policy

You can find more information about the advertising network here: https://www.facebook.com/business/ads/

# Social media

We operate social media pages for the purpose of self-marketing and promoting our products.

We are on Instagram present.

When you visit our pages, the platforms collect data about your behavior and interests and can provide us with an anonymized analysis of our user groups and interactions. We have no influence on the creation and display of these analyses and cannot prevent the collection or processing of your data in this context.

We may receive the following data, separated by user category:

- Total number of visits,

- Interactions with our contributions,

- Comments,

- Proportion of male and female visitors,

- Origin of the visit,

- Clicks on specific content such as maps or contact information,

- Reach of our contributions

If you interact directly with our content (e.g. "like" or "repost" it), we can identify you directly. If you wish to prevent this link between your account and our social media page, please use the unfollow function offered on each platform.

We use this data and our social media presence to present ourselves to a large audience in a modern way. The use of this data and the operation of the site is based on our legitimate interest in efficient, effective and interactive advertising in accordance with Art. 6 (1) f) of the GDPR/UK GDPR.

In addition, the platforms may use your data for their own market research and advertising purposes. Cookies may be stored on your computer that analyze your usage behavior. Other information about your devices, internet connection and more may be collected and linked to your account. The platforms can create a profile of you even if you are not logged in or do not have an account. These profiles can be used to show you targeted advertising on various platforms.

In some cases, your data will be processed outside the European Union. In particular, data transfer to the USA cannot be ruled out. For these cases, we have concluded standard contractual clauses (SCCs) approved by the European Commission with the platform operators.

You have the right to assert your rights in relation to our social media pages and the Page Insights against us or the platform at any time. However, we would like to point out that the platform will process the request in any case. If you have any questions, you can contact us using the contact details above.

Further information about the platform:

Instagram

Instagram is a social media platform offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, with its parent company based at 1 Hacker Way, Menlo Park, California 94025, USA.

As part of our presence on Instagram, data is collected and processed by Meta. Meta provides insights and analytics regarding user interactions with our Instagram profile.

You can find Instagram's privacy policy here:  

https://privacycenter.instagram.com/policy

If you have an Instagram account, you can manage your privacy and advertising settings here https://www.instagram.com/accounts/privacy_and_security/

# Transfer of personal data to third countries

In order to fulfill the contract with the customer or to carry out the procedure according to the customer's request prior to the conclusion of the contract, we may transfer personal data to a third country (including countries where the adequate level of data protection is not qualified). When transferring the Customer's personal data, we will apply appropriate security and confidentiality measures in accordance with this Privacy Policy and the law.

# Retention periods for personal data

We will generally delete your personal data as soon as we no longer need it for the purposes for which we collected it. If we are unable to delete your data for a certain period of time due to a legal obligation, we will block access to this data, store it securely and delete it once the legal obligation has expired.

# Your rights

You can exercise your rights at any time by contacting us directly or the DPO directly. Please note that we may require identity verification to protect other data subjects. This verification will be carried out as unobtrusively as possible.

You have the following rights:

(1) Right to information

(2) Right to rectification and erasure

(3) Right to restriction of processing

(4) Right to data portability

(5) Right to withdraw your consent

## Right to lodge a complaint

You can lodge a complaint about our data processing with a supervisory authority at any time.

### EU

The Hessian Data Protection Officer

Gustav-Stresemann-Ring 1

65189 Wiesbaden, Germany

Phone: 0611-1408 0

E-Mail: poststelle@datenschutz.hessen.de

Website: https://datenschutz.hessen.de/

## Right to object

**You have the right to object to processing based on our legitimate interests if your particular situation calls into question our balancing of interests.

Unless we can demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, and unless we need your personal data for the establishment, exercise or defense of legal claims, we will no longer process your personal data.