Privacy Policy of Spreadly (website and app)

1) Information about the collection of personal data and contact details of the person responsible.

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website, because we care about your privacy. Personal data in this context is all data with which you can be personally identified.

1.2 The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is Spreadly GmbH, Forstenrieder Weg 1G, 82065 Baierbrunn, e-mail: support@spreadly.app. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) Cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.

In some cases, the cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given, or in accordance with Art. 6 para. 1 lit. f DSGVO to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find this for each browser at the following links:

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
• Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting us

In the context of contacting us (e.g. via contact form or e-mail to info@spreadly.app), personal data is collected. Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Data processing when opening a customer account and for contract execution.

Pursuant to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data was reserved by our side.

6) Use of customer data for direct advertising

6.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will send you regular information about our offers. Mandatory data for sending the newsletter is only your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on an appropriate link.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a DSGVO. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.

6.2 Goods availability notification by e-mail.

If we offer the possibility in our online store for selected, temporarily unavailable items to inform you by e-mail about the time of availability, you can subscribe to our e-mail notification service for the availability of goods. If you subscribe to our availability notification e-mail service, we will send you a one-time e-mail message about the availability of the item you have selected. Mandatory information for sending this notification is only your e-mail address. The provision of further data is voluntary and may be used to address you personally. For sending this notification we use the so-called double opt-in procedure. This means that we will only send you a corresponding notification once you have expressly confirmed that you consent to receiving such a message. We will then send you a confirmation e-mail asking you to confirm that you wish to receive such notification by clicking on an appropriate link.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a DSGVO. When you register for our e-mail notification service for the availability of goods, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data we collect when you register for our goods availability e-mail notification service is used solely for the purpose of informing you of the availability of a particular item in our online store. You can unsubscribe from the goods availability e-mail notification service at any time by sending a message to the responsible person mentioned at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our distribution list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

7) Data processing for order handling

7.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b DSGVO.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally about upcoming updates within the legally stipulated period within the framework of our legal information obligations pursuant to Art. 6 (1) lit. c DSGVO by suitable means of communication (e.g. by post or e-mail). Your contact data will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

In order to process your order, we also work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Use of payment service providers (payment services)

We work with Mollie, Keizersgracht 126, 1015 CW Amsterdam, the Netherlands, as a payment service provider. At the time of an account opening with Spreadly, email address and name will be shared with Mollie. In accordance with Art. 6 Para. 1 lit. b DSGVO, your data will be passed on exclusively for the purpose of payment processing and only to the extent necessary for this purpose. You can obtain more information about Mollie B.V.'s privacy policy at the following Internet address: https://www.mollie.com/de/privacy

8) Contacting the rating reminder

Your own rating reminder (not sent by a customer rating system). We use your email address for a one-time reminder to submit a rating of your order for the rating system we use, provided that you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time by sending a message to the data controller.

9) Use of rating and test seal graphics.

Trusted Shops Trustbadge

To display our Trusted Shops seal of approval as well as to offer Trusted Shops membership to buyers after an order, the Trusted Shops Trustbadge is integrated on this website.

This serves to protect our legitimate interests in an optimal marketing of our offer, which outweigh our interests in the context of a balancing of interests, Art. 6 para. 1 lit. f DSGVO. The trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.

Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.

10) Use of social media: videos.

Use of Youtube videos

This website uses the Youtube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider "Youtube" uses cookies to collect information about user behavior. According to information from "Youtube", these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f DSGVO on the basis of Google's legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. The use of YouTube may also result in the transmission of personal data to the servers of Google LLC. in the U.S.A. Irrespective of a playback of the embedded videos, a connection to the Google network is established each time this website is called up, which may trigger further data processing operations without our influence.

For further information on data protection at "Youtube", please refer to the Youtube terms of use at https://www.youtube.com/static?template=terms and Google's privacy policy at https://www.google.de/intl/de/policies/privacy.

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

11) Retargeting/ Remarketing/ Referral advertising

Google Ads RemarketingOur website uses the functions of Google Ads Remarketing, with which we advertise this website in Google search results, as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f DSGVO.A further data processing only takes place if you have consented to Google linking your internet and app browsing history with your Google account and using information from your Google account to personalize ads that you view on the web. In this case, if they are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups. The use of Google Ads Remarketing may also involve the transmission of personal data to the servers of Google LLC. in the USA. Details on the processing triggered by Google Ads Remarketing and on Google's handling of website data can be found here: https://policies.google.com/technologies/partner-sitesYou can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plug-in from Google available at the following link: https://www.google.com/settings/ads/onweb/. Further information and the privacy policy regarding advertising and Google can be found here: https://www.google.com/policies/technologies/ads/. As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website or alternatively follow the option described above to make an objection.

12) Rights of the data subject

12.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:

• Right to information pursuant to Art. 15 DSGVO;
• Right to rectification pursuant to Art. 16 DSGVO;
• Right to erasure pursuant to Art. 17 DSGVO;
• Right to restriction of processing pursuant to Art. 18 DSGVO;
• Right to information pursuant to Art. 19 DSGVO;
• Right to data portability pursuant to Art. 20 DSGVO;
• Right to withdraw consent given pursuant to Art. 7(3) DSGVO;
• Right to lodge a complaint pursuant to Art. 77 DSGVO.

12.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

TO EXERCISE YOUR RIGHT TO OBJECT, PLEASE SEND US AN E-MAIL AT info@spreadly.app.

13) Duration of the storage of personal data

The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, this data is stored until the data subject revokes his or her consent.

If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part to continue storing it.

When processing personal data on the basis of Art. 6(1)(f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Article 21 (2) DSGVO.

Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

14) Tools, plug-ins and other notes

14.1 We use the following tools and Plus-Ins

Crisp

We use the Crisp chat system, a service provided by Crisp IM SARL, 149 Rue Pierre Semard, 29200 Brest, France ("Crisp"), to handle customer inquiries. When you contact us through our chat, necessary data such as email address, phone number, the content of your messages, your last activity and its time are collected through our website in order to respond to your request. By contacting us via chat, you consent to the processing of your personal data by Crisp. Crisp may link your data with other publicly available data, e.g. from social networks, such as first and last name, avatar and company. The legal basis for the processing of your data, if you have given your consent, is Art. 6 para. 1 lit. a DSGVO. For more information on data protection, please refer to Crisp's Statement on the Implementation of the General Data Protection Regulation https://help.crisp.chat/en/article/whats-crisp-eu-gdpr-compliance-status-nhv54c/. If you have any questions, you can also contact Crisp's data protection officer directly: Valerian Saliou Email: valerian@crisp.chat Phone: +33630138382 Address: 149 rue Pierre Sémard, 29200 Brest, France

Microsoft Sign-In

To register at https://spreadly.app you can use your own Microsoft account. Microsoft's terms and conditions and privacy policy apply, which can be viewed at the following links: https://www.microsoft.com/de-de/rechtliche-hinweise/nutzungsbedingungen (Terms of Use); https://privacy.microsoft.com/de-de/privacy (Privacy Policy).

Google Sign-In

To register at https://spreadly.app, you can use your own Google Account. The terms and conditions and privacy policy of Google apply, which can be viewed at the following link: https://policies.google.com/?hl=de

Last changed: 30th March 2022