Privacy Policy

1. General Information

When you visit our website, various personal data are processed depending on the type and scope of your visit. Personal data is information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly (e.g., by reference to an online identifier). This includes information such as name, address, telephone number, date of birth, or IP addresses.

With this privacy notice, we inform you, in accordance with Articles 12 et seq. of the GDPR, about which personal data is processed when you visit and use our website. Below you will find, in particular, information about which data we collect in connection with your visit and use of our website, what we use the collected data for, and for what purposes the data is collected. Furthermore, you will find information about your rights in connection with the processing of your personal data. We reserve the right to amend this privacy policy with effect for the future, in particular in the event of further development of our website, the use of new technologies, or changes to the legal basis or relevant case law. This privacy information applies to all pages of our website (www.atum-advisory.de). It does not extend to any linked websites or online presences of other providers.

2. Controller

The controller pursuant to Art. 4 No. 7 GDPR is

Atum Advisory GmbH

Schorlemmerstraße 2
04155 Leipzig
E-Mail: kontakt@atum-advisory.de
Tel.: +49 341 33385 186

3. Security

‍For security reasons and to protect your personal data during transmission to us, we use SSL or TLS encryption to protect your data against unauthorized access. You can recognize an encrypted connection by the string https:// and the padlock symbol in your browser's address bar.

4. Purposes and Legal Bases of Processing

4.1.Processing and Visiting Our Website – Server Log Files

For the purpose of the technical provision of our website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed and used in your browser. This information is automatically collected each time our website is accessed and stored in so-called "server log files." The information transmitted by your browser and stored in the server log files includes the following:

- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred
- Website from which access is made (referrer URL)
- Browser type and browser version
- Operating system used The storage of the aforementioned access data is necessary for technical reasons to provide our website and to ensure system security

This also applies to the storage of your IP address, which is a necessary step and, under certain conditions, could theoretically allow for identification of you. Beyond the purposes mentioned above, we use server log files exclusively for the needs-based design and optimization of our website, purely for statistical purposes and without drawing any conclusions about your identity. This data is not combined with other data sources, nor is it used for marketing purposes. The access data collected during your use of our website is stored for the period necessary to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes. If you visit our website to learn about or use our services, the legal basis for the temporary storage and processing of access data is Article 6 Paragraph 1 Sentence 1 Letter b GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract. Furthermore, Article 6 Paragraph 1 Sentence 1 Letter f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here lies in being able to provide you with a technically functioning and user-friendly website and in ensuring the security of our systems.

4.2. Contact

If you use the contact form provided on our website, we process the data you provide in the contact form: - Name - Email address - Telephone number
- Company Headquarters - Description of the Current Situation: The processing of the data you provide via the contact form is based on Art. 6 para. 1 lit. b GDPR, insofar as your inquiry relates to the establishment or performance of a contractual relationship. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), insofar as such consent has been obtained. The data you provide via the contact form will be stored by us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected. 4.3. Use of Cookies and Associated Plugins/Tools 4.3.1. Cookies: We use so-called "cookies" on our website. Cookies are small text files that are stored on the hard drive of the device you use to access our website. The characteristic strings contained in cookies allow the browser you are using to be identified when you visit our website. Cookies cannot execute programs or transmit viruses to your device. They serve to make our website more user-friendly, effective, and secure, and to enable certain functionalities. Cookies may contain data that allows the device you are using to be recognized. In some cases, cookies only contain information about certain settings (e.g., language settings) that are not personally identifiable. You can refuse the use of cookies and delete them at any time by adjusting the settings on your device: - Most browsers are preset to automatically accept cookies. You can change this preset by activating the "do not accept cookies" setting in your browser. Further information can be obtained from your browser provider. - Cookies that have already been saved can be deleted at any time. Further information on deleting cookies can be obtained from your browser provider. - Like the use of cookies, their refusal or deletion is also dependent on the device and browser used. You must therefore reject or delete cookies separately for each of your devices and, if using multiple browsers, for each browser individually. If you activate the "do not accept cookies" function in your browser, you may not be able to use all the functions of our website, or some functions may be limited. A distinction is made between so-called "session cookies," which are deleted as soon as you close your browser, and so-called "persistent cookies," which are stored beyond the individual session and are only deleted after a defined period. Regarding their functions, we have categorized the cookies used on our website as follows: - Essential cookies: Essential cookies are necessary to make a website usable by enabling basic functionalities such as page navigation or access to secure areas of the website. - Functional cookies: Functional cookies are used to collect statistical information about the use of our website. This information allows us to analyze the use of our website, measure performance, and improve it. - Marketing and analytics cookies: Marketing cookies are used by advertisers to display ads that are relevant to your interests. - Advertising cookies: For personalization and measuring the effectiveness of advertising on our website and other websites.

4.3.2. Cookies Used

Below you will find further information about the cookies used on our website: Cookie Name Provider Category Purpose Storage Duration _ga Google Ireland Marketing and Analytics The most important cookie used by Google Analytics, 2 years Limited cookie allows a service to distinguish one user from another. It is used by every website where Google Analytics is implemented, including Google services. Each "_ga" cookie is a unique identifier for a specific property and therefore cannot be used to track a particular user or browser across independent websites. _gid Google Ireland Limited Marketing and Analytics Cookie Registers a unique ID for a website visitor, which logs how the visitor uses the website. The data is used for statistics. 1 day _gat_UA-* Google Ireland Limited Marketing and Analytics Cookie Set by Google Analytics to control the request rate. 1 minute The legal basis for storing essential cookies is Section 25 Paragraph 2 No. 2 TTDSG. We only store marketing and analytics cookies, functional cookies and advertising cookies on the basis of your explicit and active consent in accordance with Section 25 Paragraph 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR.

4.3.3. Cookie-Management

Where your consent is required for the storage of cookies on your device, this website uses the cookie consent technology of Finesweet Inc., 2774 Harbor Rd Merrick, NY, 115566-4608, USA, to obtain your consent and document it in accordance with data protection regulations. You can revoke your consent or change your selection by clicking the button below. The collected data is generally stored for one year, or until you request its deletion. The stored data is not forwarded to Finesweet. Further information on data processing by reDim can be found at: https://finsweet.com/cookie-consent. The legal basis for storing information on your device and accessing it in connection with the use of Finesweet is Section 25 Paragraph 2 No. 2 of the German Telecommunications and Telemedia Data Protection Act (TTDSG). The associated processing of your data is carried out to fulfill our legal obligations on the basis of Art. 6 para. 1 lit. c GDPR.

4.3.4. Google Analytics

If you have given your consent, this website uses Google Analytics 4.0, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google").Google Analytics 4.0 uses JavaScript and pixels to read information from your device and cookies to store information on your device. In connection with the use of Google Analytics 4, the following data is processed:- IP address- User ID and device ID- Referrer URL (previously visited page)- Pages viewed (date, time, URL, title, time spent)- Files downloaded- Links clicked to other websites- Achievement of specific goals (conversions)- Technical information (operating system, browser type, version and language, device type, brand, model and resolution)- Approximate location (country, region and, if applicable, city, based on the anonymized IP address)By default, the IP address is shortened by removing the last two digits. This IP address shortening takes place on servers within the European Union.Google processes the collected data on our behalf to analyze the use of our website and to compile reports on website activity. We use the information provided by Google to evaluate the use of our website and to improve our website.The collected data may be transferred by Google to a Google server in the USA for evaluation and stored there.The storage of cookies in connection with the use of Google Analytics is based on your consent pursuant to Section 25 Paragraph 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG). The legal basis for processing your data in connection with the use of Google Analytics is your consent pursuant to Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR. You can withdraw your consent at any time with effect for the future. Further information on withdrawing your consent can be found in this privacy policy under the section "Cookie Management."We have concluded a data processing agreement with Google Ireland Limited in connection with the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Article 46(2)(c) GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.Furthermore, on July 10, 2023, the European Commission adopted an adequacy decision for the USA pursuant to Article 45 GDPR, the so-called EU-U.S. Data Privacy Framework. According to this decision, companies certified under the EU-U.S. Data Privacy Framework offer an adequate level of data protection. Google LLC is certified under the EU-U.S. Data Privacy Framework:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

4.4. Hosting

Our website is hosted by an external service provider, Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter "Webflow"). The data collected during your use of our website is stored on our host's servers. This data includes, in particular, IP addresses, contact requests, metadata and communication data, contact information, website access data, and other data generated during website use.We use our host for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing a secure, fast, and efficient online service through a professional provider (Art. 6 para. 1 lit. f GDPR).Our host will only process your data to the extent necessary to fulfill its contractual obligations. Further information can be found in Webflow Inc.'s privacy policy at: https://webflow.com/legal/privacy.We use our host for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 para. 1 lit. b GDPR). To ensure data processing complies with data protection regulations, we have concluded a data processing agreement with our hosting provider.We have also concluded a data processing agreement with Webflow in connection with the use of Microsoft Bookings. In the event that personal data is processed in the USA in connection with the use of Webflow, we have concluded the Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 para. 2 lit. c GDPR with Microsoft to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR. The agreement we concluded with Webflow can be viewed at the following link:https://webflow.com/legal/dpaFurthermore, on July 10, 2023, the European Commission adopted an adequacy decision pursuant to Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. According to this framework, companies that comply with the EU-U.S. Webflow is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection.Webflow is certified under the EU-U.S. Data Privacy Framework:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TT9jAAG&status=Active

4.5. Further processing purposes

4.5.1. Compliance with legal regulations

We also process your personal data to fulfill other legal obligations that may apply to us in connection with our business activities. This includes, in particular, retention periods under commercial, trade, or tax law. We process your personal data in accordance with Article 6(1)(c) GDPR to fulfill a legal obligation to which we are subject.

4.5.2. Enforcement of rights

We also process your personal data to assert our rights and enforce our legal claims. We also process your personal data to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary for the prevention or prosecution of criminal offenses. In this context, we process your personal data to protect our legitimate interests pursuant to Article 6(1)(f) GDPR, insofar as we assert legal claims, defend ourselves in legal disputes, or prevent or investigate criminal offenses (legitimate interest).

5. Recipients of data

Within our company, access to your data is granted only to those departments that require it to fulfill our contractual and legal obligations. Service providers and agents we employ (e.g., technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We limit the disclosure of your personal data to what is necessary, taking into account data protection regulations. In some cases, recipients receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data. In other cases, recipients act independently with their own data protection responsibility and are also obligated to comply with the requirements of the GDPR and other data protection regulations. Finally, in individual cases, we transmit personal data to our legal or tax advisors, who are bound by a special duty of confidentiality and secrecy due to their professional status.

6. Duration of data storage

We process and store your personal data initially for the duration of the respective purpose of use (see above for the individual processing purposes). This may also include the periods of initiating a contract (pre-contractual legal relationship) and the execution of a contract. On this basis, personal data is regularly deleted within the scope of fulfilling our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes: - Compliance with statutory retention obligations, which arise, for example, from the German Commercial Code (Sections 238, 257 Paragraph 4 HGB) and the German Fiscal Code (Section 147 Paragraphs 3, 4 AO). The retention or documentation periods stipulated therein are up to ten years. - Preservation of evidence, taking into account the statutes of limitations. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the standard limitation period being three years.

7. Your rights

As a data subject, you have the following rights under the legal conditions:

7.1. Right to information

You have the right, at any time and pursuant to Article 15 of the GDPR, to request confirmation from us as to whether we process personal data concerning you. If this is the case, you are further entitled, pursuant to Article 15 of the GDPR, to obtain access to this personal data and certain other information (in particular, the purposes of the processing, the categories of personal data, the categories of recipients, the planned storage period, the origin of the data, the use of automated decision-making, and, in the case of transfers to third countries, the appropriate safeguards) and a copy of your data. The restrictions of Section 34 of the German Federal Data Protection Act (BDSG) apply.

7.2. Right to rectification

According to Article 16 of the GDPR, you are entitled to request that we correct any personal data we hold about you if it is inaccurate or erroneous.

7.3. Right to erasure

Under the conditions of Article 17 GDPR, you have the right to request that we erase your personal data without undue delay. This right to erasure does not apply, among other things, if the processing of your personal data is necessary, for example, to comply with a legal obligation (e.g., statutory retention requirements) or for the establishment, exercise, or defense of legal claims. Furthermore, the restrictions of Section 35 of the German Federal Data Protection Act (BDSG) apply.

7.4. Right to restriction of processing

Under the conditions of Article 18 GDPR, you are entitled to request that we restrict the processing of your personal data..

7.5. Right to data portability

Under the conditions of Article 20 GDPR, you are entitled to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

7.6. Right of withdrawal

You can withdraw your consent to the processing of your personal data at any time. This also applies to the withdrawal of consent declarations that were given to us before the GDPR came into effect, i.e., before May 25, 2018. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected. To declare your withdrawal, simply send us an informal notification, e.g., by email.

7.7. Right to object

You have the right to object to the processing of your personal data under the conditions of Article 21 GDPR, which would require us to cease processing your personal data. This right to object exists only within the limits set out in Article 21 GDPR. Furthermore, our legitimate interests may override your objection, meaning that we may still be entitled to process your personal data despite your objection. We will consider any objection to direct marketing measures immediately and without further consideration of existing interests. Information about your right to object pursuant to Article 21 GDPR: You have the right to object at any time to the processing of your data based on Article 6(1)(f) GDPR (data processing based on a balancing of interests) or Article 7(1)(e) GDPR (data processing in the public interest), if there are grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims. The objection can be made informally and should preferably be addressed to:

Atum Advisory GmbH
Schorlemmerstraße 2
04155 Leipzig
E-Mail: kontakt@atum-advisory.de
Tel.: +49 341 33385 186

7.8. Right to lodge a complaint with a supervisory authority

Under the conditions of Article 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can lodge a complaint with the supervisory authority responsible for us (Saxon Data Protection and Transparency Commissioner; https://www.datenschutz.sachsen.de/kontakt.html) or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link:

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

7.9. Other concerns

For further data protection questions and concerns, our data protection officer is available using the contact details provided above.

8. Obligation to provide data

You are generally not obligated to provide us with your personal data. However, if you choose not to, we will not be able to fully provide you with our website or answer your inquiries. Personal data that we do not necessarily require for the processing purposes mentioned above is marked accordingly as voluntary.

9. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).