Privacy Policy

1. Responsible Party

This privacy policy applies to the website https://www.permalux.com. The responsible party for the website is: P.E.R. Flucht- und Rettungsleitsysteme GmbH Am Hopfenbach 3, 22926 Ahrensburg

Tel: +49 4102 4667 - 0 Fax: +49 4102 4667 - 99 info@permalux.com

Thomas Da Ronch, Managing Director Lars Diestel, Managing Director Commercial Register Number: HRB 6449HL, Lübeck District Court VAT ID No.: DE164964309

2. Personal Data

You leave digital traces when you browse our websites. Some of these traces may allow conclusions to be drawn about you, even if this is neither practically possible nor intended for these websites. Below, we inform you what to expect regarding your personal data when you visit our websites. The general rule is: You can use these pages without us knowing or attempting to know your identity. The personal data (digital traces) that arise when you visit a website include not only data possibly entered into contact forms, such as name and address, but also IP addresses. An IP address is the number of a computer (or smartphone, tablet, etc.) that identifies the computer on the Internet. When transmitting web pages over the Internet, the IP address of the computer accessing the web page must be known. However, we do not know the identity of the respective user and do not attempt to find out.

3. General Data Processing

We generally only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data generally only occurs with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law. If we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing. The personal data of the data subject will be deleted or blocked as soon as the purpose for storage no longer applies. Storage may also occur if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of data will also occur if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data to conclude or fulfill a contract.

4. Log Files

When you visit our website www.permalux.com, your browser automatically sends information to our website provider in the background. This information is temporarily stored in a so-called log file.

• Information about your browser type
• Information about your operating system
• Information about your Internet service provider
• Your IP address
• Date and time of your visit to our site
• Information about the website from which your system accesses our website
• Information about the website your system accesses via our website.

Your IP address is generally not collected or stored in full by us. It is only collected/stored in an abbreviated and thus anonymized form. You can read the details of the collection and storage of data in log files here: https://hosting.1und1.de/terms-gtc/terms-privacy/

We need this data because:

• the smooth connection to the website must be guaranteed,
• system security and stability must be evaluated and monitored,
• various other administrative purposes must be carried out with it.

Legal basis: Art. 6 (1) (f) GDPR. Our legitimate interest within the meaning of the regulation follows from the purposes of data collection listed above.

The data stored in the log files is stored for a maximum of 9 weeks. Apart from that, we use so-called cookies and other services when you visit our website. You can find out more about this in the following paragraph of this privacy policy.

5. Cookies

We use cookies on our website. Some of them are technically necessary, while others help us optimize and operate our website economically, provide social media content, and measure the success of our campaigns. Cookies are small text files used by websites to make the user experience more efficient. By law, we can store cookies on your device if they are absolutely necessary for the operation of this site. For all other types of cookies, we require your permission. This site uses different types of cookies. Some cookies are placed by third parties who appear on our pages. This also includes, for a limited period, your consent in accordance with Art. 49 (1) (a) GDPR to data processing outside the EEA, e.g., in the USA. In these countries, despite careful selection and commitment of service providers, the high European level of data protection cannot necessarily be guaranteed. If data is transferred to the USA, there is a risk, for example, that this data could be processed by US authorities for control and monitoring purposes without effective legal remedies being available or all data subject rights being enforceable. You can change or revoke your consent at any time from the cookie declaration on our website: Open cookie settings. There you will also find an overview of all the cookies we use.

6. Page Functions

6.1. Google reCAPTCHA

We use Google reCAPTCHA (hereinafter reCAPTCHA) on this website. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland. Data may also be transmitted to: Google LLC, USA. For the visual design of the Captcha window, the provider uses Google Fonts, i.e. fonts downloaded from the Internet by Google. No further information other than that mentioned above, which is already transmitted to Google via the ReCAPTCHA functionality, is processed in this process.

reCAPTCHA is intended to verify whether the data entered on this website (e.g., in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, length of time the website visitor spends on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG.

You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there: Open cookie settings.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.

Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

7. Web analysis services

We use various tools described below to collect and analyze data about the use of our website by website visitors. This allows us to determine, among other things, when and which page views were made and from which region they originate. For this purpose, various log files (e.g., IP address, referrer, browsers used, and operating systems) are recorded and actions of our website visitors are measured (e.g., clicks, purchases, etc.). With the tools we use, the IP address is anonymized before storage. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you. The use of these analysis tools is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If consent has been requested (e.g., consent to the storage of cookies), processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR.

You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there: Open cookie settings.

7.1. Google Services

We use various services from Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland, on our website. These services enable us to analyze the use of our website and to tailor our advertising offers to our customers as best as possible.

We have concluded a data processing agreement with Google.

All IP addresses transmitted to Google are anonymized.

As part of data processing by Google, data is transferred to Google's servers in the USA.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

7.1.1. Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

7.1.2. Google Tag Manager

We use Google Tag Manager, which allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, stores cookies, or perform independent analyses. It is used solely to manage and display the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR.

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there: Open cookie settings.

Further legal information regarding Google Tag Manager can be found at https://business.safety.google/intl/de/privacy and https://policies.google.com/privacy?hl=de&gl=de.

7.1.3. Google Analytics

This website uses functions of the web analysis service Google Analytics.

Google Analytics enables us to analyze the behavior of visitors to our website (page views, length of stay, operating systems used, and user origin). Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The IP address transmitted and shortened by Google Analytics from your browser will not be merged with other Google data.

Furthermore, Google Analytics allows us to, among other things, Record your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data sets and uses machine learning technologies for data analysis.

Google Analytics 4 uses the special demographic characteristics function and can use them to create statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing advertisements and information from third parties. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

The information is transferred to Google servers and processed there. This also includes transfers to Google LLC, based in the USA.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR.

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there: Open cookie settings.

Further legal information on Google Analytics can be found at https://business.safety.google/intl/de/privacy and https://policies.google.com/privacy?hl=de&gl=de.

7.1.4. Google Ads

This website uses the Google Ads online advertising program. Within Google Ads, we use both conversion tracking and remarketing features.

Google Ads Conversion Tracking

Conversion tracking allows us to track how many users reach our website via a Google ad and what actions they perform there.

When you click on an ad placed by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie is still valid, Google Ads recognizes that the user clicked on the ad and was redirected to that page.

The information collected using the conversion cookie is used to compile conversion statistics. Google Ads records the total number of users who clicked on an ad and were redirected to a page with a conversion tag. The information collected does not allow personal identification of users.

Google Ads Remarketing and Personalized Ads

This website also uses Google Ads Remarketing to display interest-based advertising to website visitors on other websites within the Google advertising network. To do this, Google analyzes user behavior on our website, e.g., which offers the user was interested in, in order to display targeted advertising to the user on other sites even after visiting our site. This is done via cookies, which record and anonymously evaluate the behavior of website visitors. No personal data is stored.

By using Google Ads with personalized ads, we can display ads that are better tailored to the interests of users. For this purpose, Google uses information about your previous website visits and demographic characteristics that you have stored in your Google account (if you have consented to personalization).

The use of Google Ads is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there: Open cookie settings.

Further legal information regarding Google Ads and Google Conversion Tracking can be found at https://business.safety.google/intl/de/privacy and https://policies.google.com/privacy?hl=de&gl=de.

If you would like to deactivate personalized advertising, you can do so via the following link: https://adssettings.google.com/authenticated

8. Video Surveillance

Parts of our premises are video-surveilled to enforce our house rules, protect property, prevent and investigate criminal offenses, and secure evidence in the event of criminal offenses. The legal basis for this is Art. 6 (1) (f) GDPR, with our interests arising from the aforementioned purposes. The data is generally deleted within 48 hours, at the latest until it is no longer required to achieve the aforementioned purpose.

9. Contact

When you contact us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen in the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for the contact and the associated technical administration.

The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. If you contacted us via a contact form on our website, you have given us permission to process your data to process your request (Art. 6 (1) (a) GDPR).

Your data will be deleted after your request has been processed. This will be the case if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

10. Applications

In the event of an application, the data voluntarily submitted to us by the applicant will be processed for the purpose of conducting and processing the application process. The only recipients of the data are the persons involved in the application process with us. The legal basis for data processing is Art. 6 (1) (b) GDPR.

If an application is rejected, the storage period is 6 months beyond the completion of the application process. This storage period results from the possible assertion of claims under the General Equal Treatment Act (AGG). The legal basis for data processing is Art. 6 (1) (f) GDPR.

11. Disclosure of data

We generally do not disclose the data we receive when you visit our website to third parties.

An exception to this principle and disclosure of your data may occur if:

• You have given us your express consent to do so (Art. 6 (1) (a) GDPR),
• Disclosure is necessary for us because we wish to assert legal claims and we have no reason to assume that you have an overriding legitimate interest in not disclosing your data (Art. 6 (1) (f) GDPR).
• We must disclose your data because we are legally obliged to do so (Art. 6 (1) (c) GDPR).

12. Your rights regarding your data

According to Art. 15 GDPR, you can request information about the data we process.

In addition, if we have incorrect or incomplete data about you, you can request that this data be corrected (Art. 16 GDPR). You can also request that your data be deleted (Art. 17 GDPR). However, there may be cases in which we are not permitted or required to delete your data despite your request. If you request that we delete this data, we will check whether such reasons exist. If not, we will delete your data. In certain cases, the alternative to deleting your data is to restrict the processing of your personal data (Art. 18 GDPR). Here, too, please let us know how you wish to proceed, and we will review the legal requirements and find a solution that balances your interests with ours.

If you believe that we are not complying with the data protection regulations for processing your data on these websites, you can contact the Independent State Center for Data Protection in Kiel. You can find the contact details here: https://www.datenschutzzentrum.de/

13. Right of Objection

We have mentioned our legitimate interests several times in this privacy policy, which allow us to process your data on these websites. If we process your data on the basis of our legitimate interest, you can object to this data processing (Article 21 GDPR). However, you must state reasons related to your particular situation to object, as required by the aforementioned provision.

If you wish to exercise your right of objection, simply send an email to datenschutz@permalux.com. We will then review your request and get back to you with the outcome.

14. Data Protection Officer

We have appointed a data protection officer who supports and advises us on compliance with data protection requirements. You can reach him by email at the following address: datenschutz@permalux.com

15. Data Security

Our websites are SSL encrypted, meaning the connection between your device and our web server is protected. Third parties cannot view any entries you make on these pages. You can tell whether an individual page of our website is being transmitted encrypted by the closed key or lock symbol in the lower status bar of your browser.

16. Social Media Offerings

of P.E.R. Flucht- und Rettungsleitsysteme GmbH P.E.R. Flucht- und Rettungsleitsysteme GmbH offers online offerings on various social media platforms to provide information and, in particular, to enable contact with customers and interested parties. Below you will find the imprint, a netiquette policy, and a privacy policy for our social media offerings.

16.1. A. Legal Notice

This is the legal notice for the following social media platforms we operate: LinkedIn https://www.linkedin.com/company/p-e-r-flucht-und-rettungsleitsysteme-gmbh/ Xing https://www.xing.com/pages/p-e-r-flucht-undrettungsleitsystemegmbh Kununu https://www.kununu.com/de/per-flucht-und-rettungsleitsysteme Youtube https://www.youtube.com/channel/UCmB9T8cfWctiYTNfXZXoJlw Instagram https://www.instagram.com/permalux_gmbh/

P.E.R. Escape and Rescue Guidance Systems GmbH Am Hopfenbach 3 22926 Ahrensburg

Tel: +49 (0) 4102 4667-0 Fax: +49 (0) 4102 4667-99 info@permalux.com

Thomas Da Ronch, Managing Director Lars Diestel, Managing Director Commercial Register No.: HRB 6449HL, Lübeck District Court VAT No.: DE164964309

Responsible for content according to Section 55 (2) of the German Interstate Broadcasting Agreement (RStV): Lars Diestel P.E.R. Escape and Rescue Guidance Systems GmbH Am Hopfenbach 3 22926 Ahrensburg

16.2. B. Netiquette

The following netiquette applies to our social media offerings, which all users are expressly requested to adhere to.

• Please refrain from insults, defamation, slander, or provocations, as well as comments containing vulgar, violent, discriminatory, racist, sexist, hateful, or illegal statements or content.
• Mentions and comments should be factually related to the topic of the respective post. Please refer to the content being discussed in your posts.
• Please be careful about which personal data you publish in your posts. This information is freely accessible! You may not publish personal or personally identifiable data of third parties. To protect the personal rights of those affected, such posts may be deleted.
• Please respect copyright laws in your posts. For third-party content, the rights to this content must be released. Please also mark quotes as such and cite the source. To ensure the relevance of your post, it is also helpful to identify quotes as supplements to your own statements.
• Please also ensure that you adhere to the above rules when linking. We reserve the right to remove posts with links if their content violates the above rules.
• All posts are reviewed for compliance with the above rules. In the event of violations, the Holisticon AG social media team will delete them if necessary. The terms of use of the respective social media service provider also apply.

16.3. C. Privacy Policy

Below you will find the privacy policy of the social media services we operate: Here we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Responsible Party P.E.R. Flucht- und Rettungsleitsysteme GmbH operates the following social media offerings: https://www.linkedin.com/company/p-e-r-flucht-und-rettungsleitsysteme-gmbh/ https://www.xing.com/pages/p-e-r-flucht-undrettungsleitsystemegmbh https://www.kununu.com/de/per-flucht-und-rettungsleitsysteme https://www.youtube.com/channel/UCmB9T8cfWctiYTNfXZXoJlw https://www.instagram.com/permalux_gmbh/

You can find our contact details in our legal notice.

In addition to P.E.R. Flucht- und Rettungsleitsysteme GmbH, the service provider of the social media platform is always listed; without them, the social media offering would not be possible in its respective form. The platform provider is therefore also another controller who carries out data processing, over which we have only limited influence. Where we can influence and parameterize data processing, we work to ensure that the social media platform's service provider complies with data protection regulations within the scope of the options available to us. However, in many cases, we cannot influence the social media platform's data processing and have no knowledge of exactly which data they process.

Processing of your data by P.E.R. Flucht- und Rettungsleitsysteme GmbH The data you upload to our social media offerings—such as comments, videos, images, likes, public messages, etc.—will be published by the social media platform's service provider and will never be used or processed by us for any other purpose. We only reserve the right to delete content if necessary. In some cases, we share your content on our offerings if this is a function of the respective social media platform and communicate with you via the social media platform. The legal basis for the processing of your personal data is Art. 6 (1) (f) GDPR. The data processing is carried out in the interest of our public relations and communication. Furthermore, you may have also given the platform operator your consent to data processing; in this case, Art. 6 (1) (a) GDPR is the legal basis.

If you wish to object to a specific data processing activity over which we have influence, please contact us using the contact details provided in the imprint. We will then review your objection immediately. If you send us an inquiry via the social media platform, we may refer you to other, more secure communication channels, depending on the response required. Please note that you always have the option of sending us confidential inquiries to the address provided in the imprint. It is very important to us, whenever the respective service provider of the social media platform gives us the opportunity to do so, to make our social media offerings as compliant as possible with data protection regulations. Therefore, we do not use demographic, interest-based, behavior-based, or location-based target group definitions for advertising that the respective provider of the social media platform may provide us with.

To the extent that the respective platform provides us with statistics, we can only influence them to a limited extent and cannot always deactivate them. However, it is very important to us that no additional optional statistics are made available to us.

Data processing by the service provider of the social media platform The operator of the social media platform uses web tracking methods. Web tracking can occur regardless of whether a user is logged in or even registered with the respective social media platform. As already explained, Holisticon AG has only very limited influence on the web tracking methods of the social media platforms. Holisticon AG is often unable to deactivate them.

Please therefore note: It cannot be ruled out that the service provider of the social media platform may use your personal data, for example, to evaluate your habits, personal relationships, preferences, etc. We therefore generally have no influence on the processing of your data by the provider of the social media platform. Further information on data processing by the social media platform's service provider and other options for objection can be found in the privacy policy of the respective provider: LinkedIn https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy Xing and Kununu https://www.xing.com/privacy Youtube https://policies.google.com/privacy?hl=de Instagram https://privacycenter.instagram.com/policy

Your rights as a user When your personal data is processed, the GDPR generally grants you the following rights as a user:

1. Right to information - Art. 15 GDPR: You have the right to request confirmation as to whether personal data concerning you is being processed; If this is the case, you have the right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
2. Right to rectification and erasure - Art. 16, 17 GDPR: You have the right to immediately request the rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data. You also have the right to request that personal data concerning you be immediately erased if one of the reasons listed in detail in Art. 17 GDPR applies, for example, if the data is no longer required for the purposes pursued.
3. Right to restriction of processing - Art. 18 GDPR: You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, for example, if you have objected to processing, for the duration of any review.
4. Right to data portability - Art. 20 GDPR: In certain cases, which are detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common, and machine-readable format or to request that this data be transmitted to a third party.
5. Right to object - Art. 21 GDPR: If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing to protect legitimate interests), you have the right to object to processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.
6. Right to lodge a complaint with a supervisory authority: Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. This right of complaint can be asserted, in particular, with a supervisory authority in the Member State of your residence, place of work, or place of the alleged violation.

Contact details of our data protection officer Our data protection officer is available to answer any data protection-related concerns: P.E.R. Flucht- und Rettungsleitsysteme GmbH Data Protection Officer Am Hopfenbach 3 22926 Ahrensburg Email: datenschutz@permalux.com