Data Protection

1. GENERAL DATA PROTECTION INFORMATION

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can personally identify you. Detailed information on data protection can be found in our privacy policy listed below this text.

Who is responsible for data collection on this website? Data processing on this website is carried out by the website operator. You can find the operator's contact details in the section "Notice on the responsible party" in this privacy policy.

How do we collect your data? Your data is collected firstly by you providing it to us. This could be data you enter in a contact form, for example. Other data is automatically collected by our IT systems when you visit the website, either with your consent or automatically. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for? Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data? You have the right to obtain information about the origin, recipient, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can withdraw this consent at any time for the future. Additionally, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time with any questions on the subject of data protection.

Hosting We host the content of our website with the following provider:
All-Inkl The provider is ALL-INKL.COM - Neue Medien Münnich, Owner Rene Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as All-Inkl). Details can be found in All-Inkl's privacy policy: https://all-inkl.com/datenschutzinformationen/ The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable possible presentation of our website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) as defined by TTDSG. Consent can be revoked at any time.

Data Processing Agreement We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

General Information and Mandatory Disclosures The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens. We point out that data transmission over the Internet (e.g., communication by email) may have security gaps. A complete protection of the data from access by third parties is not possible.

Notice on the responsible party The responsible party for data processing on this website is:
Rados Recruiting GmbH
Prinzregentenstr. 54
80538 Munich
Phone: +49 89 1250 9538-0
Email: contact@rados-recruiting.com

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, provided we have no other legally permissible grounds for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will occur after these grounds cease to apply.

General information on the legal basis for data processing on this website If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to the access to information on your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25(1) TTDSG. The consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing can also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The respective legal basis relevant in each case is informed about in the following paragraphs of this privacy policy.

Recipients of personal data In the course of our business activities, we work with various external parties. This may require the transfer of personal data to these external parties. We only share personal data with external parties if it is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer according to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using processors, we only transfer personal data of our customers based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR) IF THE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH A PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

‍Right to data portability You have the right to have data that we process based on your consent or in performance of a contract automatically transferred to yourself or a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Access, rectification, and deletion Within the scope of the applicable legal provisions, you have the right to free information at any time about your stored personal data, its origin and recipient, and the purpose of data processing, and, if applicable, a right to rectification or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases: • If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data. • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion. • If we no longer need your personal data, but you need it to establish, exercise, or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion. • If you have lodged an objection under Art. 21(1) GDPR, a balance must be struck between your and our interests. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

SSL or TLS encryption For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies Our websites use so-called "cookies." Cookies are small data packages and do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain on your device until you delete them yourself or they are automatically deleted by your web browser. Cookies can come from us (first-party cookies) or from third-party companies (so-called third- party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services). Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes. Cookies that are necessary to carry out the electronic communication process, to provide certain functions you have requested (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web audiences) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time. You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. You can find out which cookies and services are used on this website in this privacy policy.

Plugins and Tools

Google Fonts (local hosting) This site uses so-called Google Fonts for the uniform representation of fonts, which are provided by Google. The Google Fonts are installed locally. No connection to Google servers takes place in this process. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq?hl=en and in Google's privacy policy at https://policies.google.com/privacy?hl=en.

2. DATA PROCESSING IN CONNECTION WITH SOCIAL MEDIA PRESENCES AND ONLINE MARKETING

We operate so-called fan pages, accounts, or channels on the networks mentioned below to provide you with information and offers and to offer you additional ways to contact us and learn about our offers. The following explains which data we and the respective social network process from you in connection with the access and use of our fan pages/accounts.

Data we process from you When you contact us via Messenger or Direct Message through the respective social network, we typically process your username through which you contact us and may store any other data you provide to the extent necessary to process/respond to your request. The legal basis is Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Static) Usage Data that we receive from the social networks We receive statistics automatically provided by the insights functionalities concerning our accounts. These statistics include the total number of page views, likes, page activities, post interactions, reach, video views, and information on the gender ratio of our fans/followers. The statistics only contain aggregated data that cannot be attributed to any individual person. We cannot identify you through this data. We only use the statistical information provided to address the interests of our users, to continuously improve our online presence, and to ensure its quality.

What data social networks process from you You do not need to be a member of the respective social network and do not need a user account for the respective social network to view the content of our fan pages/accounts. However, please note that social networks collect and store data from website visitors without a user account (e.g., technical data to display the website) and use cookies and similar technologies over which we have no control. For details, please refer to the respective social network's privacy policy (see the respective links above). If you wish to interact with the content on our fan pages/accounts, such as comment, share, or like our posts/contributions, and/or contact us via messenger functions, you must first register with the respective social network and provide personal data. We have no influence over the data processing by the social networks in the context of your usage. As far as we know, your data is stored and processed by the social networks particularly in connection with the provision of the services of the respective social network and also to analyze user behavior (using cookies, pixels/web beacons, and similar technologies) to deliver interest-based advertising both within and outside the respective social network. It cannot be ruled out that your data may also be stored and transferred to third parties outside the EU/EEA by the social networks. Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to have full access to your data. Therefore, only the provider can directly take appropriate measures to fulfill your user rights (access requests, deletion requests, objections, etc.). The assertion of such rights is therefore most effectively directed directly at the respective provider.

Purpose and legal basis We only collect your data through our profile to enable possible communication and interaction with you. This collection generally includes your name, message content, comment content, and the publicly available profile information you provide. The processing of your personal data for the purposes mentioned above is based on our legitimate economic and communicative interest in providing an information and communication channel under Art. 6(1)(f) GDPR. If you, as a user, have given your consent to the data processing to the respective social network provider, the legal basis for the processing is Art. 6(1)(a), Art. 7 GDPR.

LinkedIn

LinkedIn is a social network operated by LinkedIn Inc., headquartered in Sunnyvale, California, USA, which allows the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts within the social network and establish new connections. Companies and other organizations can create profiles on which photos and other company information can be uploaded to present themselves as employers and recruit employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange about topics of interest with people who share the same professional interests. When using or visiting the network, LinkedIn automatically collects data from users or visitors, such as username, job title, and IP address, during use or visit. This is done using various tracking technologies. LinkedIn provides users with information, offers, and recommendations based on the data collected. We are jointly responsible with LinkedIn for the personal content of our company profile. Affected rights can be asserted against both LinkedIn Inc. and us. We do not make any decisions regarding the data collected on the LinkedIn page through tracking technologies. If you wish to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For more information about LinkedIn, please visit:
https://about.linkedin.com.
For more information on LinkedIn's privacy policy, please visit:
https://www.linkedin.com/legal/privacy-policy.
For more information on the storage duration/deletion and guidelines on the use of cookies and similar technologies as part of registration and use on LinkedIn, please visit:
https://www.linkedin.com/legal/cookie-policy.
Data transfer to the USA is based on the EU Commission's standard contractual clauses.
Details can be found at:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.

XING

XING is a social network operated by New Work SE, based in Hamburg, Germany, which allows the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts within the social network and establish new connections. Companies and other organizations can create profiles on which photos and other company information can be uploaded to present themselves as employers and recruit employees. Other XING users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange about topics of interest with people who share the same professional interests. When using or visiting the network, XING or third parties automatically collect data from users or visitors, such as username, job title, and IP address, during use or visit. This is done using various tracking technologies. XING provides users with information, offers, and recommendations based on the data collected. We are jointly responsible with XING for the personal content of our company profile. Affected rights can be asserted against both New Work SE and us. We do not make any decisions regarding the data collected on the XING page through tracking technologies. For more information about XING, please visit: https://corporate.xing.com/en/company. For more information on XING's privacy policy, please visit: https://privacy.xing.com/en/privacy-policy.

Calendly

Nature and scope of processing We use Calendly by Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309, United States, to enable easy appointment booking in our online offering. By using Calendly, data you enter into the appointment booking form is transmitted to Calendly, LLC. Please note that you are in no way obligated to use Calendly to schedule an appointment with us. If you wish to prevent data transmission to Calendly, LLC, you can use other contact options.

Purpose and legal basis The use of Calendly is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG.

Storage duration The specific storage duration of the processed data is not under our control but is determined by Calendly, LLC. For more information, please refer to the Calendly privacy policy: https://calendly.com/pages/privacy.

Google Analytics

Nature and scope of processing We use Google Analytics by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analytics service for statistical analysis of our online offering. This includes, for example, the number of visits to our online offering, the pages visited, and the time spent by visitors. Google Analytics uses cookies and other browser technologies to analyze user behavior and recognize users. This information is used, among other things, to compile reports on website activity.

Google DoubleClick

Nature and scope of processing We have integrated components of Google DoubleClick on our website. DoubleClick is a brand of Google, which primarily markets special online marketing solutions to advertising agencies and publishers. DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these data transmissions triggers a cookie request to the user's browser. If the browser accepts this request, DoubleClick sets a cookie in your browser. DoubleClick uses a cookie ID that is necessary for the technical process. The cookie ID is used, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser to avoid duplications. Furthermore, DoubleClick can use the cookie ID to track conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser's website using the same internet browser. A DoubleClick cookie does not contain any personal data but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google becomes aware of data that also serves to create commission statements. Google can trace, among other things, that you have clicked on certain links on our website. In this case, your data is passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

Purpose and legal basis We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertisements based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. The cookie is used, among other things, to serve and display user-relevant advertising and to create or improve reports on advertising campaigns. The cookie also serves to prevent the multiple display of the same advertisement. Each time one of the individual pages of our website on which a DoubleClick component is integrated is called up, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available. We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA is based on Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur- lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent under Art. 49(1)(a) GDPR before such third-country transfers, which you give through the consent manager (or other forms, registrations, etc.). We would like to point out that unknown risks (e.g., data processing by third-country security authorities, the exact extent of which and its consequences for you we do not know, over which we have no control, and of which you may not be aware) may exist for third-country transfers.

Storage duration The specific storage duration of the processed data is not under our control but is determined by Google Ireland Limited. For more information, please refer to the Google DoubleClick privacy policy: https://policies.google.com/privacy.

Google Tag Manager

Nature and scope of processing We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and allows us to control the precise integration of services on our website. This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis The use of Google Tag Manager is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA is based on Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal- content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent under Art. 49(1)(a) GDPR before such third-country transfers, which you give through the consent manager (or other forms, registrations, etc.). We would like to point out that unknown risks (e.g., data processing by third-country security authorities, the exact extent of which and its consequences for you we do not know, over which we have no control, and of which you may not be aware) may exist for third-country transfers.

Storage duration The specific storage duration of the processed data is not under our control but is determined by Google Ireland Limited. For more information, please refer to the Google Tag Manager privacy policy: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

LinkedIn

Ads Nature and scope of processing We have integrated LinkedIn Ads on our website. LinkedIn Ads is a service of LinkedIn Corporation that displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to analyze user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. LinkedIn Ads also delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers, such as your user agent, are transmitted to the provider. In this case, your data is transferred to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, USA. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be merged with you as a natural person but serve, for example, to segment ads.

Purpose and legal basis The use of LinkedIn Ads is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA is based on Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal- content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent under Art. 49(1)(a) GDPR before such third-country transfers, which you give through the consent manager (or other forms, registrations, etc.). We would like to point out that unknown risks (e.g., data processing by third-country security authorities, the exact extent of which and its consequences for you we do not know, over which we have no control, and of which you may not be aware) may exist for third-country transfers.

Storage duration The specific storage duration of the processed data is not under our control but is determined by LinkedIn Corporation. For more information, please refer to the LinkedIn Ads privacy policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn Insight Tag

Nature and scope of processing We use LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, USA, to create target groups, segment visitor groups of our online offering, determine conversion rates, and optimize them accordingly. This is particularly the case when you interact with advertisements we have placed with LinkedIn Corporation. LinkedIn Corporation offers retargeting for website visitors to display targeted advertising outside our website. LinkedIn Insight Tag collects data on visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. This data is used to create anonymized reports on website audience and ad performance.

Purpose and legal basis The use of LinkedIn Insight Tag is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA is based on Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal- content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, we obtain your consent under Art. 49(1)(a) GDPR before such third-country transfers, which you give through the consent manager (or other forms, registrations, etc.). We would like to point out that unknown risks (e.g., data processing by third-country security authorities, the exact extent of which and its consequences for you we do not know, over which we have no control, and of which you may not be aware) may exist for third-country transfers.

Storage duration The specific storage duration of the processed data is not under our control but is determined by LinkedIn Corporation. For more information, please refer to the LinkedIn Insight Tag privacy policy: https://www.linkedin.com/legal/privacy-policy.

3. DATA PROTECTION IN THE CONTEXT OF OUR RECRUITMENT ACTIVITIES
‍
With the following information, we would like to provide you with an overview of the processing of your personal and business-related data by us and your rights under data protection law. The specific data we process and how it is used primarily depends on the services commissioned or agreed upon. The following data protection information applies in particular to customers, applicants, interested parties, cooperation partners, and authorized representatives/agents.

Who is responsible for data processing, and whom can I contact? The responsible party within the meaning of data protection law is:
Rados Recruiting GmbH
Prinzregentenstr. 54
80538 Munich
Phone: +49 89 1250 9538-0
Email: contact@rados-recruiting.com

What sources and data do we use? We process personal data that we receive from our applicants and interested parties in the course of our business relationship. This can be based on the following activities: Upon contact, you have the opportunity to register on our website by providing personal data. The data and your application documents are entered into an input mask and transmitted to us and stored. The following data is collected during the registration process: • The user's IP address • Date and time of registration • Personal data (first name, last name, information on current company and position, private email, phone number, location) • Current career data and information (examples: academic degree, field of study, previous employers, position segment, leadership experience, target salary range, etc.) • Data for career preferences (career goals, ideal new positions, desired target salary, etc.) • Attachments provided (uploaded) and made available by you (resume, qualifications, project lists, references, etc.) For applicant consulting and placement services, we process the following data: • Personal data (salutation, name, contact details, email, salary expectation, motivation for change, interest in change, notice period, experiences, skills, etc.) • Contact and communication data (email communication, phone notes, records of briefings and calls) • Application documents, especially resume, qualifications, and references, if provided. • Links to social network accounts of the applicant (XING, LinkedIn, etc.) • Assignments to any customer processes (introductions, customer feedback, etc.) • For conducting online meetings via Microsoft Teams: • User information: e.g., display name, email address (if applicable), • Profile picture (optional), preferred language • Meeting metadata: e.g., date, time, meeting ID, phone numbers, location • Text, audio, and video data: You may have the option to use the chat function in an "online meeting." Any text input you make is processed to display it in the "online meeting." To display video and play audio, data from the microphone and, if applicable, the camera of your device is processed during the meeting. You can turn off the camera or mute the microphone at any time via the "Microsoft Teams" application. • In addition, we process - to the extent necessary for the provision of our services - personal data that we obtain lawfully from publicly accessible sources (Xing, LinkedIn, press, internet) and that is lawfully transmitted to us by other companies or other third parties. • Furthermore, we collect personal data of our customers during the recording of master data, in the course of an assignment or a placement. This can include personal details (last name, address, phone, email, and other contact details). In addition, this can include offers, data from fulfilling our contractual obligations, advertising and sales data, and invoices.

For what purposes do we process your data (purpose of processing), and on what legal basis? We process personal/company-related data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG): • To fulfill contractual obligations (Art. 6(1)(b) GDPR): The processing of data is carried out for the provision of services within the framework of the performance of our services with our applicants and customers or for the implementation of pre-contractual measures, which are carried out at the request (e.g., of interested parties). The purposes of data processing are primarily based on the specific consulting and placement services and can include, among other things, the creation of anonymized candidate profiles, needs analyses, consulting, and the fulfillment of contractual obligations. The further details on the purposes of data processing can also be found in the relevant terms and conditions. • Within the framework of the balancing of interests (Art. 6(1)(f) GDPR): Where necessary, we process your data beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties. Examples: Effective conduct of "online meetings" via Teams, contacting you with interesting job offers, provided you have not objected to the use of your data. This also includes the assertion of legal claims and defense in legal disputes, as well as ensuring the data security of our company to prevent and investigate criminal offenses. • Based on your consent (Art. 6(1)(a) GDPR): If you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed up to the revocation. • Due to legal obligations (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR): In addition, we, as a company, are subject to various legal obligations, i.e., statutory requirements as well as commercial and tax law obligations. The purposes of the processing include, among other things, identity and age verification, fraud and money laundering prevention, and compliance with tax law obligations.

Who will receive my data? Within our company, those departments and employees who need access to your data to fulfill our contractual and legal obligations receive access. Service providers and agents we use may also receive data for this purpose if they maintain the necessary confidentiality. Personal data processed in connection with participation in "online meetings" is generally not disclosed to third parties unless it is intended for disclosure. Please note that content from "online meetings," just as in face-to-face meetings, often serves to communicate information and is therefore intended for disclosure. Regarding the disclosure of data to recipients outside our company, it should first be noted that we, as a company, are committed to confidentiality concerning all customer-related facts and assessments of which we become aware. We may only disclose information about you if legal provisions require this, you have consented, or we are legally obliged to provide information.

Are data transferred to a third country or an international organization? Data processing outside the European Union (EU) generally does not take place, as we limit our storage location to data centers within the European Union. However, we cannot rule out the routing of data, particularly for emails and "online meetings," over internet servers located outside the EU. This may occur if recipients/participants are located in a third country. However, the data is encrypted during transmission over the Internet and thus protected against unauthorized access by third parties. A data transfer to entities in countries outside the European Economic Area (so-called third countries) takes place if it is necessary for the performance of the contract, it is legally required, or you have given us your consent. Furthermore, we do not transfer personal data to entities in third countries or international organizations.

How long will my data be stored? We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship can store your data for an extended period if you have given us your consent. If the data is no longer required to fulfill contractual or legal obligations, it will be regularly deleted unless further processing is necessary for the following purposes: Fulfillment of commercial and tax retention obligations: these include the Commercial Code (HGB), the Fiscal Code (AO), the Money Laundering Act (GwG). The periods for retention and documentation specified there are between two and ten years. Preservation of evidence within the framework of the statutory limitation periods. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

What are my data protection rights? Every data subject has • the right to information under Art. 15 GDPR, • the right to rectification under Art. 16 GDPR, • the right to deletion under Art. 17 GDPR, • the right to restriction of processing under Art. 18 GDPR, • the right to object under Art. 21 GDPR, and • the right to data portability under Art. 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right to erasure. In addition, there is a right to lodge a complaint with a supervisory authority under Art. 77 GDPR in conjunction with § 19 BDSG. A consent given for processing personal data can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

Do I have an obligation to provide data? In the context of our business relationship or its initiation, you must provide those personal data necessary for establishing and carrying out a consulting or placement service and fulfilling the associated contractual obligations. Without this data, we will generally not be able to provide our services.

To what extent is there automated decision-making? We do not use automated decision- making according to Art. 22 GDPR to establish and conduct the business relationship.

Is profiling used? We partially process your data with the aim of evaluating specific personal aspects to inform and advise you in a targeted manner about job offers. For this purpose, we use evaluation tools within our IT systems.
‍