We are informing you below about the processing of your personal data within the scope of using the markilux AR app (hereinafter referred to as “App”).

markilux GmbH + Co. KG

Hansestrasse 53

48282 Emsdetten, Germany

Tel.: +49 (0)2572 1531-0

Fax: +49 (0)2572-1531 444

E-mail: [email protected]

If you have any questions in regard to data privacy, please use the contact details given above.

Johannes Meibers

meibers.datenschutz GmbH

Haus Sentmaring 9

48151 Münster, Germany

Tel.: +49 (0)251 203197 0

Fax: +49 (0)251 203197-99

E-mail: [email protected]

Essentially, we delete your personal data once it is no longer needed for the purposes for which it was gathered or has been processed in some other way.

Should we have requested your consent, and you have granted it, we delete your personal data once you have revoked your consent and there is no other legal basis for processing it.

We delete your personal data if you file an objection to it being processed and no prior-ranking justified grounds for the processing exist, or if you file an objection to your data being processed for the purposes of direct marketing or any associated profiling.

Should it not be possible to delete your data, because it still needs to be processed so that we can fulfil a legal obligation (statutory periods of archival, etc.) to which we are subject, or it is required in order to assert, exercise or defend any legal claims, we limit the processing of your personal data.

You can also find further information about the storage period in the passages below.

You have the following rights vis-à-vis us in regard to your personal data:

- A right to be given information

- A right to have your data corrected

- A right to have your data deleted

- A right to have the processing of your data restricted

- A right to object to your data being processed

- A data portability right

You are entitled to revoke any consent you may have granted us for the processing of your personal data, at any time. Revocation of consent shall not effect the legality of the processing that has been carried out on the basis of said consent until the time it was revoked.

You are entitled to complain about the processing of your personal data by us to a supervisory authority.

The provision of your personal data is basically not prescribed, either by law or contractually, and not necessary in order to conclude a contract. You are basically not obliged to provide your personal data. Should it, however, on occasion be required, we will indicate this to you separately at the time of gathering your personal data (for instance, by indicating mandatory fields on input forms).

In general, not providing your personal data results in our not being able to process your personal data for one of the purposes outlined below, and your not being able to take up any offer that is associated with the respective processing (e.g. our not being able to transmit any price quotation requests to our specialist dealers without you providing your contact details).

We employ external services for hosting data in connection with the use of the App. Said services may have access to personal data that is processed within the scope of making use of our App. You can find additional information on the services deployed, the scope of the data processing and the technologies and methods used by the respective services in the further information on the services made use of by us at the end of this passage and under the links provided there.

Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America. Website: https://cloud.google.com/. Additional information and data privacy information: https://policies.google.com/?hl=en The transmission of personal data to countries outside the EU is linked to the respective Google service and subject to various standard EU contractual clauses to the extent that those model clauses are offered by Google. You can find more information about this and about Google’s responsibility under the following link: https://business.safety.google/gdpr/. You can inspect a copy of the standard EU contractual clauses under that link.

For security reasons, and in order to protect the transmission of your personal data and other confidential content, we employ encryption in the context of use of the App.

Should you make contact with us, we will process your personal data in order to process your contact with us.

Should we have requested your consent, and you have provided it, this means that the legal basis for the processing is Art. 6(1)(a) GDPR. Should we not have requested your consent, the legal basis for said processing is Art. 6(1)(f) GDPR. In that respect, our legitimate interest is the processing of your contact enquiry. Should the processing be required in order to fulfil a contract with you or take pre-contractual steps based on your enquiry, the legal basis for the processing is additionally Art. 6(1)(b) GDPR.

In order to provide and maintain our e-mail inboxes, we make use of external services. Said services may have access to personal data that is processed within the scope of your making contact with us. You can find additional information on the services deployed, the scope of the data processing and the technologies and methods used by the respective services below in the additional information about the services we use and under the links provided there:

Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.

Website: https://www.google.com/intl/de/gmail/about/

Additional information and data privacy information: https://policies.google.com/?hl=de

The transmission of personal data to countries outside the EU is linked to the specific Google service concerned and subject to various standard EU contractual clauses to the extent that those model clauses are offered by Google. You can find more information about this and about Google’s responsibility under the following link: https://business.safety.google/gdpr/. You can inspect a copy of the standard EU contractual clauses under that link.

To facilitate the handling of your enquiries when you make contact with us, we use support systems (appointment booking systems, live chats, ticket systems or help desks, etc.), and make use of external services for that purpose. Said services may have access to personal data that is processed within the scope of contacting us via a support system. You can find more information about the services deployed, the scope of the data processing and the technologies and methods used by the respective services below in the additional information about the services we use us and under the links provided there:

Provider: salesforce.com inc., United States of America.

Website: https://www.salesforce.com/?ir=1

Additional information and data privacy information: https://www.salesforce.com/company/legal/ and https://www.salesforce.com/de/company/privacy/

Warranty: Standard EU contractual clauses. You can request a copy of the standard EU contractual clauses from us.

Cookie-like technologies are used.

These may serve the purpose of enabling the use of certain functions, measuring the reach of our App, designing it in line with customer needs and based on customer interest, and thus optimising our App and our marketing. Cookie-like technologies may be used by us and by external services.

In order to administer related consents, we use a Consent Tool. You can infer details of the technologies used (purpose, period of storage, any external service involved, etc.) and the Consent Tool from the passages below and the Consent Tool employed by us.

Should we have requested your consent, and you have provided it, this means that the legal basis for the processing is Art. 6(1)(a) GDPR. Should we not have requested your consent, the legal basis for said processing is Art. 6(1)(f) GDPR. Our legitimate interest is the administration of the cookie-like technologies and the related consents. Depending upon the purpose of the processing, our legitimate interests can be inferred from the passages below.

You can revoke or manage your consents in regard to the cookie-like technologies deployed in the Consent Tool used by us, which you will find in the App settings.

We process your personal data in order to measure the reach and functionality of our App, designing it in line with customer needs and based on customer interest, and thus optimising our App and our marketing.

Should we have requested your consent, and you have provided it, this means that the legal basis for the processing is Art. 6(1)(a) GDPR. Should we not have requested your consent, the legal basis for said processing is Art. 6(1)(f) GDPR. In that respect, our legitimate interest is the optimisation of our web pages and our marketing.

For analysis and marketing, we employ external services. In that regard, profiling may also be undertaken (for the purpose of advertising, personalised information, etc.). Profiling may also be carried out across services and devices. You can find additional information on the services employed, the scope of data processing and the technologies and methods used by the respective services as well as whether profiling occurs when the respective services are employed and information regarding the logic involved as well as the reach and the targeted impact of such processing for you in the additional information about the services employed by us at the end of this clause and under the links provided.

Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.

Website: https://firebase.google.com/products/analytics

Further information and data privacy information: https://support.google.com/firebase/answer/6318039?hl=de and https://support.google.com/analytics/answer/6004245 and https://policies.google.com/?hl=en

The transmission of personal data to countries outside the EU is linked to the specific Google service concerned and subject to various standard EU contractual clauses to the extent that those model clauses are offered by Google. You can find more information about this and about Google’s responsibility under the following link: https://business.safety.google/gdpr/. You can inspect a copy of the standard EU contractual clauses under that link.

Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.

Website: https://firebase.google.com/products/crashlytics

Further information and data privacy information: https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms/ and https://policies.google.com/?hl=en

The transmission of personal data to countries outside the EU is linked to the specific Google service concerned and subject to various standard EU contractual clauses to the extent that those model clauses are offered by Google. You can find more information about this and about Google’s responsibility under the following link: https://business.safety.google/gdpr/. You can inspect a copy of the standard EU contractual clauses under that link.

We use maps offered by external services to make it easier for you to ascertain the location of our contractual partners and enable you to use the further functions of these external services in connection with the maps.

Should we have requested your consent, and you have provided it, this means that the legal basis for the processing is Art. 6(1)(a) GDPR. Should we not have requested your consent, the legal basis for said processing is Art. 6(1)(f) GDPR. In that respect, our legitimate interest is the simplified use of maps.

The use of external services may involve profiling (for the purposes of advertising, personalised information, etc.). Profiling may also be carried out across services and devices. You can find additional information on the services employed, the scope of data processing and the technologies and methods used by the respective services as well as whether profiling occurs when the respective services are employed and information regarding the logic involved as well as the reach and the targeted impact of such processing for you in the additional information about the services employed by us at the end of this clause and under the links provided.

Provider: Depending upon your home country, Apple services are provided by Apple Distribution International Ltd., Ireland, or another company (which can be ascertained at https://www.apple.com/de/legal/internet-services/itunes/de/terms.html).

Additional information and data privacy information: https://www.apple.com/legal/privacy/

In the context of using the App, we require certain authorisations from you, to enable you to use certain functions of the App. This is done by you being asked to grant the corresponding authorisation when you open the respective function for the first time. You can withdraw the authorisations granted, and grant them once again, via the settings of your terminal. The authorisations required in the context of using our App, and their respective purposes, are outlined below.

Should we have requested your consent, and you have provided it, this means that the legal basis for the processing is Art. 6(1)(a) GDPR. Should we not have requested your consent, the legal basis for said processing is Art. 6(1)(f) GDPR. In that respect, our legitimate interest is in duly providing the corresponding function.

We require an authorisation to access the camera, in order to provide you with the functions of the AR App configurator.

We require an authorisation to access your photos in order to enable you to save and share your photos created with the configurator.

We require an authorisation to access your location in order to make it easier for you to search for a local specialist dealer in your area.