Privacy Policy for the New Chapter Executive Search GmbH website

1. GENERAL

By operating our website with the URL www.newchapter.io (hereinafter referred to as "website"), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws - in particular the German Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.

2. NOTES

Our privacy policy contains technical terms that are in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1 Personal data

"Personal data" is any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one's own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.

2.2 Processing

A "processing" is understood by Art. 4 No. 2 GDPR to mean any operation in connection with personal data. This relates in particular to the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.

II. Controller and data protection officer

3. CONTROLLER

The data controller is:

Company: NEW CHAPTER Executive Search GmbH ("we") Legal representative: Dr. med Anne Wichels-Schnieber, Julia Mandl (Managing Directors) Address: Gurlittstr. 27, 20099 Hamburg Phone: +49 151 517 40451 Fax: +49 172 6166 230 E-mail: office@newchapter.io

4. DATA PROTECTION OFFICER

We have appointed an external data protection officer for our company. You can reach him under:

Name: Arne Platzbecker Address: HABEWI GmbH & Co KG, Palmaille 96, 22767 Hamburg Phone: 040/ 46008966 Fax: 040/ 46008977 E-mail: datenschutz@habewi.de

III. Processing frame

5. PROCESSING FRAMEWORK: WEBSITE

Within the framework of the website, we process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers for the processing of your personal data, this is done within the framework of a so-called order processing, in which we as the client are authorized to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external provider Ionos (1&1 IONOS SE, Elgendorfer Str. 5756410 Montabaur, Germany) at the data center location [...], [...]. If further external service providers are used for individual processing operations listed in section IV, they will be named there.

As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.

IV. The processing in detail

6. PROVISION OF THE WEBSITE AND SERVER LOGFILES

6.1 Description of processing

Every time you visit the website, we automatically collect information that your browser transmits to our server. This is the following data:

· IP address

· browser software used, as well as its version and language

· Operating system

· the website from which visitors came to the website (so-called referrer)

· the date and time the website was accessed

These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the end device of a user. For this purpose, the user's IP address must remain stored for the duration of the session. Your IP address is also recorded in the log files for security reasons to defend against attacks on our website (especially so-called DDos attacks) and for fraud prevention.

6.2 Purpose

The processing is carried out to enable the website to be called up and to ensure its stability and security. Further-more, the processing serves the statistical evaluation and improvement of our online offer.

6.3 Legal basis

The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 6.2.

6.4 Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 56 days.

7. CONTACT US BY E-MAIL

7.1 Description of processing

You can also contact us via the email addresses provided on the website. To contact us, you can write to us using the email address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

7.2 Purpose

The data transmitted with and in your e-mail will be used exclusively for the purpose of processing and respon-ding to your request.

7.3 Legal basis

The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR).

7.4 Storage period

The data is deleted by us as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when the respective communication with you has ended. The communication is termina-ted when it can be inferred from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention pe-riod.

8. SOCIAL NETWORKS

8.1 Description of the processing

Our website does not use so-called social media plugins. The LinkedIn and Xing logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network.

However, our profiles within the social networks represent data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, "share", "like" or "retweet" a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us.

8.2

On the social network LinkedIn, we have the possibility to obtain statistical data about the use of our LinkedIn profile via the so-called "Insights" function.

The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your terminal device. You have the right to object to the creation of these user profiles, for the exercise of which you must contact the social networks directly.

8.3 Purpose

We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the "Insights" function of to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.

8.4 Legal basis

The legal basis for data processing in the context of our profiles on social networks is the protection of our over-riding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 8.3. If you are asked for consent by the respective operator of a social network, the legal basis is Article 6 (1) a GDPR. The data processing is carried out

with regard to our presence on LinkedIn on the basis of joint responsi-bility in accordance with Art. 26 GDPR.

8.5 Recipients and transfer to third countries

The respective social networks are operated by the companies listed below. Further information on data protec-tion with regard to our profile on the social networks can be found in the linked data protection provisions.

· LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy Policy: www.linke-din.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. The privacy agreement with LinkedIn can be found at www.linkedin.com/legal/l/dpa. The shared responsibility agreement can be vie-wed at legal.linkedin.com/pages-joint-controller-addendum.

· Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Privacy policy: https://pri-vacy.xing.com/de/datenschutzerklaerung .

The social networks also process your personal data in the USA.

V. Security measures

9. Security measures

To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS cer-tificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communi-cation of data between a website and the end device of the user. You can recognize the active SSL or TLS encryp-tion by a small lock logo that is displayed on the far left in the address bar of the browser.

VI. Rights of the data subject

10. Rights of the data subject

With regard to the data processing by our company described above, you are entitled to the following data subject rights:

10.1 Right of access by the data subject (Art. 15 GDPR)

You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR under the conditions specified in Art. 15 GDPR.

10.2 Right to rectification (Art. 16 GDPR)

You have the right to demand that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.

10.3 Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)

You have the right to demand that we delete personal data relating to you without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.

10.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to request that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.

10.5 Right to data portability (Art. 20 GDPR)

You have the right, under the conditions set out in Art. 20 GDPR, to request that the data concerning you be handed over in a structured, common and machine-readable format.

10.6 Withdrawal of consent (Art. 7 (3) GDPR)

You have the right to withdraw your consent at any time in the case of processing based on consent. The revo-cation applies from the time it is asserted. In other words, it has effect for the future. The processing therefore does not become unlawful retroactively as a result of the withdrawal of consent.

10.7 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.

10.8 Automated individual decision-making, including profiling (Art. 22 GDPR)

Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated deci-sion-making including profiling with regard to your personal data.

10.9 Right to object (Art. 21 GDPR)

If we process your personal data on the basis of Art. 6 (1) (f) GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that over-ride your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case - also regardless of a specific situation - you have the right to object at any time to the processing of your personal data for direct marketing.

December 2021

office@newchapter.io