Balde Consulting welcomes your visit to this website. We take the protection and security of your personal data very seriously. With this data protection information, we aim to emphasize our commitment to handling your data securely and trustworthily and to explain how we use the personal data of our customers. We comply with the strict regulations of German data protection law. In their respective areas of application, the provisions of the Telemedia Act (TMG) and the Federal Data Protection Act (BDSG) apply in particular.

1. What data is processed when you visit?

a) Collection and use of non-personal (anonymous) data for internal system and statistical purposes. You can generally visit this portal without providing any personal information. When you access the website through your internet browser, technically necessary data is automatically transmitted to our server and stored in a log file for quality assurance purposes. This includes:

• IP address (Internet Protocol address) of the accessing computer
• The website from which you were redirected to our website (referrer)
• Date and time of your visit
• Browser type and settings
• Operating system of the accessing computer
• Name of your internet service provider The data collection does not allow conclusions to be drawn about your person. The user remains anonymous.

b) Collection and use of personal data: Personal data (first name, last name, salutation, address, date of birth, etc.) is only collected if you voluntarily provide it to us, for example, in the input mask of a form.

Our website also uses cookies. These help us make your visit to our website comfortable and tailor it to your preferences (see point 5).

Data collection during email contact:

• Name
• Email
• Phone number

The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR if you have given consent to the provider (us), and also Art. 6 para. 1 lit. f GDPR. If the purpose of the contact is to initiate a contract, Art. 6 para. 1 lit. b GDPR is also a legal basis for data processing. Data provided by you will be deleted immediately after your request has been processed, or at the latest, 12 months after the last contact if no resolution has been achieved.

A request is considered resolved when it can be inferred from the circumstances that the matter in question has been conclusively clarified. You have the right to revoke your consent to the processing of personal data or to object to data processing that is not based on consent at any time.

The exercise of revocation or objection can be done, in particular, by email to the contact email address mentioned above. In this case, all personal data that the provider has stored in connection with your contact will be deleted. Your right to revoke generally does not apply to data that the provider needs for the performance of a contract or for pre-contractual measures. However, you may have additional rights that allow you to request the deletion of your data.

Please also note that if you send us particularly sensitive data (e.g., health data) electronically as a service provider, you should adequately protect them against unauthorized access.

2. How are inventory data processed?

a) What are inventory data? According to § 14 TMG, inventory data are the personal data of a user that are necessary for the establishment, content design, or modification of a contractual relationship between the service provider and the user regarding the use of telemedia. b) How is the processing of this data carried out? The relevant personal data of the customer necessary for the supply contract relationship are collected, processed, and used by Balde Consulting in accordance with the respective legal provisions for the protection of personal data, exclusively for the purpose of contract execution and to protect the legitimate interests of Balde Consulting – for example, to fulfill Balde Consulting’s own business purposes in customer support and consulting – as well as for technical administration. If necessary, data may also be disclosed to companies involved in the execution of the supply contract (e.g., for forwarding and billing or debt collection). Balde Consulting is obliged to ensure that the applicable data protection regulations are observed in this regard. Upon complete contract fulfillment, your data will be blocked for further use and deleted after the statutory retention periods under tax and commercial law have expired unless you have expressly consented to the further use of your data. For the purpose of credit checks, Balde Consulting may obtain information from credit agencies and disclose personal data of the customer related to the supply contract relationship to these agencies under the conditions of § 28a BDSG.

3. How are usage and traffic data processed?

a) What are usage data? According to § 15 TMG, „usage data“ are personal data that are necessary to enable and bill the use of telemedia. These include, in particular, characteristics for user identification, information about the start and end as well as the scope of each use, and information about the telemedia used by the user. b) How is the processing of this data carried out? Regarding cookies, please refer to the explanations under section 5. Balde Consulting will use your traffic data to the extent permitted by law or if you have given your consent for the collection and processing. Balde Consulting may store and transmit traffic data as required for billing purposes. You may object in writing or by email to the use of your usage data to create anonymized user profiles for advertising, market research, or the needs-based design of telemedia at any time.

4. What does Balde Consulting do to secure my data?

Balde Consulting has implemented extensive technical, administrative, and physical measures to protect your data from potential risks such as unauthorized access, unauthorized disclosure, alteration, or distribution, as well as from loss, destruction, or misuse. To protect your personal data during transmission from unauthorized third-party access, we secure relevant logins and data transfers using 256-bit SSL (Secure Socket Layer) encryption, with the bit count varying depending on whether older browsers or operating systems are used.

5. Information about Cookies

To enable a user-friendly design of the website, we, like most internet services, use so-called „cookies.“ Cookies are text files that are stored on your hard drive by your browser. These data contain information about which internet pages you visit and which advertisements you have seen. However, cookies never allow the determination of personal data such as names, addresses, email addresses, etc. Website operators on the internet use cookies, for example, to check whether you are authorized to view the requested information on a website. Cookies also provide you with more convenience and security during login. In this way, we can customize our website to your individual preferences. You can configure your browser to inform you in advance about the setting of cookies, or you can completely refuse to accept cookies. However, refusing cookies may, in certain cases, lead to a limitation of functionality. When you visit our website, cookies from partner companies are also stored on your computer. These cookies are used solely for the collection of statistical, non-personal data for the optimization of advertising materials such as banner advertising, display advertising, and search engine marketing. Our partner companies are not permitted to collect, process, or use personal data via cookies on our website.

6. Information

According to § 34 of the BDSG, the customer is entitled to request free information from Balde Consulting about which data is collected, processed, and disclosed about them.

7. Access, Deletion, and Right to Object

Rights of Data Subjects

You have the right to obtain confirmation from the provider as to whether or not personal data concerning you is being processed and to request information about such personal data, as well as the right to rectification, erasure, restriction of processing, the right to data portability, and the right to lodge a complaint with a supervisory authority in accordance with the description provided below. In cases covered by §§ 32 et seq. BDSG 2018, these rights exist only to the extent provided for by the BDSG 2018.

a. Your Right to Information You have the right to request confirmation from the provider as to whether personal data concerning you is being processed. If this is the case, you have the right to be informed about this personal data and the following information: the purposes of the processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially in the case of recipients in third countries or international organizations; if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this period; the existence of the right to rectification or erasure of your personal data or the right to restrict processing by the data controller or the right to object to such processing; the right to lodge a complaint with a supervisory authority; if the personal data is not collected from the data subject, all available information on the origin of the data; the existence of automated decision-making, including profiling (pursuant to Article 22, paragraphs 1 and 4 of the GDPR), and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

b. Right to Rectification You have the right to request the immediate correction of inaccurate personal data concerning you from the provider. You also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement, in line with the processing purposes mentioned above or if there is a valid reason for such a request.

c. Right to Erasure You have the right to request the provider to erase personal data concerning you without undue delay. We are obliged to erase personal data without undue delay if one of the following reasons applies: The personal data is no longer necessary for the purposes for which it was collected or otherwise processed; the data subject withdraws consent on which the processing is based according to Article 6, paragraph 1, letter a or Article 9, paragraph 2, letter a of the GDPR, and there is no other legal ground for the processing; the data subject objects to the processing pursuant to Article 21, paragraph 1 of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21, paragraph 2 of the GDPR; the personal data has been unlawfully processed; the erasure of personal data is required to fulfill a legal obligation under Union or Member State law to which the controller is subject; the personal data has been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of the GDPR. If we have made the personal data public and are obliged to erase it, we, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers who process the personal data that you have requested the erasure of any links to or copies or replications of that personal data. However, you do not have the right to erasure under Article 17, paragraph 3 of the GDPR to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health pursuant to Article 9, paragraphs 2, letters h and i, and Article 9, paragraph 3 of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise, or defense of legal claims.

d. Right to Restrict Processing

You have the right to request us to restrict the processing of your personal data under the following conditions:

• The accuracy of your personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
• The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The data controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise, or defense of legal claims, or the data subject has objected to processing pursuant to Article 21, paragraph 1, pending the verification whether the legitimate grounds of the data controller override those of the data subject.

Once processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained a restriction of processing, you will be informed by us before the restriction is lifted.

e. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us or the controller to which the personal data has been provided, where:

• The processing is based on consent pursuant to Article 6, paragraph 1, letter a, or Article 9, paragraph 2, letter a, or on a contract pursuant to Article 6, paragraph 1, letter b, and
• The processing is carried out by automated means.

In exercising your right to data portability under paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

The exercise of the right to data portability is without prejudice to Article 17 of the GDPR (Right to Erasure/“Right to Be Forgotten“). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

f. Right to Object to Processing

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interests pursued by the controller or a third party) of the GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

At the latest at the time of the first communication with you, we must explicitly bring the existence of the right to object to your attention and shall present it clearly and separately from any other information.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

g. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

— End of Data Protection Provisions —