TWO FOR YOU GmbH, Leinfelder Straße 64, 70771 Leinfelden-Echterdingen, Germany, is responsible for data protection compliance on our site. We have not appointed a data protection officer.

We will be happy to answer any questions you may have regarding data protection. You can use the following contact options:

a) Server log files

Insofar as you call up our website, information is automatically transmitted by your browser to the server of our website. This information is only stored for a short time in a so-called log file and is automatically deleted.

This includes the following data:

• Your IP address
• Date and time of the call
• Name and URL of the file you called up
• Website from which the call is made (referrer URL)
• Information on the browser and operating system you are using
• Name of your access provider

This data is used to ensure a smooth connection and comfortable use of our website as well as to evaluate system security and stability.

The legal basis for data processing results from Art. 6 Para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in collecting data for the aforementioned purposes. In addition, a legal basis also arises from Art. 6 Para. 1 lit. b GDPR for processing data to fulfil a contract or pre-contractual measures.

The data will not be used to draw conclusions about your person.

b) Contact form/ communication by e-mail

On our website you will find a contact form. We would like to give our customers the opportunity to contact us in an uncomplicated way. You can also write to us directly by e-mail. If you would like to use our contact form, you must enter your name and a valid e-mail address. If you write to us by e-mail, we will at least receive your e-mail address. All other data provided is optional. The data collection is carried out for the purpose of initiating or implementing contractual relationships in accordance with Art. 6 Para. 1 lit. b GDPR. Insofar as your enquiry is not directed towards initiating or implementing a contract, we nevertheless have a legitimate interest in processing and answering your enquiry. In this respect, the use of personal data for this purpose is based on Art. 6 Para. 1 lit. f GDPR.

We use the data you provide exclusively to process your enquiry. Insofar as your enquiry is directed towards the initiation or implementation of business, we delete your data according to our internally defined deletion periods.

Insofar as your enquiry is related to another purpose, we delete your data after processing, insofar as no other legal basis for data storage exists.

c) Processing of customer and contract data

When initiating business, concluding a contract and fulfilling a contract, we use your personal data required for this purpose in accordance with Art. 6 Para. 1 lit. b GDPR.

Data is only transferred to third parties if and insofar as this is necessary for the fulfilment of the contract, e.g. if a company has been commissioned for production or transport services or a credit institution for payment processing.

The deletion of this personal data takes place after the expiry of the statutory warranty periods or after the end of statutory retention periods.

d) Cookies

Our website contains cookies. Cookies are small text files that are stored on your terminal device. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are intended to support the user-friendliness of the website and are, of course, completely harmless to your end device. Information is temporarily collected in connection with the end device you use and the software you use. Conclusions about your identity are not drawn from this.

For example, we use so-called "session cookies". These cookies are automatically deleted after your visit. We also use cookies that are stored on your terminal device, for example to make it easier for you to use our site on a subsequent visit and to recognise your browser on your next visit ("permanent cookies"). Of course, you can delete these cookies manually at any time.

The cookies that are absolutely necessary for the operation of our website, i.e. without which our website cannot be displayed, are used for this purpose to protect our legitimate interests in accordance with Art. 6 Para. 1 sentence 1 lit. f GDPR. These are automatically deleted after a defined period of time.

Of course, you can also view our website without cookies. To do this, you must prevent cookies from being stored on your hard drive by selecting "do not accept cookies" in your browser settings. For a more detailed description, please consult the instructions of your browser manufacturer. You can also use the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/) to disable cookies. If you do not accept cookies, this may lead to functional restrictions on our website.

e) Google Ajax & jQuery libraries, Google Webfonts

On the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, we use Google Ajax & jQuery libraries, Google Webfonts of the company Google LLC, 1600 AmphitheatreParkway, Mountain View, CA 94043 USA, hereinafter "Google", for the purpose of a customer-friendly and responsive presentation of our site. In this process, program libraries and fonts are retrieved by your browser from Google and loaded into the browser cache in order to display content, texts and fonts correctly. Information about your provider, operating system, browser and IP address may be transmitted to Google.

Google's privacy policy applies here: https://www.google.com/policies/privacy/

Google complies with European data protection law and is certified under the Privacy Shield agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

On the basis of Art. 6 Para. 1 sentence 1 lit. f GDPR, we use the reCAPTCHA service of Google LLC, 1600 AmphitheatreParkway, Mountain View, CA 94043 USA, hereinafter "Google", to protect your enquiries via Internet forms. The query serves to distinguish whether the input is made by a human being or abusively by automated machine processing. The query includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. The deviating data protection regulations of the Google company apply to this data. You can find further information on Google's data protection guidelines at: https://www.google.com/intl/de/policies/privacy/

As a matter of principle, your personal data will not be transferred to third parties. However, data may be transmitted by way of exception for the following reasons:

• Insofar as you have given your express consent, Art. 6 Para. 1 sentence 1 lit. a GDPR
• Insofar as the transfer is necessary according to Art. 6 Para. 1 sentence 1 lit. f GDPR and there is no overriding interest worthy of protection in not transferring your data
• Insofar as we are legally obliged to disclose the data, Art. 6 Para. 1 sentence 1 lit. c GDPR
• Insofar as disclosure is permissible and necessary in accordance with Art. 6 Para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.

Insofar as your data is processed by third parties commissioned by us, this is done on the basis of Art. 28 GDPR by means of a contract processing agreement.

a) Right to information, Art. 15 GDPR

You have the right to request confirmation from us as to whether we are processing personal data about you. If this is the case, you can request information about this personal data and about the following information:

• The purposes of processing
• The categories of personal data processed
• The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations
• If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
• The existence of a right to rectify or erase personal data concerning you or to restrict processing or to object to such processing
• The existence of a right of appeal to a supervisory authority
• If the personal data are not collected from you, any available information about the origin of the data
• The existence of automated decision-making, including profiling, pursuant to Art. 22 Para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

b) Right of rectification, Art. 16 GDPR

You may immediately request the correction of incorrect or incomplete personal data stored by us.

c) Right to erasure (right to be forgotten) of your data, Art. 17 GDPR

You may request the deletion of your data stored by us insofar as

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed or are no longer necessary;
• you withdraw your consent on which the processing is based pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing;
• you object to the processing pursuant to Art. 21 Para 1 GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 Para 2 GDPR;
• the personal data have been processed unlawfully;
• erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which you are subject;
• the personal data have been collected in relation to information society services offered pursuant to Art. 8 Para. 1 GDPR.

We are obliged to erase upon presentation of the conditions, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

d) Right to restriction of processing, Art. 17 GDPR

You have the right to request us to restrict processing insofar as

• the accuracy of the personal data is disputed by you, but only for the period of time that allows us to verify the accuracy of the data;
• the processing is unlawful and you do not want your personal data to be erased immediately, but instead request the restriction of the use of the personal data;
• we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
• you have objected to the processing pursuant to Art. 21 Para. 1 GDPR, as long as it has not yet been determined whether the legitimate reasons on our part prevail over yours.

To the extent that processing is restricted, we may only process your personal data - apart from storing it - with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

Before the restriction is lifted, you will be informed again.

e) Right to data portability, Art. 20 GDPR

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

f) Right of objection, Art. 21 GDPR

In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if it is processed on the basis of legitimate interest pursuant to Art. 6 Para. 1 sentence 1 lit. f GDPR. However, this only applies if there are reasons arising from your particular situation or if the objection is directed against direct advertising.

g) Right of revocation, Art. 7 Para. 3 GDPR

You have the right to revoke your consent pursuant to Art. 6 Para. 1 sentence 1 lit. a GDPR at any time. This revocation applies exclusively to future use.

h) Right to complain to supervisory authorities

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or our registered office, if you consider that the processing of personal data concerning you infringes the General Data Protection Regulation.

Insofar as you wish to make use of your data subject rights, you may also submit this by e-mail to the above mentioned e-mail address.

For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as site operator, this site uses SSL or TLS encryption. You can recognise this by the fact that the address line of the browser changes from "http://" to "https://". In addition, you will see a lock symbol in the browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

In addition, we have taken precautions in the form of technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties.

This privacy policy is currently valid and has the status May 2021.

In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services. The new privacy policy will then apply the next time you visit our website.

You can view and print out our privacy policy on our website at any time.

If you feel that your rights have been violated or that you have been disadvantaged in any other way, we ask you to inform us of this yourself. You will then receive a personal, individual reply. Within the scope of your duty to minimise damages, we would like to point out that we will not assume the costs of a lawyer commissioned by you out of court without prior contact. There is expressly no intention on our part that you instruct a lawyer to issue a cease-and-desist demand and/or a declaration of discontinuance with a penalty clause. Consequently, no presumed intention can be taken into account.

This privacy policy was created by Martin Jedwillat, Lawyer: www.advomare.de