Privacy policy

1. Introduction Privacy Policy
This website is operated by: evolutiq Impact Advisory GmbH. It is very important to us to handle the data of our website visitors confidentially and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR. In the following, we explain to you how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you can really understand what happens to your data.

2. General information
2.1  Processing of personal data and other terms Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified . This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting . Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR). These and other legal definitions can be found in Art. 4 GDPR. 2.2  Applicable regulations/laws - GDPR, BDSG and TDDDG The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law. In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned. 2.3  The person responsible The controller responsible for data processing on this website is within the meaning of the GDPR. This is the natural or legal person who alone or jointly 1 with others determines the purposes and means of the processing of personal data. You can reach the person responsible at : evolutiq Impact Advisory GmbH Vitalisstrasse 67 50827 Cologne info@evolutiq-impact.com 2.4  How data is generally processed on this website As we have already established, some data (e.g. IP address) is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this at or ask for your consent. You consciously share other personal data with . You can find detailed information on this at below. 2.5  Your rights The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the correction, blocking or deletion of this data or complain to the responsible data protection supervisory authority. You can revoke your consent to at any time. The details of these rights and how to exercise them can be found at in the last section of this Privacy Policy. 2.6  Data protection - Our view Data protection is more than just a chore for us! Personal data has great value and careful handling of this data should be a matter of course in our digitalized world. Furthermore, as a website visitor, you should be able to decide for yourself what "happens" to your data, when and by whom. We therefore undertake to comply with all legal provisions, collect only the data that is necessary for us and, of course, treat it confidentially. 2

2.7  Forwarding and deletion The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this. Data will only be passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR. We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a 'good' overview of this. For further information, please refer to this Privacy Policy at and contact if you have any specific questions. 2.8  Hosting This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by website visitors. External hosting is used for the purpose of secure, fast and reliable provision of our website and in this context serves to fulfill the contract with our potential and existing customers. The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user within the meaning of the TDDDG. Our hoster only processes data that is necessary to fulfill its performance obligations and acts as our Data Processor, i.e. it is subject to our instructions. We have concluded a corresponding Data Processing Agreement with our hoster. We use the following hoster: 3

Framer
Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, The Netherlands https://www.framer.com/legal/privacy-statement/. 2.9 Legal basis The processing of personal data always requires a legal basis. The GDPR provides the following possibilities in Art. 6 para. 1 sentence 1: a)  The data subject has given their consent to the processing of their personal data for one or more specific purposes; b)  processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; c)  processing is necessary for compliance with a legal obligation to which is subject; d)  processing is necessary in order to protect the vital interests of the data subject or of another natural person; e)  processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller f)  processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. In the following sections, we will tell you the specific legal basis for the respective processing. 3. What happens on our website When you visit our website, we process your personal data. We use SSL or TLS encryption to protect this data in the best possible way against unauthorized access by third parties. You can recognize this encrypted connection by the fact that a https:// or a lock symbol is displayed in the address bar of your browser. Below you can find out what data is collected when you visit our website , for what purpose this is done and on what legal basis. 4

3.1  Data collection when accessing the website When you visit the website, information is automatically stored in so-called server log files. This is the following information: Browser type and browser version Operating system used Referrer URL Host name of the accessing computer Time of the server request IP address This data is temporarily required in order to be able to display our website to you permanently and without any problems. In particular, this data is used for the following purposes: System security of the website System stability of the website Troubleshooting on the website Establishing a connection to the website Presentation of the website Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security. Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved. If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security- relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified. Otherwise, no merging with other data takes place. 3.2  Cookies 3.2.1 General information
This website uses so-called cookies. This is a data record, information that is stored in the browser of your end device and is related to our website. The use of cookies can make it easier for visitors to navigate the website. 5

In our cookie consent tool at you will find all the information about the cookies that we use on our website (if applicable, with your consent). 3.2.2  Rejecting cookies
You can manage all cookies that are not technically necessary directly via our cookie consent tool at . The setting of cookies can be prevented by adjusting the settings of your browser at . Here you will find the corresponding links to frequently used browsers: Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten- in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en Google Chrome: https://support.google.com/chrome/answer/95647? co=GENIE.Platform%3DDesktop&hl=de Microsoft Edge: https://support.microsoft.com/de-de/windows/l %C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16- ede5947fc64d Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac If you use a different browser , we recommend that you enter the name of your browser and 'Delete and manage cookies' in a search engine and follow the official link to your browser. Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ www.youronlinechoices.com. However, we must point out to you that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website. 3.2.3  Technically necessary cookies
We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with the applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies. 6

The legal basis for this is Art. 6 para. 1 lit. b, c and/or f GDPR, depending on the individual case. 3.2.4 Technically not necessary cookies
We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are not technically necessary. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool at . 3.3 Data processing through user input 3.3.1 Contact us a) e-mail If you contact us by email at , we will process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements. b) Telephone If you contact us by telephone at , the call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to process your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements. c) Contact form
We offer a contact form. This is used to contact our company. 7

In this form, we generally process your first name and surname, your telephone number, your e-mail address, a postal address and the content of the message. The data is stored on our web server and forwarded internally to the relevant e-mail addresses. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in responding to your request and in an uncomplicated way of contacting you. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. We delete this data no later than 3 months after receipt, unless it is required for a contractual relationship that has arisen. We bind the contact form from
Formspark
Bjorn Krols, Avenue des Villas 38, Box 203, 1340 Ottignies, Belgium https://formspark.io/legal/gdpr/.
on our website. 3.4 Cookie Consent Tool 3.4.1 Usercentrics
We use the consent management tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, to ensure that only those cookies are set on our website for which there is a legal basis. This service is used to obtain the consent of the website visitor to the storage of certain cookies in his/her browser or the use of certain technologies and to document this in accordance with data protection regulations. When this website is accessed, the consent given by the website visitor or the withdrawal of consent is stored as a Usercentrics cookie in the browser of the website visitor. A connection to the Usercentrics servers is established for this purpose. The legal basis is Art. 6 para. 1 lit. c GDPR. Usercentrics is used to obtain the legally required consent for the use of cookies. 8

If the Usercentrics consent management tool is integrated into the website via a third-party provider, data (e.g. IP address) may be transmitted to the third- party provider. The data collected will be stored until is requested to be deleted by the website visitor or Usercentrics itself deletes the data or the purpose for storing the data no longer applies. The mandatory statutory retention periods remain unaffected by this. 3.5 Website construction kit system 3.5.1 Framer
We use the Framer website builder on this website to create our website. This service is provided by Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, The Netherlands. With Framer, we can design our website on a free canvas, add animations and interactions and optimize it with a CMS. Framer allows us to create a professional website that is both user-friendly and visually appealing without any coding knowledge. We can choose from a variety of design templates and web apps and customize our website for different languages and regions to accommodate our international visitors. Framer may use cookies to track activity on our website and store certain information. These cookies help us to operate the service, store preferences and keep our website secure. The legal basis for technically unnecessary cookies is consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. The service is otherwise technically necessary to display our website. The legal basis for the processing is therefore Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the presentation and functionality of our website. As Framer is a company based in the Netherlands, data processing takes place within the European Union. Further information on data processing by Framer: https://www.framer.com/legal/privacy-statement/. 9

3.6 Analysis and tracking tools 3.6.1 Google Analytics
We use Google Analytics on this website. Google Analytics is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to recognize the user and thus to analyze usage behavior. These cookies are only set with consent. Consent can be revoked at any time and managed in our cookie consent tool. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The use of Google Analytics results in IP anonymization. The IP address of the respective user is shortened on servers within the member states of the EU (or the European Economic Area) in such a way that it is no longer possible to trace it back to a natural person. In addition, Google undertakes to provide appropriate data protection via the Google Ads data processing conditions and creates an evaluation of website use and website activity and provides the services associated with use. The Google Ads Data Processing Terms apply to companies that are subject to the EU General Data Protection Regulation (GDPR) of the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) or similar regulations. An additional browser plugin can be used to prevent the information collected (such as the IP address) from being sent to Google and used by Google. The plugin and further information can be found at at https://tools.google.com/dlpage/gaoptout?hl=de. Otherwise, the storage period depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted. The maximum lifespan of a Goggle Analytics cookie is two years. 10

Further information on the use of data by Google can also be found at under https://support.google.com/analytics/answer/6004245?hl=de. For all other queries, you can also contact directly at support-deutschland@google.com 3.6.2  Google Conversion Tracking
This website uses Google Conversion Tracking. Google Conversion Tracking is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Conversion Tracking uses cookies for identification. We find out the number of users and which actions were carried out on the website by the website visitors. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. The data is deleted as soon as it is no longer required for the processing purposes. Further details: https://policies.google.com/privacy?hl=de. 3.6.3  Google Tag Manager
We use Google Tag Manager on this website. Google Tag Manager is a web analysis service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager does not store cookies and does not analyze independently. It is only used to manage the tools integrated via it. However, the IP address of the website visitor is recorded, which may be transferred to Google's parent company in the USA. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in integrating and managing various tools on our website in an uncomplicated manner. Further details: https://policies.google.com/privacy?hl=en. 11

3.6.4 Framer Analytics
We use the functions of Framer Analytics on this website. This service is provided by Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, interactions with website prototypes. It enables the tracking of user actions such as clicks and page views, visualizes user paths through the prototype and measures the time spent on different pages. This data helps to identify bottlenecks in user navigation and to optimize the user experience. Framer Analytics does not collect any personal data and does not set cookies to track user activity. The data is processed on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to continuously improve our website through analysis. Further information: https://www.framer.com/legal/privacy-statement/? utm_source=google&utm_medium=adwords&utm_campaign=PerformanceMa x- Framer_&gad_source=1&gclid=Cj0KCQjwlZixBhCoARIsAIC745CTgsJwNQoL WsI_S_5RmKii7ZlKcj5gbPDPgjVQIbFAu5RCNs0I4kMaAltDEALw_wcB. 3.7 Social media profiles We also use the opportunity to place advertisements and job advertisements on social media. 3.7.1 LinkedIn
We operate a LinkedIn profile on https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. a) Interaction with our company profile Netherlands Framer Analytics offers specific functions for monitoring user 12

b) Page Insights LinkedIn provides us with aggregated statistics and insights (called Page Insights) that tell us how people interact with our Company Page. Among other things, we receive information about the number of profiles that view, comment on or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about the interaction with our page or LinkedIn profile. Pages Insights provided to us by LinkedIn consist of aggregated data, and LinkedIn does not provide us with any personally identifiable information about members in relation to Page Insights. We also have no way of linking Page Insights to individual members. When placing ads, LinkedIn provides us with information about the types of people who see our ads and about the success of our ads. Personal data is only passed on to us if this person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase being made or an action being taken. This data is processed for the purpose of analyzing our reach and adapting our content and advertisements to user interests. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with LinkedIn for this purpose, which can be viewed here (https://legal.linkedin.com/pages-joint- controller-addendum). The contact details of LinkedIn are:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. 13

For LinkedIn, you can contact the data protection officer at using the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. 3.7.2 Processing by LinkedIn In connection with your visit to our company profile, LinkedIn may also process additional personal data. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. You can find more information from LinkedIn on this at : https://de.linkedin.com/legal/privacy-policy. 3.8 Third-party content 3.8.1 Google Fonts
We use Google Fonts on this website. Google Fonts is a tool that enables the uniform display of fonts (so-called Google Fonts). This service is offered by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. As soon as a website visitor visits a website that uses Google Fonts, the browser used must connect to the Google servers. No cookies are set in this process. However, the IP address of the website visitor is recorded and used for analysis purposes. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG. This consent can be revoked at any time. Details on this: https://developers.google.com/fonts/faq?hl=de https://policies.google.com/privacy?hl=de 3.9 Cloud backups We use cloud backup functions on our website to protect the data and content of the website from data loss, corruption or security incidents. This ensures 14

that the website can be restored quickly and completely in the event of a server failure, a hacker attack or other unforeseen events. We use the following cloud backup service:
Framer
Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, The Netherlands https://www.framer.com/legal/privacy-statement/. 4. What else is important Finally, we would like to inform you in detail about your rights and tell you how you can be informed about changes to data protection requirements. 4.1 Your rights in detail 4.1.1  Right to information in accordance with Art. 15 GDPR
You can request information from as to whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR. 4.1.2  Right to rectification in accordance with Art. 16 GDPR
This right includes the correction of incorrect data and the completion of incomplete personal data. 4.1.3  Right to erasure in accordance with Art. 17 GDPR
This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the erasure of personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This "right to be forgotten" also corresponds to the controller's obligation under Art. 17 para. 2 GDPR to take reasonable steps to ensure that the data is generally erased. 4.1.4  Right to restriction of processing in accordance with Art. 18 GDPR 15

This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d. 4.1.5  Right to data portability in accordance with Art. 20 GDPR
This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible. 4.1.6  Right to object pursuant to Art. 21 GDPR
You can generally object to processing your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling. 4.1.7  Right to "individual decision-making" pursuant to Art. 22 GDPR
You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you . However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR. 4.1.8  Further rights
The GDPR contains comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this is only possible or feasible with reasonable effort. We would like to take this opportunity to remind you of your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point. We would also like to inform you of your rights under Sections 32 et seq. BDSG, which, however, are largely congruent with the rights just described. 4.1.9  Right to lodge a complaint pursuant to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation. 16

5. What if the GDPR is abolished tomorrow or other changes take place? The current status of this Privacy Policy is 06.09.2024. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the amended version in the same place and recommend that you read the Privacy Policy regularly. Created with the kind support of Dieter macht den Datenschutz