Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws and other data protection regulations is: digitalWAS solutions GmbH Schützenstraße 9 12165 Berlin Germany Phone: +49 30 209666001 Email: kontakt@digitalwas.de Website: https://digitalwas.de

For questions regarding the processing of your personal data, information requests, correction, blocking or deletion of data, as well as revocation of consent, please contact: digitalWAS solutions GmbH Schützenstraße 9 12165 Berlin Email: management@digitalwas.de

We generally only process personal data of our users insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law. Legal bases for the processing of personal data: • Art. 6 (1) lit. a GDPR – Consent of the data subject • Art. 6 (1) lit. b GDPR – Performance of a contract or pre-contractual measures • Art. 6 (1) lit. c GDPR – Compliance with a legal obligation • Art. 6 (1) lit. f GDPR – Legitimate interest of the controller

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected: • Information about the browser type and version used • The user's operating system • The user's IP address • Date and time of access • Websites from which the user's system accessed our website (referrer) The data is stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in ensuring a smooth connection setup and comfortable use of our website, as well as evaluating system security and stability. The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of log file storage, this is after seven days at the latest.

A contact form is available on our website for electronic communication. If a user uses this option, the data entered in the form is transmitted to us and stored. This data includes: • Name • Email address • Phone number (optional) • Company (optional) • Desired service • Message At the time of sending the message, the following data is also stored: • The user's IP address • Date and time Consent is obtained for the processing of data during the sending process and reference is made to this privacy policy. The legal basis is Art. 6 (1) lit. a GDPR. Alternatively, contact can be made via the provided email address kontakt@digitalwas.de. In this case, the personal data transmitted with the email is stored. The legal basis is Art. 6 (1) lit. f GDPR. The data is used exclusively for processing the conversation and is deleted as soon as it is no longer necessary for the purpose for which it was collected.

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. We use the following cookies: a) Technically necessary cookies These cookies are required to provide you with the basic functions of the website. The legal basis is Art. 6 (1) lit. f GDPR. b) Google Maps Cookies On the imprint page, we embed Google Maps. Cookies from Google are only set with your explicit consent. The legal basis is Art. 6 (1) lit. a GDPR. You can revoke your consent at any time. c) Google reCAPTCHA To protect against spam and abuse, we use Google reCAPTCHA on our contact form. Data is transmitted to Google. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in the security of our website). For more information, see Google's privacy policy: https://policies.google.com/privacy

Insofar as we process personal data on behalf of our clients in the course of our business activities, we conclude a data processing agreement in accordance with Art. 28 GDPR with them. This applies in particular to: • IT Service & Rollouts – Access to our clients' IT systems for maintenance, support and projects • Managed IT Projects – Staff augmentation and support takeover, where our technicians may have access to clients' personal data • SaaS Solutions (digital scaleUp, KON-VAULT) – Hosting and processing of client data in our systems • Healthcare & TI – Processing of particularly sensitive data in the healthcare sector As part of data processing, we ensure that: • Processing only takes place on documented instructions from the controller • Persons entrusted with processing are bound to confidentiality • Appropriate technical and organizational measures (TOMs) are taken to protect the data • Sub-processors are only used with the controller's prior consent • The controller is supported in fulfilling their obligations to data subjects • All data is returned or deleted after the end of processing • All necessary information is provided to the controller to demonstrate compliance with obligations Our data centers and servers are located exclusively in Germany. All data is protected in compliance with GDPR and state-of-the-art technology.

Our website and SaaS products are hosted on servers in Germany. We use the following service providers: • Hetzner Online GmbH – Server hosting (data centers in Germany) We have concluded data processing agreements in accordance with Art. 28 GDPR with all hosting service providers. Processing takes place exclusively within the European Union.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights: a) Right to information (Art. 15 GDPR) You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information about: processing purposes, categories of data, recipients, storage period, origin of data. b) Right to rectification (Art. 16 GDPR) You have a right to rectification and/or completion if the processed personal data is inaccurate or incomplete. c) Right to restriction of processing (Art. 18 GDPR) Under certain conditions, you may request the restriction of the processing of your personal data. d) Right to erasure (Art. 17 GDPR) You may request the controller to delete your personal data without undue delay, provided that one of the legally stipulated reasons applies. e) Right to data portability (Art. 20 GDPR) You have the right to receive your personal data in a structured, commonly used and machine-readable format. f) Right to object (Art. 21 GDPR) You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. g) Right to withdraw consent (Art. 7 (3) GDPR) You have the right to withdraw your data protection consent at any time. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected. h) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) You have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is: Berlin Commissioner for Data Protection and Freedom of Information Friedrichstraße 219 10969 Berlin https://www.datenschutz-berlin.de

In accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These include in particular: • Encryption of data transmission (TLS/SSL) • Regular security updates and patches • Access controls and authorization concepts • Regular data backups • Firewalls and intrusion detection systems • Confidentiality obligations for all employees • Regular review and evaluation of technical and organizational measures

Personal data is generally not transferred to third countries (countries outside the European Economic Area – EEA). If a transfer is necessary in individual cases (e.g. through the use of Google reCAPTCHA), it is only carried out on the basis of an adequacy decision by the European Commission, standard contractual clauses or other appropriate safeguards in accordance with Art. 46 GDPR.

We reserve the right to adapt this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will apply to your next visit. Last updated: March 2025