Privacy Policy

ANNEX 5 – PRIVACY POLICY Effective day 8 March 2019

VAT4U GmbH and its affiliates and subsidiaries (“VAT4U” or “us” or “we”) welcome you to our Site! The “Site” means www.vat4u.com, www.vat4u.de, www.vat4u.fr, www.vat4u.nl, www.app.vat4u.com and any successor URLs, mobile or localized versions and related sub-do- mains including smartphone applications by VAT4U GmbH, in whatever format they may be offered now or in the future. Through the Site, we may provide you with general information regarding our company, products, and services.

1. INFORMATION ON THE COLLECTION OF PERSONAL DATA

1.1 In the following, we inform you about the collection of personal data when using our Site and the services offered. Personal data is all data that can be referred to you personally, e. g. name, address, e-mail addresses, user behavior.

1.2 VAT4U GmbH, represented by its Managing Directors, Dr. Fabian Völkel and Damien Moras, Immermannstr. 55, 40210 Düsseldorf, Germany, is the Controller pursuant to Art. 4 para. 7 EU Data Protection Basic Regulation (GDPR). You can reach our data protection officer at privacy@vat4u.com or our postal address with the addition “Data Protection Officer”.

2. YOUR RIGHTS

2.1 you:

You have the following rights vis-à-vis us with regard to the personal data concerning

§ Right to information,
§ Right to correction or deletion,
§ Right to restrict processing,
§ Right to object to processing, § Right to data transferability.

2.2 processing of your personal data by us.

You also have the right to complain to a data protection supervisory authority about the

3. COLLECTING PERSONAL DATA

3.1 When you contact us by e-mail, chat or via a contact form, the data provided by you (your e-mail address, your name, and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data arising in this connection, after the storage is no longer necessary, or limit the processing if legal storage obligations exist.

3.2 When using the Site purely for informational purposes, i. e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our Site, we collect the following data, which is technically necessary for us to display our Site and to guarantee stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

§ IP address
§ Date and time of the request
§ Time zone difference to Greenwich Mean Time (GMT) § Content of the request (concrete page)
§ Access status/HTTP status code
§ The amount of data transferred in each case
§ Website from which the request comes
§ Browser
§ Operating system and its interface
§ Language and version of the browser software.

3.3 you can use if you are interested. In order to do this, you must normally provide further personal data that we use to provide the respective service and for which the aforementioned data pro- cessing principles apply.

4. USE OF VAT4U APP

4.1 If you wish to use our VAT4U app, you must register by entering your professional e- mail address, a password of your own choice and your full name. There is an obligation to use a clear name, pseudonymous use is not allowed. We use the so-called double opt-in procedure for registration, i. e. your registration is not completed until you have confirmed your registra- tion via an e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm this within 48 hours, your registration will be automatically deleted from our data- base. It is obligatory to provide the aforementioned data, all further information can be pro- vided voluntarily by using our VAT4U App.

4.2 If you use our VAT4U App, we store your data necessary for the fulfilment of the con- tract, including details of the payment method, until you finally delete your access. We process the data provided by you for the processing of your order. For this purpose, we can pass on your payment data to our house bank. The legal basis for this is Article 6 (1) sentence 1 lit. b GDPR. In addition, we store the voluntary data you provide for the time of your use of the VAT4U App, unless you delete it beforehand. All information can be administered and changed in the pro- tected customer area. The legal basis is Article 6 (1) sentence 1 lit. f GDPR. In accordance with commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after five years, we will limit the processing, i. e. your data will only be used to comply with the legal obligations.

4.3 If you use the VAT4U App, your data can be made accessible to other participants of the VAT4U App in accordance with the contractual service. Unregistered members will not receive any information about you. Your User Name and Photo will be visible to all logged in members regardless of whether you have approved them. In contrast, your entire profile with the data you have released is visible to all members you have confirmed as personal contact. If you make content available to your personal contacts that you do not send by private message, the con- tent will be visible to third parties as long as your personal contact has approved it. If you post contributions in public groups, these are visible to all registered members of the VAT4U App.

6.3 Insofar as our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we will inform you of the consequences of this cir- cumstance in the description of the offer.

7. OPPOSITION OR REVOCATION AGAINST THE PROCESSING OF YOUR DATA

7.1 If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the admissibility of the processing of your personal data after you have expressed it to us.

7.2 Insofar as we base the processing of your personal data on a balance of interests, you can object to the processing. This is the case if the processing, in particular, is not necessary for the fulfillment of a contract with you, which is illustrated by us in the description of the functions and services. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of a well-founded objec- tion, we will examine the situation and either discontinue or modify the data processing or in- dicate our compelling reasons worthy of protection on the basis of which we will continue pro- cessing.

7.3 OF COURSE, YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR AD- VERTISING AND DATA ANALYSIS PURPOSES AT ANY TIME. YOU CAN INFORM US ABOUT YOUR ADVERTISING CONTRADICTION UNDER THE FOLLOWING CONTACT DETAILS: VAT4U GMBH, IM- MERMANNSTR. 55, 40210 DÜSSELDORF, GERMANY, EMAIL: OPT-OUT@VAT4U.COM.

8. NEWSLETTER

8.1 With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers.

8.2 Only your e-mail address is obligatory for sending the newsletter. The entry of further, separately marked data is voluntary and will be used to address you personally. After your con- firmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6 (1) sentence 1 lit. a GDPR.

8.3 You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details given in the imprint.

8.4 We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pix- els, which represent one-pixel image files stored on our Site. For the evaluations, we link the data mentioned in number 3 and the web beacons with your e-mail address and an individual ID. With the data thus obtained, we create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click in them and deduce your personal interests from them. We link this data to actions taken by you on our Site.

8.5 You can revoke this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact method. The information is stored as long as you have subscribed to the newsletter. After a logoff, we store the data purely statistically and anon- ymously.

9. USE OF GOOGLE ANALYTICS

9.1 the Site uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the Site analyze how users use the site. The information generated by the cookie about your use of the Site is usually transferred to a Google server in the USA and stored there. How- ever, if you enable IP anonymization on this site, Google will previously shorten your IP address within Member States of the European Union or in other signatory states to the EEA Agreement. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the operator of the Site, Google will use this information to eval- uate your use of the Site, to compile reports on Site activity and to provide further services associated with the use of the Site and the Internet to the Site operator.

9.2 The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

9.3 You may refuse the use of cookies by selecting the appropriate settings on your browser software; however, we would like to point out that in this case, you may not be able to use the full functionality of the Site. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the Site (including your IP address) and from processing this data by downloading and installing the “Google Analytics Opt-out Browser Add-on” availa- ble at the following link: http://tools.google.com/dlpage/gaoptout?hl=en (access 23.04.2018).

9.4 We use Google Analytics to analyze and regularly improve the use of our Site. We can use the statistics gained to improve our offer and make it more interesting for you as a user. In exceptional cases where personal data is transferred to the United States, Google has been subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework (access 23.04.2018). The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

9.5 Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1)436 1001, Terms of Use (access 23.04.2018):

http://www.google.com/analytics/terms/de.html, Privacy

http://www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.de/intl/de/policies/privacy.

10. INTEGRATION OF YOUTUBE VIDEOS

10.1 We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com and can be played back directly from our Site.

10.2 By visiting the Site, YouTube will be informed that you have accessed the corresponding subpage of our Site. In addition, the data specified in number 3 of this declaration will be trans- mitted. This is done regardless of whether YouTube provides a user account that you are logged in through, or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or the design of your Site. Such an evalua- tion is carried out in particular (even for users who are not logged in) to provide demand-ori- ented advertising and to inform other users of the social network about your activities on our Site. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

10.3 Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration. There you will also find further infor- mation on your rights and options for privacy protection: https://www.google.de/intl/de/poli- cies/privacy (access 23.04.2018). Google also processes your personal data in the United States and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework (access 23.04.2018).

11. INTEGRATION OF GOOGLE MAPS

11.1 On the Site, we use the services of Google Maps. This allows us to display interactive maps directly on the Site and enables you to use the map function conveniently.

11.2 By visiting the Site, Google receives the information that you have accessed the corre- sponding subpage of our Site. In addition, the data specified in number 3 of this declaration will be transmitted. This happens regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for advertising, market research and/or the design of its website according to your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our Site. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

11.3 For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s data protection declaration. There you will also find further information on your rights and options for privacy protection:

http://www.google.de/intl/de/policies/privacy (access 23.04.2018). Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.priva- cyshield.gov/EU-US-Framework (access 23.04.2018).

12. USE OF GOOGLE ADSENSE

12.1 We use the online advertising service Google AdSense, through which you can be pre- sented with advertising directed at your interests. We are thus pursuing the interest of display- ing advertisements that might be of interest to you in order to make our Site more interesting for you. For this purpose, statistical information about you is collected and processed by our advertising partners. These advertisements can be identified by the notice “Google ads” in the respective advertisement.

12.2 By visiting our Site, Google receives the information that you have visited our Site. Google uses a web beacon to set a cookie on your computer. The data specified in number 3 of this declaration will be transmitted. We have no influence on the collected data, nor is we aware of the full extent of data collection and storage duration. Your data is transferred to the USA and evaluated there. If you are logged in with your Google Account, your data can be assigned to it directly. If you don’t want to be associated with your Google profile, you have to log out. It is possible that this data may be passed on to Google’s contractual partners to third parties and authorities. The legal basis for the processing of your data is art. 6 par. 1 p. 1 lit. f GDPR. the Site does not display third-party ads through Google AdSense.

12.3 You can prevent the installation of Google AdSense cookies in various ways:

12.3.1 by adjusting your browser software accordingly, in particular, the suppression of third- party cookies means that you will not receive ads from third parties;

12.3.2 by deactivating Google’s interest-based ads via the link http://www.google.de/ads/preferences (access 23.04.2018), this setting being deleted when you delete your cookies;

12.3.3 by deactivating the interest-based ads of providers that are part of the “About Ads” self- regulatory campaign via the http://www.aboutads.info/choices (access 23.04.2018) link, this setting being deleted when you delete your cookies;

12.3.4 by permanently deactivating Firefox, Internet Explorer or Google Chrome in your brows- ers at http://www.google.com/settings/ads/plugin (access 23.04.2018).

12.3.5 We would like to point out that in this case, you may not be able to use all functions of this offer in full.

12.4 For further information on the purpose and scope of data collection and processing, as well as further information on your rights and options for privacy protection, please contact us: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Advertising Pri- vacy Policy: http://www.google.de/intl/en/policies/technologies/ads (access 23.04.2018).

Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US- Framework (access 23.04.2018).

13. USE OF GOOGLE ADWORDS CONVERSION

13.1 We use the services of Google Adwords to draw attention to our attractive offers by means of advertising materials (“Google Adwords”) on external websites. In relation to the ad- vertising campaign data, we can determine how successful the individual advertising measures are. We pursue thereby the interest to show you advertisement, which is of interest for you, to arrange our Site for you more interestingly and to reach a fair calculation of advertising costs.

13.2 These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose, we use Ad Server cookies to measure certain parameters for measuring success, such as the insertion of ads or clicks by users. If you access our Site via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 30 days and should not be used to identify you personally. The unique cookie ID, number of ad impressions per place- ment (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie.

13.3 These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on his or her computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot be tracked via the websites of Adwords customers.

13.4 We ourselves do not collect and process any personal data in these advertising measures. Google merely provides us with statistical evaluations. On the basis of these evalua- tions, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising media, in particular, we cannot identify the users on the basis of this information.

13.5 Based on the marketing tools used, your browser automatically establishes a direct con- nection with Google’s server. By integrating AdWords Conversion, Google receives the infor- mation that you have called up the corresponding part of our Site or clicked on an ad by us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and save it.

13.6 You can prevent participation in this tracking procedure in various ways:

13.6.1 by adjusting your browser software accordingly, in particular, the suppression of third- party cookies means that you do not receive ads from third-party providers;

13.6.2 by deactivating cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads, this set- ting being deleted when you delete your cookies;

13.6.3 bydeactivatingtheinterest-basedadsofprovidersthatarepartofthe“AboutAds”self- regulatory campaign via the http://www.aboutads.info/choices link, this setting being deleted when you delete your cookies;

13.6.4 bypermanentlydeactivatingFirefox,InternetExplorerorGoogleChromeinyourbrows- ers at http://www.google.com/settings/ads/plugin (access 23.04.2018). We would like to point out that in this case, you may not be able to use all functions of this offer in full.

13.7 The legal basis for the processing of your data is art. 6 para. 1 p. 1 lit. f GDPR. Further information on data protection at Google can be found here (access 23.04.2018): http://www.google.com/intl/de/policies/privacy and https://ser- vices.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initia- tive (NAI) website at http://www.networkadvertising.org Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

14. USE OF FACEBOOK CUSTOM AUDIENCES

14.1 Furthermore, the Site uses the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”). This allows users of the Site to view interest-based advertisements (“Face- book ads”) on Facebook social networking sites or other websites that also use the process. We are thus pursuing the interest of displaying advertisements that are of interest to you in order to make our Site more interesting for you.

14.2 Based on the marketing tools used, your browser automatically establishes a direct con- nection to the Facebook server. By including Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence or that you have clicked on an advertisement from us. If you are registered with a Facebook ser- vice, Facebook can assign the visit to your account. Even if you are not registered on Facebook or have not logged in, it is still possible for the provider to find out your IP address and other identifiers and save them.

14.3 The deactivation of the “Facebook Custom Audiences” function is possible for logged- in users at https://www.facebook.com/settings/?tab=ads# (access 23.04.2018)

14.4 The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR. For more information about data processing on Facebook, please visit https://www.face- book.com/about/privacy (access 23.04.2018).

15. USE OF LINKEDIN CAMPAIGNS:

15.1 As part of our efforts to provide relevant information and engage with our audience, we may utilize LinkedIn campaigns to display targeted advertisements to users on the LinkedIn platform. This allows us to reach individuals who have expressed interest in our services and products. When you interact with our LinkedIn campaigns, certain information about your interactions and engagement may be collected. This information helps us analyze the effectiveness of our campaigns and tailor our content to better serve your interests.

15.2 We want to assure you that your privacy and data protection are important to us. Any data collected through LinkedIn campaigns is used solely for the purpose of improving our marketing strategies and enhancing your experience with our brand. Your personal information is not shared with LinkedIn or any third parties for purposes other than these campaigns.