Datenschutz - Homeport

Data Protection

Effective from: 01.01.2025

Privacy Policy

Below, we inform you about the processing of your personal data in connection with the use of our online services.

Controller

Iits consulting GmbH Am Bahndamm 10

84072 Au in der Hallertau

Phone: 02132 / 6530048

Email: contact@homeport.ai contact@homeport.ai

Contact

For questions regarding data protection, please contact us using the contact details provided above.

Retention Period

We generally delete your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed.

If we have asked for your consent and you have given it, we will delete your personal data if you withdraw your consent and there is no other legal basis for the processing.

We will delete your personal data if you object to the processing and there are no overriding legitimate grounds for the processing, or if you object to processing for direct marketing purposes or related profiling.

If deletion is not possible because processing is still necessary for compliance with a legal obligation (statutory retention periods, etc.) to which we are subject, or for the establishment, exercise, or defense of legal claims, we will restrict the processing of your personal data.

Further information on the retention period can also be found in the following sections.

Your Rights

You have the following rights regarding your personal data:

Right of Access
Right to Rectification
Right to Erasure
Right to Restriction of Processing
Right to Object to Processing
Right to Data Portability

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions

based profiling. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. We will then no longer process your personal data for these purposes.

You have the right to withdraw consent to the processing of your personal data at any time, if you have given us such consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You have the right to lodge a complaint with a supervisory authority regarding our processing of your personal data.

Provision of Your Personal Data

Providing your personal data is generally neither legally nor contractually required and is not necessary for entering into a contract. You are generally not obliged to provide your personal data. Should this nevertheless be the case, we will inform you separately when collecting your personal data (for example, by marking mandatory fields in input forms).

Failure to provide your personal data will regularly result in us not being able to process your personal data for one of the purposes described below, and you will not be able to take advantage of an offer related to the respective processing (Example: Without providing your email address, you will not receive our newsletter).

Web Hosting

For web hosting, we use external services. These services may have access to personal data processed during the use of our online offering. Further information on the services used, the scope of data processing, and the technologies and procedures involved in using the respective services can be found in the additional information about the services we use at the end of this passage and via the links provided there.

Open Telekom Cloud

Provider: Telekom Deutschland GmbH, Germany Website: https://www.open-telekom-cloud.com/

Microsoft Azure

Provider: Microsoft Ireland Operations Limited, Ireland. Microsoft Ireland Operations Limited is a subsidiary of Microsoft Corporation, United States of America.

Website: https://azure.microsoft.com/

Further Information & Data Protection: https://privacy.microsoft.com/de-de/ and https://www.microsoft.com/de-de/trust-center/privacy

Guarantee: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from us. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which ensures an adequate level of data protection based on a decision by the European Commission.

Web Server Log Files

We process your personal data to display our online offering to you and to ensure the stability and security of our online offering. Information (such as the requested element, accessed URL, operating system, date and time of the request, browser type and version used, IP address, protocol used, amount of data transferred, user agent, referrer URL, time zone difference to Greenwich Mean Time (GMT), and/or HTTP status code) is stored in so-called log files (access log, error log, etc.).

If we have asked for your consent and you have given it, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this case is the proper display of our online offering and ensuring the stability and security of our online offering.

Security

For security reasons and to protect the transmission of your personal data and other confidential content, we use encryption on our domain. You can recognize this by the "https://" string and the lock symbol in your browser's address bar.

Contact

If you contact us, we process your personal data to handle your inquiry.

If we have asked for your consent and you have given it, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this case is processing your contact request. If processing is necessary for the performance of a contract with you or for taking pre-contractual steps at your request, the legal basis for processing is also Art. 6 para. 1 lit. b GDPR.

To facilitate your contact requests, we use support systems (appointment booking systems, live chats, ticketing systems, or helpdesks, etc.) and employ external services for this purpose. These services may have access to personal data processed when you contact us via a support system. Further information on the services used, the scope of data processing, and the technologies and procedures involved in using these services can be found below in the detailed information about the services we use and via the links provided there:

Calendly

Provider: Calendly, LLC, United States of America. Website: https://calendly.com/de

Further Information & Data Protection: https://calendly.com/privacy, https://calendly.com/security and https://help.calendly.com/hc/de/articles/360007032633

Cookies & Similar Technologies

Cookies are used. Cookies are text files stored on your device. A distinction is made between session cookies, which are deleted immediately after closing your browser, and persistent cookies, which are deleted only after a certain period.

In addition to cookies, similar technologies (tracking pixels, web beacons, etc.) may also be used. The following explanations regarding cookies also apply to similar technologies. These explanations also apply to further processing activities (analysis & marketing, etc.) related to cookies and similar technologies. This applies in particular to any consent you may have given for the use of cookies. This also extends to other technologies and to further processing activities related to cookies and similar technologies.

Cookies can be used to enable certain functions. Cookies can also be used to measure the reach of our online offering, to tailor it to user needs and interests, and thereby optimize our online offering and marketing. Cookies may be used by us and by external services.

To manage the cookies used and related consents, we employ a consent tool. Details on the cookies used (purpose, storage duration, external service if applicable, etc.) and the consent tool can be found in the following sections and in the consent tool we use.

If we have requested your consent and you have granted it, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not requested your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies used and the related consents. Depending on the purpose of processing, our legitimate interests can be found in the following sections.

You can prevent the storage of cookies by adjusting your browser settings accordingly. Below, we provide links for common browsers where you can find further information on managing cookie settings:

Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und- verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html

Further objection options can be found at the following links: https://www.youronlinechoices.eu/, https://youradchoices.ca/en/tools, https://optout.aboutads.info/?c=2&lang=EN and https://optout.networkadvertising.org/?c=1.

If you prevent the storage of cookies, this may impair the proper functioning of our online service. If you delete all cookies, the aforementioned settings will also be lost and must be reconfigured.

Furthermore, you can activate your browser's "Do Not Track" function to signal that you do not wish to be tracked. Below, we provide links for common browsers where you can find further information on the "Do Not Track" setting:

Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/verwenden-von-do-not-track- in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
Opera: https://help.opera.com/de/latest/security-and-privacy/
Since February 2019, Safari no longer supports the "Do Not Track" function. Cross-site tracking can be prevented in Safari via the following link: https://support.apple.com/de- de/guide/safari/sfri40732/12.0/mac
Yandex: https://yandex.com/support/browser/personal-data-protection/ytp.html

You can also revoke or manage your consents regarding the cookies used in the consent tool we employ.

Homeport (SaaS)

If you use Homeport as Software as a Service, we process your personal data to make this software available to you for access via the internet and to comply with the associated rights and obligations.

The legal basis for processing is Art. 6 para. 1 lit. b GDPR, because the processing is necessary for the performance of a contract with you or for carrying out pre-contractual measures. Insofar as the processing is not necessary for the performance of a contract, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the provision of the software.

Recipients of your personal data may include third parties (fulfillment service providers, IT service providers, shipping or transport service providers, banks, tax advisors, lawyers, authorities, etc.) insofar as this is necessary for the provision of the software.

We use external services for payment processing. We transmit your personal data to these services insofar as this is necessary for payment processing. Further information on the services used, the scope of data processing, and the technologies and procedures involved in using the respective services can be found in the additional information about the services we use at the end of this passage and under the links provided there.

Stripe

Provider: Stripe Payments Europe, Ltd., Ireland. Stripe Payments Europe, Ltd. is a subsidiary of Stripe, Inc., United States of America.

Website: https://stripe.com/de

Further Information & Data Protection: https://stripe.com/de/privacy

Newsletter

If we have requested and you have given your consent, we process your email address for email marketing purposes, and potentially other personal data to address you personally. The legal basis for processing is Art. 6 para. 1 lit. a GDPR. The content of the email marketing is specifically described when your consent is obtained. Furthermore, the email marketing contains information about us, our goods, and services.

We use the so-called double opt-in procedure to prevent possible misuse of your personal data. For this purpose, after collecting your email address, we send an email to the email address you provided, asking you to confirm that you actually wish to receive email marketing. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the legally compliant implementation of email marketing.

We log the time of your consent and the time of your confirmation, as well as your IP address and the content of your consent declaration, to be able to prove the legally compliant obtaining of your consent. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the legally compliant implementation of email marketing.

We use external services for email marketing. Further information on the services used, the scope of data processing, and the technologies and procedures involved in using the respective services, as well as whether profiling takes place when using the respective services, and, if applicable, information about the logic involved, the scope, and the intended effects of such processing for you, can be found in the additional information about the services we use at the end of this passage and under the links provided there.

You can revoke your consent at any time. The revocation of your consent does not affect the lawfulness of processing carried out based on the consent until its revocation. To revoke your consent, you can use the designated link in the emails or contact us using the contact details provided above.

If you have revoked your consent, we reserve the right to process your personal data in a so-called blacklist/suppression list to ensure that no further email marketing related to this personal data occurs in the future.

The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the prevention of unwanted email marketing.

We process your personal data for tracking and performance measurement purposes to gauge the reach of our email marketing, tailor it to your needs and interests, and thereby optimize our email marketing. This may also involve profiling (for advertising, personalized information, etc.). Profiling can also occur across services and devices. If we have requested and you have given your consent, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not requested your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the optimization of our email marketing. Unfortunately, a separate revocation of your consent or objection regarding tracking or performance measurement is not possible. You must use the aforementioned options to revoke your consent or object to the processing of your personal data for email marketing purposes as a whole.

Mailchimp

Provider: The Rocket Science Group, LLC, United States of America. The Rocket Science Group, LLC is a subsidiary of Intuit Inc., United States of America.

Website: https://mailchimp.com/de/?currency=EUR

Further Information & Data Protection: https://www.intuit.com/privacy/statement/

Existing Customer Marketing - Email Advertising

If we have received your email address in connection with the sale of goods or services and you have not objected to this, we process your email address to conduct email marketing for our own similar goods or services, and, if applicable, further personal data to address you personally. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is direct marketing.

For email marketing, we use external services. Further information on the services used, the scope of data processing, the technologies and procedures involved in using each service, whether profiling takes place when using each service, and, if applicable, information about the logic involved, as well as the significance and intended effects of such processing for you, can be found in the additional information about the services we use at the end of this section and under the links provided there.

You have the right to object to the processing of your personal data for email marketing purposes at any time, without incurring any costs other than the transmission costs according to the basic rates. We will then no longer process your personal data for email marketing purposes. To object to the processing of your personal data for email marketing purposes, you can use the designated link in the emails or contact us using the contact details provided above.

If you have objected to the processing of your personal data for email marketing purposes, we reserve the right to process your personal data in a so-called blacklist/blocklist to ensure that no further email marketing related to this personal data occurs in the future.

The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the prevention of unwanted email marketing.

We process your personal data for tracking and performance measurement purposes to measure the reach of our email marketing, to tailor it to your needs and interests, and thereby optimize our email marketing. This may also involve profiling (for advertising purposes, personalized information, etc.). Profiling can also occur across services and devices. If we have requested your consent and you have granted it, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not requested your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the optimization of our email marketing. A separate revocation of your consent or objection regarding tracking or performance measurement is unfortunately not possible. You must use the aforementioned options for revoking your consent or objecting to the processing of your personal data for email marketing purposes as a whole.

Mailchimp

Provider: The Rocket Science Group, LLC, United States of America. The Rocket Science Group, LLC is a subsidiary of Intuit Inc., United States of America.

Website: https://mailchimp.com/de/?currency=EUR

Further Information & Data Protection: https://www.intuit.com/privacy/statement/

Analysis & Marketing

We process your personal data to measure the reach of our online offering, to tailor it to your needs and interests, and thereby optimize our online offering and our marketing.

If we have requested your consent and you have granted it, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not requested your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the optimization of our online offering and our marketing.

For analysis and marketing, we use external services. This may involve profiling (for advertising purposes, personalized information, etc.). Profiling can also occur across services and devices. Further information on the services used, the scope of data processing, the technologies and procedures involved in using each service, whether profiling takes place when using each service, and, if applicable, information about the logic involved, as well as the significance and intended effects of such processing for you, can be found in the additional information about the services we use at the end of this section and under the links provided there.

Further information on cookies & similar technologies can be found above.

Google Analytics

Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.

Website: https://marketingplatform.google.com/intl/de/about/analytics/

Further information & data protection: https://support.google.com/analytics/answer/6004245?hl=de, https://policies.google.com/?hl=de and https://business.safety.google/privacy/

The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU Standard Contractual Clauses, provided these are offered by Google. Further information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU Standard Contractual Clauses there. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which, based on a decision by the European Commission, ensures compliance with an adequate level of data protection.

Microsoft Advertising

Provider: Microsoft Ireland Operations Limited, Ireland. Microsoft Ireland Operations Limited is a subsidiary of Microsoft Corporation, United States of America.

Website: https://about.ads.microsoft.com/de-de

Further information & data protection: https://privacy.microsoft.com/de-de/ and https://www.microsoft.com/de-de/trust-center/privacy

Guarantee: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from us. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which, based on a decision by the European Commission, ensures compliance with an adequate level of data protection.

Microsoft Clarity

Provider: Microsoft Corporation, United States of America. Website: https://clarity.microsoft.com/

Further information & data protection: https://privacy.microsoft.com/de-de/ and https://www.microsoft.com/de-de/trust-center/privacy

Guarantee: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from us. The provider has joined the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which, based on a decision by the European Commission, ensures compliance with an adequate level of data protection.

Social Media Presences

We maintain social media presences on external services to communicate with users there and to optimize our online offering and our marketing.

This privacy policy also applies to the following social media presences:

LinkedIn: https://www.linkedin.com/company/homeportai

If we have requested your consent and you have granted it, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. If we have not requested your consent, the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this is the optimization of our online offering and our marketing.

When using external services, profiling (for advertising purposes, personalized information, etc.) may also occur. Profiling may also take place across different services and devices. Further information on the services used, the scope of data processing, and the technologies and procedures employed when using the respective services, as well as whether profiling occurs when using the respective services, and, if applicable, information on the logic involved, the scope, and the intended effects of such processing for you, can be found in the additional information about the services we use at the end of this passage and under the links provided there.

Provider: If you are located in the EU, the European Economic Area (EEA), or Switzerland, this service is offered by LinkedIn Ireland Unlimited Company, Ireland. If you are located outside the EU, the European Economic Area (EEA), or Switzerland, this service is offered by LinkedIn Corporation, United States of America.

Website: https://www.linkedin.com

Further Information & Privacy Policy: https://de.linkedin.com/legal/privacy-policy?trk=homepage- basic_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy?trk=homepage- basic_footer-cookie-policy

Safeguard: EU Standard Contractual Clauses. You can request a copy of the EU Standard Contractual Clauses from us.

Applications

If you apply to us, we process your personal data to conduct the application process and make a decision regarding the establishment of an employment relationship. After the application process is concluded, we restrict the processing of your personal data and delete or destroy it at the latest 6 months after you receive the rejection, or return your application documents and delete or destroy any copies, unless you have consented to us continuing to use your personal data.

If we have requested your consent and you have given it, the legal basis for processing is Art. 6 (1) lit. a GDPR. If we have not requested your consent, the legal basis for processing is Art. 6 (1) lit. f GDPR. Our legitimate interest in this is the proper conduct of the application process and, if applicable, the defense against claims arising from the rejection of an application. If processing is necessary for the decision regarding

the establishment of an employment relationship is required, the legal basis for processing is also Section 26 (1) Sentence 1 BDSG.

‍