Privacy Policy Last updated: September 2023 Table of contents

1. General 2
2. Scope of application. 2
3. Definitions. 2

III. Name and address of the data controller 3

1. Contact details of the data protection officer (cf. Art. 37 EU-GDPR) 3
2. Legal basis for data processing. 4
3. Data delection and storage period. 4

VII. Data security (cf. Art. 32 EU- GDPR) 5 VIII.Collaboration with processors (cf. Art. 28 EU-GDPR) 5

1. Requirements for the transfer of personal data to third countries. 5
2. No automated decision-making (including profiling) 6
3. No obligation to provide personal data. 6

XII. Legal obligation to transmit certain data. 6 XIII.Your rights. 7 XIV.Changes to this Privacy Policy. 8

1. Visiting the Website, App and social media presence. 9
2. Explanation of function. 9
3. Personal data processed. 9

III. Purpose and legal basis of data processing. 10

1. Duration of data processing. 11
2. Transmission of personal data to third parties; legal basis. 11
3. Use of Cookies, Plugins, and other services on our Website and App. 12
4. Contact by email 16
5. Contractual relationship with us as service provider 16
6. Contractual Relationship with us as business partner 17

    Introduction We, AI Brainvisuals AG (hereinafter «AIB», «we», «us», «our»), take the protection of your personal data seriously and would like to inform you hereinafter about data protection in our company through this privacy policy. As a result of the introduction of the European General Data Protection Regulation (hereinafter “EU-GDPR”), we have been given additional responsibilities to ensure the protection of personal data of the data subject within the scope of our data protection responsibilities. To the extent that we either alone or jointly with others decide on the purposes and means of data processing, this includes in particular the obligation to inform you in a transparent manner about the nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 EU-GDPR). With this privacy policy, we inform you about how your personal data is processed by us. Our privacy policy is modular in structure. It consists of a general part for any processing of personal data and processing situations that come into effect with each call of a web page (A. General) and a special part, the content of which only relates to the processing situations indicated there with the designation of the respective offer or product, especially the visit to our websites and apps as described in more detail here (Part B. Visiting the Website, App and social media presence) as well as data processing operations (C.-H.).

A. General

I. Scope of application

This Privacy Policy

• describes how we collect, use, and handle personal data that you provide to us or that we collect from you when you access or use our website https://metrade.io including all its subdomains (hereinafter collectively «Website») and our Mobile-App and Webapp (hereinafter collectively «App»);
• explains the circumstances under which we may disclose this personal data to third parties; and
• informs you about your rights in relation to your personal data.

Our privacy policy applies in conjunction with all of our other legal notices or terms of use that appear elsewhere on our Website or are otherwise made available to you.

II. Definitions

These are the definitions used in this privacy policy, based on the definitions provided in Art. 4 of the EU General Data Protection Regulation (EU-GDPR):

• “Personal data” (see Art. 4 No. 1 EU-GDPR) means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or information relating to physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability may also be established by combining such information or through additional knowledge. The form or embodiment of the information is irrelevant (even photos, video or audio recordings can contain personal data).
• “Processing” (see Art. 4 No. 2 EU-GDPR) means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, as well as changing the purpose or intended use of the data originally collected.
• “Controller” (see Art. 4 No. 7 EU-GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
• “Processor” (see Art. 4 No. 8 EU-GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, following the controller’s instructions (e.g. an IT service provider). In terms of data protection law, a processor is not a third party.
• “Third party” (see Art. 4 No. 10 EU-GDPR) means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. This also includes legal persons affiliated with the controller.
• “Consent” of the data subject (see Art. 4 No. 11 EU-GDPR) means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 III. Name and address of the data controller

The controller responsible for processing your personal data within the meaning of Art. 4 No. 7 EU-GDPR is us: AI Brainvisuals AG St. Luzi Str. 43, 9492 Eschen, Fürstentum Liechtenstein E-Mail: info@ai-brainvisuals.com You can find further information about our company in the imprint section on our Website at https://metrade.io/corporate-texts/privacy-policy-1

IV. Contact details of the data protection officer (cf. Art. 37 EU-GDPR)

For all questions and as the contact person regarding data protection at our company, our data protection officer is available to you at any time. His contact details are: Andreas Schäfer Data Protection Officer Lange Str. 22, 72379 Hechingen, Germany E-Mail: andreas@ai-brainvisuals.com

V. Legal basis for data processing

By law, in principle, every processing of personal data is prohibited and only allowed if the data processing falls under one of the following justifications:

• 6 para. 1 let. a EU-GDPR (“consent“): If the data subject has voluntarily, in an informed manner and unambiguously given his or her consent through a declaration or other clear affirmative action to the processing of the personal data concerning him or her for one or more specific purposes;
• 6 para. 1 let. b EU-GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• 6 para. 1 let. c EU-GDPR: If the processing is necessary for compliance with a legal obligation the controller is subject to (e.g. a legal retention obligation);
• 6 para. 1 let. d EU-GDPR: If the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• 6 para. 1 let. e EU-GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
• 6 para. 1 let. f EU-GDPR (“legitimate interests“): If the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

For the processing activities carried out by us, we will indicate the applicable legal basis for each of them below. A processing activity may also be based on several legal bases.

VI. Data delection and storage period

For each processing activity we undertake, we will indicate below how long your data will be stored by us and when it will be deleted or blocked. If no specific storage period is indicated below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage ceases to apply. Your data will generally only be stored on our servers in Frankfurt Germany DCs of AWS, subject to any transfer that may occur under the provisions in Part A. Sections VIII. and IX. However, storage may continue beyond the specified period in the event of a (potential) legal dispute with you or other legal proceedings, or if storage is required by legal provisions to which we, as the controller, are subject to. When the storage period required by law expires, your personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for such storage. The following factors may play a role in determining whether further storage is necessary:

• legal obligations to store data for a longer period;
• statutory limitation periods;
• (potential) legal disputes; or
• guidelines and orders issued by competent data protection authorities.

In cases where we continue to process your personal data for the aforementioned reasons, we will ensure that such data is treated in accordance with this privacy policy. Otherwise, we will delete your data as soon as it is no longer needed. If you would like to know how long we store your personal data for a specific purpose, you can contact us under info@ai-brainvisuals.com . Further information on the storage period for cookies can be found in Part B. Section VI.

VII. Data security (cf. Art. 32 EU- GDPR)

WWe use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (e.g. SSL/TSL encryption for our Website), taking into account the state of the art, the implementation costs, and the nature, scope, context, and purposes of processing as well as the risks of a data breach (including its likelihood and severity) for the data subject. Our security measures are continuously improved in line with technological developments. We are happy to provide you with more detailed information upon request. Please contact our data protection officer (see Part A. Section IV.).

VIII. Collaboration with processors (cf. Art. 28 EU-GDPR)

Like other companies, we also use external service providers, both domestic and foreign, to handle our business operations (e.g. IT, logistics, telecommunications, sales and marketing). They act only on our instructions and have contractually committed to comply with data protection regulations in accordance with Art. 28 EU-GDPR. If your personal data is passed on by us to our partner companies or from our partner companies to us (e.g. for advertising purposes), this is done on the basis of existing processing agreements.

IX. Requirements for the transfer of personal data to third countries

Im As part of our business relationships, your personal data may be transferred or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries (e.g. Switzerland). Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you of the specific details of the transfer at the relevant points. The European Commission certifies some third countries with so-called adequacy decisions, which provide a level of data protection comparable to that of the EEA standard (you can find a list of these countries and a copy of the adequacy decisions here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de). However, in other third countries to which personal data may be transferred, there may be no uniformly high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This can be done through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates, recognized codes of conduct, or self-certification under the EU-US Privacy Shield (information on this can be found here: https://www.privacyshield.gov/welcome ). However, we will only transfer your personal data to a location outside the EEA if:

• this transfer is made to a location where the European Commission believes that it provides adequate protection for your personal data;
• we have taken appropriate measures to protect your personal data (for example, if both parties involved in the transfer have agreed to standard data protection clauses recognized by the European Commission); or
• the above does not apply, but we can still proceed legally, for example, if the transfer is necessary for the establishment, exercise, or defense of legal claims.

We are happy to provide you with more detailed information upon request. Please contact our data protection officer (see Part A. Section IV.).

X. No automated decision-making (including profiling)

We do not intend to use personal data collected from you for any automated decision-making process (including profiling).

XI. No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are not generally under a legal or contractual obligation to provide us with your personal data; however, it may be that we can only provide certain offers to a limited extent or not at all if you do not provide the required data. If this should exceptionally be the case within the scope of the products or services offered by us and presented below, you will be notified separately.

XII. Legal obligation to transmit certain data

Under certain circumstances, we may be subject to a special legal or regulatory obligation to provide lawfully processed personal data to third parties, especially public authorities (cf. Art. 6 para. 1 let. c EU-GDPR).

XIII. Your rights

You can exercise your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided in Part A. Section IV. You have the right as a data subject to:

• request information about the data we process about you in accordance with Art. 15 EU-GDPR. In particular, you may request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and the existence of automated decision-making, including profiling, and meaningful information about its details;
• request without delay the rectification of inaccurate or incomplete data we have stored about you in accordance with Art. 16 EU-GDPR;
• request the erasure of your data stored by us in accordance with Art. 17 EU-GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• request the restriction of processing of your data in accordance with Art. 18 EU-GDPR, to the extent that the accuracy of the data is contested by you, the processing is unlawful or you have objected to the processing;
• receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller, in accordance with Art. 20 EU-GDPR (“data portability”);
• object to the processing of your data, if the processing is based on Art. 6 para. 1 let. e or let. f EU-GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If the objection does not concern direct marketing, we ask you to explain the reasons why we should not process your data as we have done. If you raise a justified objection, we will examine the situation and either terminate or adapt the data processing or show you our compelling legitimate grounds for continuing the processing;
• withdraw your consent – i.e. your voluntary, informed and unambiguous expression of will that you agree to the processing of your personal data for one or more specific purposes – which you have given to us at any time in accordance with Art. 7 para. 3 EU-GDPR, even before the EU-GDPR came into effect, i.e. before May 25, 2018. This will result in us no longer being allowed to continue the data processing based on this consent in the future; and lodge a complaint with a data protection supervisory authority regarding the processing of your personal data in our company, such as the supervisory authority responsible for us. The supervisory authority/data protection office responsible for us is the Data Protection Authority of the Principality of Liechtenstein. The contact details can be found at the following link: https://www.datenschutzstelle.li/impressum.

If you would like to request additional information or exercise your rights with respect to personal data, or if you are not satisfied with the way we handle your personal data, please feel free to contact us under info@ai-brainvisuals.com . Please provide us with as much information as possible to help us determine the information you are seeking and the nature of your complaint. Before we review your request, we may need to request additional information from you to confirm your identity. If you do not provide us with the requested information and we are therefore unable to identify you, we may be forced to reject your request Normally, we will respond to your request within one month of receiving it. However, in some cases, it may be necessary to extend this period by an additional two months, especially if the complexity or number of your requests requires it. For such inquiries and actions, we generally do not charge any fees, unless:

• information from you to confirm your identity. If you do not provide us with the requested information and we are therefore unable to identify you, we may be forced to reject your request; or
• you make obviously unfounded or excessive requests, especially in the case of frequent repetition. In these cases, we may either: (a) charge reasonable administrative costs or (b) refuse to process the request.

XIV. Changes to this Privacy Policy

As part of the ongoing development of data protection law and technological or organizational changes, our privacy policy will be regularly reviewed for any necessary adjustments or additions. You will be informed about any changes, in particular on our Website at https://metrade.io/de/corporate-texts/privacy-policy-1 to Privacy Policy. This Privacy Policy is valid as of September 2023.

B. Visiting the Website, App and social media presence

 I. Explanation of function

You can obtain information about our companies and the services we offer on our Website and App. When you visit our Website or App, personal data may be processed by us.

II. Personal data processed

When you use the Website or App for informational purposes, the following categories of personal data may be collected, stored, and processed by us:

1. “Log data“: When you visit our Website or App, a so-called log data record (so-called “server log files“) is temporarily and anonymized stored on our web server. This consists of:

• the page from which the page was requested (so-called “referrer URL”);
• the name and URL of the requested page;
• the date and time of the call;
• the description of the type, language, and version of the web browser used;
• the IP address of the requesting computer, which is shortened so that personal reference is no longer possible;
• the transmitted data volume;
• the operating system;
• the message whether the call was successful (access status/HTTP status code);
• the GMT time zone difference.

1. “Contact form data“: We collect the personal data that you provide to us when you fill out forms on our Website or App (e.g. gender, name and surname, address, company, email address, and the time of transmission). We may use this personal data to process your request and/or provide the services you have requested or to provide the desired information.

1. “Application data“: If you apply for a job opening with us, we ask you to contact us directly by email or to upload your application documents (resume and cover letter) so that we can assess your suitability for the position.

1. “Survey data“: Occasionally, we ask you if you would like to give us feedback on our services and/or events by participating in a survey. Participation is voluntary. We use the feedback from the surveys to evaluate our performance and optimize our service offering and/or events.

1. “Event data“: If you would like to participate in one of our events, you will be asked to fill out a registration form. The registration form contains information on how we handle your personal data in connection with the respective event.

1. Newsletter and publications: We will only send you publications or newsletters if you have given us your general consent or have expressed a particular interest in certain information. We also process your data to provide you with tailored and relevant advertising, current communications, and invitations. Subject to your consent, this also applies to data that provides information on how you access and use our emails.

 III. Purpose and legal basis of data processing

We process the personal data described above in accordance with the provisions of the EU-GDPR, other applicable data protection regulations, and only to the extent necessary. To the extent that the processing of personal data is based on Art. 6 para. 1 let. f EU-GDPR, the stated purposes also represent our legitimate interests. In the context of the processing of your personal data based on Art. 6 para. 1 let. f EU-GDPR, our legitimate interests may include the following purposes in particular:

• to communicate with you;
• to carry out business transactions;
• for record-keeping, statistical analysis, internal reporting and research purposes;
• to ensure network and information security;
• to inform you of changes to our services;
• to investigate a complaint from you;
• for evidentiary purposes in an existing or threatened legal dispute between you and us;
• to analyze user behavior on our Website or App;
• to customize various aspects of our Website or App to optimize the user experience;
• for hosting, maintenance, and other support of the operation of our Website or App;
• to detect and prevent fraud and other criminal activities
• for the purposes of risk management;
• for resuming or restarting operations in a crisis situation (e.g. creating backups);
• for storing documents;
• for database management;
• to protect the rights, property, and/or safety of AIB, its employees, and other individuals; and
• to ensure the quality of the services we provide to our customers.

We weigh the risks to your data protection rights when processing your personal data and ensure that the principle of proportionality is respected when processing your data on the basis of our legitimate interests under Art. 6 para. 1 let. f EU-GDPR. We have also taken measures to protect your rights through the provision of appropriate retention periods and security controls. If you would like to learn more about the legal basis on which we process your personal data for a specific purpose, you can contact us via E-Mail info@ai-brainvisuals.com . You may object to the processing of your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 let. f EU GDPR at any time by contacting us via E-Mail info@ai-brainvisuals.com . See also Part A. Section XIII. Furthermore, we may use your personal data for specific other purposes that are indicated at the respective points on our Website or App at the time of collection. The processing of log data serves statistical purposes and the improvement of the quality of our Website and App, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 let. f EU-GDPR). The processing of contact form data is carried out to process customer inquiries (legal basis is Art. 6 para. 1 let. b or let. f EU-GDPR). The processing of application data is carried out with your consent to participate in the corresponding application process (legal basis is Art. 6 para. 1 let. a EU-GDPR) and serves the processing of pre-contractual measures requested by you (legal basis is Art. 6 para. 1 let. b EU-GDPR). The processing of event data is carried out with your consent to participate in the corresponding event (legal basis is Art. 6 para. 1 let. a EU-GDPR) and serves our legitimate interest in organizing the corresponding event (legal basis is Art. 6 para. 1 let. f EU-GDPR). In other cases, we process your personal data when such processing is necessary for us to comply with our legal and supervisory obligations (legal basis is Art. 6 para. 1 let. c EU GDPR). If you choose not to provide us with the personal data we have requested, we may not be able to provide you with the requested information or services or otherwise fulfill the purpose for which we have requested the personal data. Your visit to our Website or App remains unaffected by this.

IV. Duration of data processing

Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the legal bases stated within the scope of the processing purposes apply accordingly. Regarding the use and storage period of cookies, please refer to Part A. Section VI. Third parties we use will store your data on their system for as long as is necessary in connection with the provision of services to us according to the respective order. For more information on storage periods, please refer to Part A. Section VI.

V. Transmission of personal data to third parties; legal basis

The following categories of recipients, who are usually processors (see Part A. Section IX.), may have access to your personal data:

• Service providers for the operation of our Website or App and the processing of data stored or transmitted through the systems (e.g. for data center services, payment processing, IT security). The legal basis for disclosure is then Art. 6 para. 1 let. b or let. f EU-GDPR, unless it is processors;
• Government agencies/authorities, if this is necessary to fulfill a legal obligation. The legal basis for disclosure is then Art. 6 para. 1 let. c EU- GDPR;
• Persons involved in the conduct of our business (e.g. auditors, banks, insurance companies, legal advisers, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for disclosure is then Art. 6 para. 1 let. b or let. f EU-GDPR.

For guarantees of an adequate level of data protection in the event of data transfer to third countries, see Part A. Section IX. In addition, we will only disclose your personal data to third parties if you have given explicit consent pursuant to Art. 6 para. 1 let. a EU-GDPR.

VI. Use of Cookies, Plugins, and other services on our Website and App

Cookies: We use cookies on our Website or App. Cookies are small text files that are assigned and stored on your hard drive by the browser you are using, using a characteristic string of characters, and through which certain information is transmitted to the entity that sets the cookie. Cookies cannot run programs or transfer viruses to your computer, and therefore cannot cause any harm. They are used to make the Internet offer more user-friendly and effective, and therefore more pleasant for you. Cookies can contain data that enables recognition of the device used. However, cookies may also contain only information about certain settings that are not personally identifiable. Cookies cannot directly identify a user. There is a distinction between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. In terms of their function, cookies can be further divided into:

• Technical Cookies: These are essential for navigating the Website or App, using basic functions, and ensuring the security of the Website or App; they do not collect any information about you for marketing purposes, nor do they store which websites you have visited;
• Performance Cookies: These collect information about how you use our Website or App, which pages you visit, and whether errors occur during the use of the Website or App; they do not collect any information that could identify you – all collected information is anonymous and is only used to improve our Website or App and find out what our users are interested in;
• Advertising Cookies, Targeting Cookies: These are used to offer Website or App users demand-oriented advertising on the Website or App or offers from third parties and to measure the effectiveness of these offers;
• Sharing Cookies: These are used to improve the interactivity of our Website or App with other services (e.g. social networks).

Any use of cookies that is not technically necessary requires your explicit and active consent in accordance with Art. 6 para. 1 let. a EU-GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we only disclose your personal data processed through cookies to third parties if you have given your explicit consent in accordance with Art. 6 para. 1 let. a EU-GDPR. If we do not provide you with explicit information on the storage period of persistent cookies (e.g. within the context of a so-called cookie opt-in), please assume that the storage period can be up to two years. On the following pages, you will find explanations on how to configure the processing of cookies in the most common browsers:

• Microsoft Windows Internet Explorer
• Microsoft Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome für Desktop
• Google Chrome für Mobile
• Apple Safari für Desktop
• Apple Safari für Mobile

Please note that disabling cookies may prevent you from using all the functions of our Website or App. Social Media Plugins: On our Website or App, we do not use any social media plugins. If our Website or App contains symbols of social media providers (e.g. Twitter, LinkedIn or Facebook), we only use them for passive linking to the respective provider’s pages, so that no direct connection is established between your browser and the server of the respective social network. The responsibility for data protection-compliant operation lies with the respective provider. On certain parts of our Website or App, we provide a button for “sharing” press releases with others via the social media providers Twitter, LinkedIn, or Facebook. We have designed the function for sharing content in such a way that no data is transmitted to the respective social media provider until you actively select it to share the message. With the selection, another window opens in which you complete the sharing process in the familiar environment of the social network. If you share content from our Website or App with your social media account, the respective social media provider may associate your visit to our Website or App with your user account. We would like to point out that as the operator of our Website or App, we do not have full knowledge of the content of the data transmitted or its use by the social network. Further information on this can be found in the privacy policies of the respective social media providers:

• Twitter, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin D02 AX07, Ireland: https://twitter.com/de/privacy
• LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy
• Telegram, Telegram UK Holdings Ltd (71-75 Shelton Street, Covent Garden, London, England, WC2H 9J: https://telegram.org/privacy
• WhatsApp, WhatsApp LLC. 1601 Willow Road Menlo Park, California 94025, United States of America: https://www.whatsapp.com/legal/privacy-policy
• Skype, Skype Communications SARL, 23-29 Rives de Clausen, L-2165 Luxembourg: https://privacy.microsoft.com/en-us/privacystatement
• Facebook, Meta/Facebook Headquarters, 1 Hacker Way Menlo Park, CA 94025, United States of America: https://www.facebook.com/privacy/policy/

Links to our social media accounts: On our Website or App, we have set up links to our social media presence on the following social networks:

• LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy
• Twitter, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin D02 AX07, Ireland: https://twitter.com/de/privacy
• Facebook, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland: https://www.facebook.com/privacy/policy/
• YouTube, Google Ireland Limited, mit Sitz in Gordon House, Barrow Street, Dublin 4, Irland: https://policies.google.com/privacy
• Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland: https://www.facebook.com/privacy/policy/

If you click on the corresponding icons of the social networks, you will automatically be redirected to our profile on the respective social network. In order to use the functions of the respective network there, you may need to log in to your user account for the respective network.   When you open a link to one of our social media profiles, a direct connection is established between your browser and the server of the social network in question. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged in to your account on the network concerned, the content of our site may be linked to your profile on the network, i.e., the network may link your visit to the Website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. In any case, an association takes place when you log in to the relevant network after clicking on the link. By clicking on one of these links, you thereby give your consent within the meaning of Art. 6 para. 1 lit. a GDPR to the resultant data processing.   Google Analytics: To design our Website or App in a needs-based manner, we create pseudonymous user profiles using Google Analytics. Google Analytics uses targeting cookies that can be stored on your device and read by us. In this way, we are able to recognize and count recurring visitors and to learn how often our Website or App have been accessed by different users. The data processing is based on Art. 6 para. 1 let. a EU-GDPR (consent). The information generated by the cookie about your use of our Website or App is usually transmitted to a Google server in the United States and stored there. However, we have activated IP anonymization on our Website or App, which means that your IP address is shortened by Google within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA (an adequate level of data protection pursuant to Art. 45 para. 1 EU-GDPR is ensured by Google’s participation in the EU-US Privacy Shield, see also Part  A. Section IX.). Further information on the purpose and scope of data collection can be found at https://policies.google.com/privacy?hl=en&gl=en. In addition, we have concluded a contract with Google LLC (USA) for order processing in accordance with Art. 28 EU-GDPR. Google will use the information exclusively for the purpose of analyzing the use of our Website or App and creating reports on website activity. Google uses cookies when you visit our Website or App, for the use of which you give your consent. You have the right to revoke your consent at any time. Please use one of the following options:

• you inform us that you want to revoke your consent;
• you can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this Website or App to their full extent;
• you can also prevent the collection of data generated by the cookie and related to your use of our Website or App (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: (https://tools.google.com/dlpage/gaoptout?hl=en).

Tidio chat widget: Our Website or App may containing the Tidio chat widget. If you start using the Tidio chat widget, your browser connects to Tidio. When you chat with us, your messages are sent to Tidio and then shared with us, and our responses are sent to Tidio and then shared with you. The data is processed to facilitate communication between you and our support team. By initiating a chat, you are consenting to the processing of your data by Tidio as described above. Additionally, the data collected through Tidio may be used for the following purposes:

• Communicating with you: We use the information to respond to your inquiries and provide the assistance you need;
• Improving Our Services: Analyzing chat interactions to enhance the effectiveness and quality of our customer support;
• Order Information: Using data to fulfill orders placed through our site, including processing payments, arranging shipping, and providing invoices or order confirmations;
• Risk and Fraud Screening: Utilizing device information, such as IP addresses, to help screen for potential risks and fraud;
• Marketing and Advertising: Providing you with information or advertising related to our products or services, aligned with your preferences;
• Site Optimization: Using device information to improve and optimize our site, generate analytics on how customers interact with the site, and assess the success of our marketing and advertising campaigns.

Your chat messages and interactions are stored by Tidio to ensure the functionality of the chat service. As Tidio is a third-party service provider based in the USA, your data may be transferred to and stored in the USA. For guarantees of an adequate level of data protection in the event of data transfer to third countries, see Part A. Section IX. According to Tidio’s privacy policy, they implement appropriate safeguards to ensure the security of your data. For more information on how Tidio handles the data it collects, see Tidio’s privacy policy. Please be aware that while Tidio processes your chat data, we do not have influence over Tidio’s data handling practices beyond what is described in their privacy policy. You are encouraged to review Tidio’s privacy practices to understand how your data is managed. Tidio ensures compliance with relevant data protection regulations, and their processing activities include necessary technical and organizational measures to protect personal data. The processing of your data via Tidio is based on your consent as per Art. 6 para. 1 let. a EU-GDPR and on the basis of our legitimate interests pursuant to Art. 6 para. 1 let. f EU GDPR.

C.  Contact by email

You have the option to contact us by email. You are solely responsible for the information and/or content you send us. We recommend that you do not transmit confidential data. Personal data is only collected by us if you voluntarily provide it to us. Therefore, you are solely responsible for the data you transmit to us. In order to answer your questions, we may ask you for additional information such as your address, telephone number, etc. We only collect personal data from you if it is necessary to answer your questions or provide the services you have requested. When processing your email request, our legitimate interest in data processing pursuant to Art. 6 para. 1 let. f EU-GDPR exists. You can object to this data processing at any time (see also Part A. Section XIII.).

D. Contractual relationship with us as service provider

In the context of a contractual relationship with us, in which we provide services to you, we process, among other things, the following personal data:

• your name and contact information (including name, address, telephone number or email address);
• information about the company you work for, your position or title;
• identification and background information that you provide to us or that we collect from you as part of the establishment of the contractual relationship;
• billing and payment information;
• information that you provide to us in the course of and for the purposes of providing services, or that we create as part of our services for you, including order-related communication;
• personal data of third parties required for the establishment of the contractual relationship or the provision of services. This includes, among others, your immediate and indirect shareholders, business and contractual partners as well as advisors, representatives of authorities in a regulatory procedure, as well as each of the employees and members of the mentioned persons and institutions;
• all other information related to you that you provide to us in connection with the contractual relationship.

We may also process special categories of personal data within the meaning of Art. 9 EU-GDPR (such as biometric data) and data concerning criminal convictions and offences within the meaning of Art. 10 EU-GDPR on a case-by-case basis. The information we collect and process about you results from your interaction with us and our performance of services for you. We may also obtain information about you from other sources such as authorities (e.g. in the context of file inspection and/or information requests) or publicly available sources (public registers, internet searches) to update your information. We process this information to communicate with you, to conduct anti-money laundering, conflict and reputation checks before establishing the contractual relationship, to offer you the desired services, to invoice for the services and to maintain the business relationship with you, including asserting, enforcing and defending legal claims. To the extent necessary for the provision of services, we may disclose personal data to the following recipients:

• you as the recipient of services or contractual party;
• authorities;
• other third parties. These include, among others, your immediate and indirect shareholders, business and contractual partners and advisors.

In individual cases, data may also be transferred to recipients in third countries outside the European Union or the European Economic Area for which the European Commission has not formally established the existence of an adequate level of data protection in accordance with Art. 46 EU-GDPR. Unless the transfer is necessary for the assertion, exercise or defense of legal claims (Art. 49 para. 1 let. e EU-GDPR) and no other transfer ground according to Art. 49 para.1 EU-GDPR exists, appropriate safeguards for the protection of personal data at the recipient are provided, regularly in the form of data processing agreements based on so-called standard data protection clauses in accordance with Art. 46 para. 2 let. c EU-GDPR. If you would like to know more, please contact us via E-Mail info@ai-brainvisuals.com . The legal basis for the processing of your personal data for the aforementioned purposes lies in pre-contractual measures and the performance of a contract within the meaning of Art. 6 para. 1 let. b EU-GDPR, in the fulfilment of legal obligations under Art. 6 para. 1 let. c EU-GDPR, and possibly in our legitimate interest in the targeted and efficient handling of the mandate relationship within the meaning of Art. 6 para. 1 let. f EU-GDPR.

E.  Contractual Relationship with us as business partner

As part of a contractual relationship with us in the context of cooperation as a service provider, supplier, and other business partners, we process, among other things, the following personal data:

• your name and contact information (including name, address, telephone number, or email address);
• information about the company you work for, your position, or your title;
• identification and background information that you provide to us or that we collect from you in the context of establishing the contractual relationship;
• invoice and payment information;
• Information that you provide to us in the context of and for the purposes of providing services to us or that you create in the course of providing services to us, including order-related communication;
• personal data of third parties that are required for establishing the contractual relationship or providing services by you. This includes, among others, your direct and indirect shareholders, business and contractual partners as well as consultants, representatives of authorities in a regulatory procedure, as well as each of the employees and members of the aforementioned persons and entities;
• any other information related to you that you provide to us in connection with the contractual relationship.

The information we collect and process about you results from your interaction with us and your provision of services to us. We may also obtain information about you from other sources such as authorities (e.g., as part of file inspection and/or information requests) or publicly accessible sources (public registers, internet research) to update your information. We process this information to communicate with you, to perform anti-money laundering, conflict, and reputation checks before establishing the contractual relationship, to be able to obtain the services we require, to pay invoices, and to maintain our business relationship with you, including asserting, enforcing, and defending legal claims. To the extent necessary for the provision of your services, we may disclose personal data to the following recipients:

The legal basis for processing your personal data for the aforementioned purposes lies in pre-contractual measures and the performance of a contract in accordance with Art. 6 para. 1 let. b EU-GDPR, as well as, if applicable, in our legitimate interest in the targeted and efficient use of your services in accordance with Art. 6 para. 1 let. f EU-GDPR.