Aqrose GmbH

1. Legal basis for the processing of personal data
We process your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), if: 2. Categories of recipients
We may share your personal data with the following categories of recipients if necessary for the purposes described in this Privacy Notice: 3. Third country transfers
We usually process your personal data within the EU/EEA. If we transfer your personal data to recipients in countries outside of the EU/EEA ("third countries"), we apply the following safeguards to ensure that the protection of your personal data is not undermined: For more details about our third country transfers or copies of these safeguards please reach out to us via the contact details stated under "Data subjects rights and questions" section below.

4. Storage periods
We store your personal data for no longer than is necessary for the purposes described in this Privacy Notice. To determine our storage periods, we particularly use the following criteria: Once our applicable storage periods expire, we will delete or anonymize your personal data. For more details on our storage practices, please reach out to us via the contact details stated under "Data subjects rights and questions" section below.

5. Sources of personal data
We usually collect personal data from you directly, in particular: You can provide your personal data voluntarily to us, unless you are legally or contractually obliged to do so, or it is necessary to enter into a contract. If you do not provide your personal data to us, you will likely not be able to enter into or maintain a contractual relationship with us or you will likely not be able to interact with us. For more details on your obligations and possible consequences, please contact us via the contact details stated in the "Data subjects rights and questions" section below.

We may also collect personal data from other sources than you, in particular from: 6. Data subject rights and questions
You have the following rights under the GDPR: If you want to exercise these rights or have questions about this privacy notice, please contact us via [data_privacy@aqrose.com]. Please note that your rights can be restricted in certain situations. In such case, we will inform you of the restriction's reason.

If you have any concerns about how we process your personal data, we encourage you to let us know so we can try to resolve your concerns. Irrespective of this, if you think we have not complied with data protection laws, you have the right to lodge a complaint with the competent supervisory authority under Art.77 GDPR.

7. Existence of automated decision-making
As a matter of principle, we do not use automated decision-making and, in this context, no profiling within the meaning of Art.22 GDPR.

Cookies and similar technologies (also "Cookies") may be used by us and/ or third parties on our website, with which information can be stored in your end device (e.g. computer, notebook, mobile phone) or access to information that is already stored in your end device is made possible.

Cookies and similar technologies may be used: (1) to provide this website and the functions that are fundamentally necessary for this website (e.g. certain user input, authentication, security, multimedia player, load balancing, UI customisation cookies), (2) to analyse the use of our website (e.g. which pages were visited most frequently) so that this website can be improved in a user-oriented manner, (3) to display personalised advertising and content, and (4) to measure the success of our activities in connection with the use of our website. The details in the [Privacy Settings] are

The storage of information in your end device or access to information that is already stored in your end device is only carried out on the basis of your consent. Without your consent, the storage of information in your end device or access to information that is already stored in your end device only takes place if

the sole purpose of the storage or access is to carry out the transmission of a communication over a public telecommunications network, or
this is absolutely necessary so that a telemedia service expressly requested by you can be provided.
The functional duration of cookies and similar technologies generally depends on your visit to our website, i.e. cookies are deleted when you leave our website (so-called "session cookies"). The functional duration of cookies and similar technologies may also depend on a specified expiry date, whereby the functional duration here currently does not exceed 3 months in any case unless indicated otherwise in this Privacy Notice. The functional duration of cookies and similar technologies requiring consent ends in any case with the withdrawal of your consent.

You can use the [Privacy Settings] to make your desired settings, such as granting or withdrawing consent. If you withdraw your consent, the legality of storing information on your device or accessing information that is already stored on your device will not be affected until you withdraw your consent. If you do not accept cookies and similar technologies that require consent, you will not suffer any disadvantages as a result. There is no obligation to give consent to cookies and similar technologies that require consent.

1. Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. For example, the following data can be collected: The data is also stored in the log files of our system.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer.

The data is stored in log files to ensure the functionality of the website. We may also use the data to optimise the website and to ensure the security of our information technology systems.

Legal basis: Art. 6(1)(f) GDPR

If data is collected to provide the website, your data will be deleted when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest.

2. Order management
You can place an order by contacting us.

When placing an order, you only need to provide the data that we require to process your order and which we have therefore labelled as mandatory information for you.

Data processing in connection with your orders, including processing of goods and payment transactions, are necessary for contract initiation or contract fulfilment, which is why the legal basis for this data processing is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

Data that we process for an order is subject to statutory retention obligations, meaning that we must comply with retention periods under tax and commercial law in particular. These generally amount to ten years, meaning that your data can only be deleted afterwards.

3. Newsletter and e-mail advertising
On our website, you have the opportunity to find out about our products and services via e-mail and to subscribe to a free newsletter (hereinafter "newsletter"). The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally.

We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. You must confirm your registration within 24 hours in order to activate your registration. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. After your confirmation, we process your e-mail address for the purpose of sending you the newsletter.

If you have given your consent, our newsletters may also contain personalised advertising or personalised content.

In addition, we may also measure the success of our newsletter based on your consent, for example whether our newsletter has been read.

The processing includes the following types of personal data: Legal basis: Art. 6(1)(a) GDPR

The legal basis for data processing as part of the double opt-in procedure and in connection with the proof of your consent is Art. 6(1)(c) in conjunction with Art. 5(1)(a),(2), Art. 7(1) GDPR.

Personal data is stored for as long as the subscription to the newsletter is active or the e-mail advertising is requested. The subscription can be cancelled at any time by withdrawing the consent given (e.g. via the "Unsubscribe newsletter" link in the newsletter). However, we may store your email address and proof of your consent for the duration of the statutory limitation period, i.e. three years, in the interest of and for the purpose of proving your consent and in defence against possible claims.

If you do not confirm your registration for our newsletter as part of the double opt-in procedure within 24 hours, your information will be automatically deleted.

4. Advertising for similar goods and services
If you have given us your e-mail address in connection with the purchase of goods or services from us, we may also use your e-mail address to inform you regularly about our own similar goods or services by means of direct advertising.

Legal basis: Art. 6(1)(f) GDPR in conjunction with Sec. 7(3) UWG

The data will be deleted as soon as you object to the use of your e-mail address for advertising for similar goods and services. You will not incur any costs for the objection other than the transmission costs according to the basic tariffs.

5. Direct advertising by postal mail
We use the postal contact details provided by you in connection with the purchase of goods or services or when you contact us to inform you regularly about our products and services (e.g., sending product catalogues) by postal mail by way of direct advertising.

The legal basis for data processing is Art. 6 (1) (f) GDPR.

The data will be deleted as soon as you object to the use of your data for direct advertising by letter.

6. Contacting us
When you contact us (e.g., via a form on our website or by e-mail, the data you provide such as your e-mail address and any other data you provide) will be transmitted to us and processed by us to process your enquiry.

If the contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR is the legal basis for the processing. The legal basis for the processing of data transmitted in the course of making contact in other cases is Art. 6 (1) (f) GDPR.

The data collected in this context will be deleted once your request has been processed and there are no longer any legal retention requirements. The statutory retention periods typically amount to ten years.

7. Consent management
We use a consent management service to enable you to give and manage consent on our website. This service helps us to obtain consent from you on our website for data processing that requires consent as well as cookies and similar technologies. In addition, consent management via this service enables you to withdraw the consent you have given.

The legal basis for data processing is Art. 6 (1) (c) in conjunction with Art. 7 (1) GDPR or Art. 6 (1) (f) GDPR.

We may store personal data for the duration of the statutory limitation period, i.e. three years, in the interest of and for the purpose of proving your consent and for the defence of possible claims.

8.Website analysis for success measurement and to optimize user-friendliness
In order to be able to measure the success of activities in connection with the use of our website and to optimize user friendliness of our website, we analyse the use of our website with aggregated data.

The processing includes the following types of personal data: The results of our performance measurement can be recorded in (aggregated) reports.

The legal basis for the processing of personal data is your consent (Art. 6 (1) (a) GDPR).

Personal data processed by us in connection with the website analysis to measure success and to optimize user friendliness of our website will be deleted by us no later than 3 months after their collection.

To analyze the usage of our website with aggregated data, we utilize the following Cookies, given your consent:

Cookie name	Cookie Type	Purpose	Cookie Duration
HMACCOUONT_BFEESS	Third party cookie used by Baidu, No.10 Shangdi 10th Street, Haidan District, 100085 Beijing, China https://home.baidu.com/ Privacy Notice: https://ir.baidu.com/baidu-statement-privacy-protection	Analytics as described above (Website analysis for success measurement and to optimize user-friendliness)	13 months

9. Company presence on social media
We also utilise social media to present ourselves on social media and to stay in contact and interact with you. In addition, we analyse how our company page is used on social media so that we can design and optimise it in line with requirements based on the insights gained.

The legal basis for the processing of personal data is our legitimate interest in accordance with Art. 6 (1) (f) GDPR or the consent you have given us in accordance with Art. 6 (1) (a) GDPR.

Personal data that we process in connection with social media will be deleted by us no later than 12 months after its collection.

The social media providers themselves are generally responsible for compliance with data protection regulations on their platform. In addition to these providers, we are only responsible under data protection law to a limited extent. The extent to which we are responsible alongside the providers can be found in the respective information on joint controllership.

We are active on the following social media platforms: