The use of the Services is generally possible without providing personal information. You are neither obliged to visit this website nor to provide any personal information. If you do not provide us with personal information, you may not be able to use certain functionalities of the Services. Otherwise, there will be no consequences for you. The personal information we collect about you may include, without limitation:

• Contact information, such as name, email address, postal address, and phone number.
• Payment information, such as credit card and billing address;
• Login information, such as username and password.
• Automatically collected information, such as information about the devices you use to access the Services (such as the IP address and type of operating system), dates, times, and duration of use of the Services, and information on actions taken when using the Services. See Section 2 Cookie Notice for more information.

We also collect data for pseudonymized user profiles to improve the Services. Note that under CCPA personal information does not include (i) publicly available information from government records, (ii) de-identified or aggregated consumer information, and (iii) any information excluded pursuant to applicable law.

When you use the Services, we may also collect certain information with cookies. A "cookie" is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.

A. Strictly Necessary Cookies - We collect the necessary information to enable you to use the Services. This includes your IP address and data about the start, end, and subject of your use of the Services as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to requirements. Legal basis for deploying strictly necessary cookies is our legitimate interest in providing our website under Art. 6 (1) (f) GDPR. Strictly necessary cookies always deleted as soon as they are no longer required and there are no storage obligations.

B. Consent to Other Cookies and Web Analytics - When you visit our website, a "cookie banner" appears, with which we ask you for your consent to set cookies to optimize the website and for web analytics. We use cookies or similar technologies to store your preferences when using our website, to statistically analyze your usage behavior, and to show you personalized advertising on third-party websites or social media. This data may be used by us and our partners to enrich usage profiles.

If you give your consent, you should be aware that your personal data stored in the relevant cookie or similar technology may be transferred to countries outside the EU which may not provide a level of data protection comparable to that in the EU. With respect to the United States, we generally use US providers that are certified under the Data Privacy Framework (see Section 9 for more details). Where a US providers is not certified, we ensure that EU standard contractual clauses are agreed with the provider. If a provider is not (yet) certified under the Data Privacy Framework, you consent to the transfer of data to a third country to that provider by selecting the relevant cookies. Legal basis for deploying other cookies and similar technologies is your consent pursuant to Art. 6 (1) (a) GDPR. In addition, in Germany your consent also includes the storage and reading of information on and from the users end device in accordance with § 25 para. 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG).. The consent you have given via the cookie button extends to data processing by all companies of the Infios Group and, accordingly, to the disclosure of the data collected via a particular website within all companies of the Infios Group. With regard to the processing of data collected through the cookies described below, the companies of the Infios Group assume "joint and several liability" within the meaning of Art. 26 GDPR as they jointly decide about the means and purpose of the personal data processing activities. You can assert your rights regarding the processing of the personal data collected by cookies with any of the companies of the Infios Group. You may revoke your consent at any time and prevent the setting of cookies or web analytics here:

If you use the Services and give your consent for "other cookies", it may be that information in the form of a cookie is stored on your computer. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out to you that a use of our offers on the website without cookies may only be possible to a limited extent. However, you can also use your browser only to prevent certain cookies from being set (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browsers help function for more information.

Detailed information about other cookies and similar technologies used on our website and their providers can be found in our cookie banner. This is displayed when you access our website and can be viewed permanently by clicking on the "Manage Privacy Settings" button in the footer of the website or click here

. to receive an overview of cookies, their purpose and providers. You can prevent web tracking. To do so, typically an "opt-out cookie" is stored on your device preventing the collection of usage data from your device by the respective provider. Please note: in case you delete cookies from your device, you may have to set the "opt-out cookie" again.

C. Cookiebot. We use the consent management tool "Cookiebot" from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark on our website.

Cookiebot displays a cookie banner the first time you visit our site, allowing you to manage your consent to set cookies and the use of cookie categories. You can also access the cookie banner at any time later and change your cookie settings.

The settings you make are stored in separate cookies, and personal information is also sent to Cookiebot. This data includes the following categories: anonymized IP address, date and time of consent, browser information, the URL of our website from which you gave your consent, a random and encrypted key, the consent status used as proof of consent.

The cookie permissions granted by Cookiebot are stored for a period of 12 months.

The legal basis for the data processing is our legitimate interest in the privacy-compliant management of user consent to the setting of cookies on our site (Art. 6 (1) (f) DS-GVO).

For more information, please see Cookiebots privacy policy at: https://www.cookiebot.com/de/privacy-policy/

D. Web Analytics

Google Analytics - If you opt-in to "other cookies" on the Services, we also use Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Analytics uses cookies to enable an analysis of your use of the website. The information about your use of this website is usually transferred to a Google server in the USA and stored there. However, Google will reduce your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand and thus make it anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports on website activity. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

To prevent processing, please click on the "Deactivate Google Analytics" button.

Revoke Consent - Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all of the features of the Services. You can prevent the collection and transmission of data relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. Alternatively, you can prevent Google Analytics from collecting data by visiting tools.google.com/dlpage/gaoptout. Further information on data protection at Google can be found at: https://www.google.de/intl/de/policies/ (DE) and https://policies.google.com/ (US).

Deletion - The information collected by Google Analytics in the form of pseudonymous user profiles will be deleted no later than 14 months after the last new entry in the respective user profile.

Google LLC is certified under the Data Privacy Framework.

Note about Google as a Consent Recipient - The consent you give via the cookie banner also applies to Google, as Google is required by the Digital Markets Act (DMA) to obtain consent for personalized services. We share your consent with Google via the Google Consent Mode. The consent management software we use on our site notifies Google that consent has been given so that Google can take that decision into account. Until you give your consent, we will block Google tags (so-called simple implementation).

E. Google Tag Manager - The Services may use Google Tag Manager to manage website tags. A tag is a JavaScript snippet used to send information from a website to recipients, in particular in the context of web tracking. The Google Tag Manager tool itself does not collect any personal data. The tool triggers other tags that may collect data (e.g. the Google Analytics tag). Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. This makes it easier to effectively implement your need against tracking procedures.

F. Google Ads - If you opt-in to "other cookies", we use Google Ads Conversion and Google Ads Remarketing on our website, services of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (Google). Google Ads helps us to display you advertising on our website that is of interest for you in order to make our website more interesting for you. Google Remarketing enables us to display you advertisement of our Services on websites within the Google advertising network. These advertisings are delivered by Google via so-called "ad servers". For this purpose, we use cookies, through which Google can measure certain parameters for measuring success, such as the display of the ads or the clicks of the users and analyze the interaction of visitors on our website to find out which of our Services is of interest for you. If you access our website via a Google ad or certain services of Google or websites in the Google advertising network, Google will store a cookie on your end device. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customers website and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective; in particular, we cannot identify users based on this information. Through the integration of Ads Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

Deletion - Google Ads cookies usually lose their validity after 30 days and are not intended to identify you personally.

The parent company, Google LLC, is certified under the Data Privacy Framework.

Note about Google as a Consent Recipient - The consent you give via the cookie banner also applies to Google, as Google is required by the Digital Markets Act (DMA) to obtain consent for personalized services. We share your consent with Google via the Google Consent Mode. The consent management software we use on our site notifies Google that consent has been given so that Google can take that decision into account. Until you give your consent, we will block Google tags (so-called simple implementation).

G. Bing Ads. On our site, we use the "Bing Ads" remarketing service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft Advertising"). This involves placing a cookie on your computer when you come to our site from a Microsoft Advertising ad. This allows us and Microsoft Advertising to determine that someone clicked on an ad, was directed to our site, and reached a predetermined destination (conversion page). We will only know the total number of users who clicked on a Microsoft Advertising ad and were then directed to the conversion page. No personally identifiable information about the user is shared. The cookie is set only with your permission, which is obtained when you first visit our site or, if necessary, by clicking on the cookie banner that appears.

If you do not want Microsoft to use information about your behavior in the ways described above, you can prevent a cookie from being set, for example, by using a browser setting that generally disables the automatic setting of cookies. You may also opt out of the collection of information about your use of the site that is generated by the cookie and the processing of that information by Microsoft by visiting: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE.

For additional information about this privacy statement and the use of cookies by Microsoft Advertising, visit the Microsoft Web site at https://privacy.microsoft.com/de-de/privacystatement.

H. Meta Pixel - This website uses the Meta Pixel of Meta Platforms, Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("Meta"), , to measure the effectiveness of advertising. By integrating the Meta pixel, Meta receives the information that you have clicked on an ad from us or called up the corresponding page of our website. If you are registered with a Meta service, Meta can assign the visit to your account. Even if you are not registered with Meta or have not logged in, it is possible that the provider learns and stores your IP address and other identifying characteristics. If you opt-in for "other cookies", Meta Pixel uses cookies to provide these functions. These cookies store information about your visit to our website (such as your IP address) and information about your Meta account (if you have one), such as a user ID. This data is transferred to Meta and processed by Meta. We only receive statistical data from Meta for this purpose without any reference to a specific person. Meta is certified under the EU-US Data Privacy Framework.

If you have a Meta account, you can adjust your settings for advertisements at www.facebook.com/adpreferences/ad_settings. You can find more information on privacy at Meta in the Meta privacy policy: https://www.facebook.com/policy.php.

I. Your Choices - Although we do not control third partiess collection or use of your information to serve interest-based advertising or other targeted content, a number of these third parties may provide you with ways to choose not to have your information collected or used in this way. For example, you can opt out of receiving targeted advertisements from members of the Network Advertising Initiative by visiting http://www.networkadvertising.org/choices. In addition, some web analytics providers are members of industry associations whose websites allow to centrally preventing the use of web tracking. Please find below reference to the websites of these associations for expressing your choices in regard to web tracking and processing data in pseudonymous profiles.

• "European Interactive Digital Advertising Alliance" (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
• "Digital Advertising Alliance" (DAA): www.aboutads.info/choices/
• "Network Advertising Initiative" (NAI): http://optout.networkadvertising.org/?c=1

Some of your browsing sessions may be translated into information that helps website designers make websites easier to use and simpler to navigate. If you would like to disable this tracking, please click here: www.clicktale.net/disable.html

A do not track signal ("DNT") prevents web applications from tracking you, you can learn more about DNT at https://allaboutdnt.com. Your web browser may let you choose your preference as to whether you want to allow the collection of information about your online activities over time and across different websites or online services. At this time, the Services do not respond to the preferences you may have set in your web browser regarding such collection of your information, and the Services may continue to collect information in the manner described in this Privacy Policy.

A. Marketo - Infios Group uses Marketo as a provider of newsletters and as a provider in connection with inquiries via the contact form. We will only combine pseudonymized data with personal information from your CRM profile if you have sent us an enquiry via our contact form, subscribed to a newsletter, or given us your consent to do so. We will do so only in order to address you in the best possible way and provide you with a service in line with your interests. With Marketo we have concluded a data processing agreement in accordance with Art. 28 GDPR. Marketo is certified under the Data Privacy Framework (see Section 9 for data transfers outside the EEA). The data is stored in Europe in data centers in the Netherlands. For further information on data processing by Marketo, please visit the Marketo website (https://documents.marketo.com/legal/privacy).

B. Outgrow - This website uses features of the Outgrow interactive marketing plugin from Outgrow.co, 401 Park Ave, 10th Floor, New York 10016 USA. Outgrow enables the delivery of interactive marketing content such as quizzes, calculators, surveys, forms or questionnaires to provide a better user experience for website visitors. To deliver the interactive marketing content, Outgrow uses cookies, which are small text files stored locally in the cache of your web browser on your device. The cookies collect certain information such as your IP address, location, device type, or browser used. Information collected by Outgrow is cached on Outgrows servers in Ireland. Information from Outgrow is shared with Marketo and our CRM. Cookies are only set if you have given your consent via the cookie banner. For processing operations by Outgrow for which consent is not required, the data will be processed for optimization and marketing purposes in accordance with Art. 6 (1) (f) GDPR. We have concluded a data processing agreement with Outgrow.

You can permanently opt out of Outgrows data collection using cookies and the setting of cookies by preventing the storage of cookies through your browser settings. For more information about Outgrows privacy policy, please visit https://outgrow.co/global-data-privacy-policy/.

C. Wistia - Videos embedded on the Services are provided by Wistia, Inc. 17 Tudor Street, Cambridge, Massachusetts, 02139 USA (Wistia). For the video hosting platform Wistia we use the so-called "Privacy Mode" that only collects fully anonymized viewing data by disabling session tracking and anonymizing IP addresses of our viewers. Only after you have given us your consent will the tracking options be activated. This may include Cookies. Your consent also includes data transfer to the USA. If you are logged into your Wistia account, you enable Wistia to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your Wistia account. Videos are alternatively displayed using Bynder, a digital assessment management platform. The digital assessment management platform is offered by Bynder b.v., Max Euweplein 46, 1017 MB Amsterdam, Netherlands. Byner only processes the IP-address of a user.

D. Oktopost - To publish social media contributions and analyze the reach and interaction with them, we use goal tracking technologies from Oktopost Technologies Inc. of 34 Tuval Street, Tel Aviv, Israel (hereinafter "Oktopost"). This may include cookies. Oktopost collects information for us about whether one of our posts in social media has been shared, liked, commented, clicked or mentioned and whether you are a user who has interacted with our posts in social media. The information generated by cookies is transferred to and stored on an Oktopost server in the USA or other third countries. If necessary, data may be transferred to non-EEA countries, especially the USA (see Section 9 for data transfers to countries outside the EEA). Oktopost Technologies is certified under the Data Privacy Framework. Oktopost uses this information on our behalf for evaluation purposes and produces reports on the reach and use of our posts in social media. You can deactivate Oktoposts storage of data in cookies by disabling cookies. For more information on data processing by Oktopost, please visit the Oktopost website (https://www.oktopost.com/privacy).

E. Drift Chat Box - We use chat box technologies on our website from Drift.com Inc., 222 Berkeley Street Suite 600 Boston, MA 02116 USA (Drift) at present for US customers only. By providing a chat box, we would like to offer you another effective and uncomplicated communication channel to us. The use is voluntary. You can also contact us by other means. The personal data you provide in the context of your chat box request and your IP address are processed for responding to your request. The legal basis for the processing of the personal data collected is the performance of a contract or the implementation of measures prior to entering into a contract with you. Drift sets Cookies to enable and improve the chat function if you have given your consent to this via the cookie banner. The chat box user is assigned an ID that can be recognized. If necessary, data may be transferred to non-EEA countries, especially the USA (see Section 9 for data transfers to countries outside the EEA). Drift.com Inc. is certified under the Data Privacy Framework.

F. Social Media and YouTube Channel - Our website contains links to social media (e.g. Facebook or Instagram) and to our YouTube channel. Third party providers operate these services exclusively. If you follow the links, information may be transferred to these providers. No personal data will be passed on when you visit our website. Only if you click a social share button, information will be transferred to the provider. You can find information on the purpose and scope of the data processing by the provider as well as your rights and setting options for the protection of your privacy in the privacy policy of the provider:

• Meta Platforms, Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland http://www.facebook.com/policy.php/
• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA http://www.linkedin.com/legal/privacy-policy/
• Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA https://help.instagram.com/155833707900388
• YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA www.google.de/intl/de/policies/privacy/

G. Google Maps - On the Contact Us page, under Show Map, there is a link to Google Maps. Google Maps is a web service that displays interactive maps to visually represent geographic information. This service shows you our locations and makes it easier for you to find us. When you click the "Show Map" button, you leave our website and your devices browser establishes a direct connection with the servers of the Google Maps site. That sites privacy policy will then apply.

For more information on the use of Google Maps, please see the Google Maps Terms of Service. For information about Googles privacy practices, please see the Google Privacy Policy.

H. Status.io - The US companies of the Infios Group use status.io, a service provided by T3CH.com LLC 5, Valley Ct Cream Ridge, NJ 08514. The status.io platform allows us to maintain a customized system status page, that always displays the current health of our Transportation Management Services. You can subscribe to be informed about the status of our services, which will help you, for example, to know that there is an incident and to be updated about this incident throughout its duration. If you subscribe, we will process your name and business email address. You can unsubscribe at any time using the unsubscribe link.

I. Drata - In order to provide you with legal documents such as terms and conditions, security documents, certificates and the like via our corresponding subpage, we use the services from Drata Inc., 4660 La Jolla Village Drive, Suite 100 San Diego, CA 92122, United States. If you want to be provided with legal documents and documents from our trust center we need your business email address that is used as a water mark to ensure the confidential use of our documents.

Drata Inc. is certified under the Data Privacy Framework.

J. Friendly Captcha - Our website uses the Friendly Captcha service. This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is a new, privacy-friendly protection solution that makes it more difficult for automated programs and scripts (so-called "bots") to use our website.To do this, we have integrated code from Friendly Captcha into our website, e.g. for contact forms, so that the visitors device can connect to the Friendly Captcha servers to receive a calculation task from Friendly Captcha. The visitors device solves the mathematical problem, which uses certain system resources, and sends the result to our web server. The web server contacts the Friendly Captcha server via an interface and receives a response indicating whether the device has solved the puzzle correctly. Depending on the result, we can apply security rules to requests made via our website, for example, to allow or deny them.

Friendly Captcha does not set or read cookies on the visitors device. IP addresses are only stored in hashed, one-way encrypted form and do not allow us or Friendly Captcha to draw any conclusions about an individual.

The legal basis for the processing is our legitimate interest in protecting our website from abusive access by bots, and thus from spam and attacks such as bulk requests. This is in accordance with Article 6(1)(f) of the GDPR.

K. Impartner - We use the partner management platform Impartner from Impartner, Inc. 10897 S River Front Pkwy, Suite 500 South Jordan, UT 84095 ("Impartrner") on our Partners subpage, which can be accessed via "About Us" "Partners", to allow site visitors to contact one or more of our partners, to allow companies to become partners by submitting an application, or to enter the Infios EVOLVE Partner Portal. Impartner processes the data you enter on the sub-page such as your contact details. Impartner, Inc. is certified under the Data Privacy Framework.

Joint Controllership - We maintain company pages on the social networks of Facebook, Instagram, LinkedIn, Twitter, YouTube and Xing. As the operator of these pages, we are responsible for the collection (but not for the further processing) of the data of visitors to our company pages jointly with the respective operator of the social network within the meaning of the GDPR.

• Facebook: Meta Platforms, Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
• Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
• LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland,
• YouTube: Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Xing: New Work SE (bis Juli 2019 Xing SE), Am Strandkai 1, 20457 Hamburg, Germany.

Categories of personal data collected - The data collected includes Information about the types of content visitors view or interact with, or the actions they take and Information about the devices visitors use (e.g., IP addresses, operating system, browser type, language settings, cookie data). Social networks also collect and use information to provide analytics services, known as "page insights", to page operators to provide them with insights into how people interact with their pages and with content associated with them.

Further Information on the Joint Controllership - We have concluded a special agreement with the respective operator of the social network:

• Facebook and Instagram: "Information about Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum
• LinkedIn: "Page Insights Joint Controller Addendum" https://legal.linkedin.com/pages-joint-controller-addendum.
• YouTube: Googles privacy policy and terms of use
• Xing: Xings terms and conditions and the policies referenced therein.

In each case, these regulate in particular which security measures the operator must observe and in which the operator has agreed to fulfill the rights of data subject (i.e. users can, for example, address their right of access and their right to erasure directly to the operator of the social network).

The rights of users (in particular the right of access, erasure, restriction and right to lodge a complaint to the supervisory authority), are not restricted by the agreements with the respective operator. You can assert your rights (right to access, correction, erasure, restriction of processing, data portability, objection and right to lodge a complaint to the supervisory authority) both against us and against the respective operator of the social network.

Purpose of processing, legal basis, data subjects - Purposes of processing are contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).

The legal basis for data processing is our legitimate interest in ensuring that our offer and our company are present on the internet as comprehensively as possible, as well as the possibility of communicating with you via social networks (Art. 6 (1) (f) GDPR).

Data subjects include website visitors and visitors from our company pages on social networks.

Data Transfers outside EEA - In the case of Facebook, Instagram, YouTube, X (formerly Twitter) and LinkedIn, some of the information collected may also be processed outside the European Union in the United States. For information about data transfers between the EU and the US, please see Section 9.

For more information on the processing of personal data, please refer to the privacy notices of Facebook, Instagram, YouTube, LinkedIn, and Xing.

A. Legal Basis - Our legal basis for collecting and using the personal business contact information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you (for example, when providing the Services), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to process personal information about you or may need to process personal information in order to exercise, establish, or defend legal claims. Specifically, we process your personal information, such as contact data or correspondence, to the extent that this is necessary to:

• process your enquiry (legitimate interest under Article 6.1(f) of the GDPR);
• to initiate or process the respective transaction (Article 6.1(b) GDPR); and
• if necessary, store the data within the scope of statutory storage obligations (statutory obligations under Article 6.1(c) of the GDPR).

The same applies if you are an employee of an interested party, supplier, service provider or other business partner and we receive your personal data in this context; the legal basis in this case is our legitimate interest in establishing or carrying out the business relationship with your employer (Article 6.1(f) GDPR).B. Contact Form. If you contact us via the contact form, we will save your details (in particular name and title, your contact details, your company, the country and your message) and process them in order to process your enquiry. For this purpose, we use the provider Marketo as a processor, as further discussed below. Depending on your region and your requirements, we will forward your enquiry to the appropriate company of the Infios Group. The legal basis for this data processing is - depending on the subject of your enquiry - the processing for the performance of a contract or for the implementation of pre-contractual measures (Article 6.1 (b) GDPR) or our legitimate interest in providing a contact form for general enquiries or in providing information material (Article 6.1 (f) GDPR) or your consent (Article 6.1 (a) GDPR).

B. Ordinary contacts in the course of business (e.g. trade fairs) - In the ordinary course of business, situations may arise in which a communication pursuant to Art. 13 and Art. 14 GDPR cannot be provided. These are mainly cases such as the spontaneous exchange of business contact data at trade fairs, events, business lunches or other business activities, e.g. through the exchange of business cards or the initial contact by us or by you with business content.

In such situations, we regularly collect the following information from you: contact information, such as your name, address, email or phone number; information about your company, such as address, email, business line, job description, title; information about your input/request, such as content, time of request, means of communication.

These data are processed for storage in our CRM system (see Section 6 D) as part of our business activities for the purpose of resuming contact and/or processing your request and further processing.

The processing of your data for these purposes is carried out on the basis of Article 6(1)(f) GDPR and is in our legitimate interest. Our legitimate interest is to establish contact with you for the purpose of potentially entering into a business relationship with you, resuming contact and/or processing your request and further processing. If you have any questions regarding the balancing of interests, you may contact one of the contacts listed in Section 15 at any time.

C. Contact Form - If you contact us via the contact form, we will save your details (in particular name and title, your contact details, your company, the country and your message) and process them in order to process your enquiry. For this purpose, we use the provider Marketo as a processor, as further discussed below and Infios uses HubSpot as a processor for subpages of this Website with competences of Infios. Depending on your region and your requirements, we will forward your enquiry to the appropriate company of the Infios Group. The legal basis for this data processing is - depending on the subject of your enquiry - the processing for the performance of a contract or for the implementation of pre-contractual measures (Article 6.1 (b) GDPR) or our legitimate interest in providing a contact form for general enquiries or in providing information material (Article 6.1 (f) GDPR) or your consent (Article 6.1 (a) GDPR).

D. CRM System - Your details are also stored in a Customer Relation Management System ("CRM System"). The same applies if you request information or material from us. Our legal basis is the execution of a contract, the initiation of a business relationship, our legitimate interest or your consent (Art. 6 (1) (b), (f) or (a) GDPR). If we also store your salutation in our CRM, this is done on the basis of our legitimate interest in personalizing business communications by using a gender-appropriate salutation and to avoid confusing you with another person (Art. 6 (1) (f) GDPR). If you give us your telephone number, we may contact you by phone to discuss your project and put you in touch with the appropriate contact person. In connection with enquiries and the data collected in CRM, the companies of the Infios Group act as "joint controllers" within the meaning of Art. 26 GDPR, as they jointly decide on the means and purposes of processing personal data. Entry and access to your personal data depends on your region and your enquiry and is regulated by contract between the companies of the Infios Group. For further information on these contractual terms, please contact our data protection officer, as noted below. You can assert your rights with regard to the processing of the personal data collected at any company of the Infios Group.

E. Newsletter - If you register for our newsletter, we will process your e-mail address and send you a confirmation e-mail with a confirmation link that you must click on to subscribe to our newsletter. We will also add you to our mailing list in order to send you e-mail advertising for our own similar goods or services if you purchase a good or service from us and you have not previously objected to this processing of your e-mail address. You can cancel the newsletter at any time and object to the e-mail advertising at any time. You will find a possibility to unsubscribe in every newsletter and every other advertising e-mail that we send you. Infios Group also uses Marketo as a processor for newsletter sending in accordance with Art. 28 GDPR. Your personal data is stored in Europe. However, we cannot fully exclude data transfers to Marketo Inc., USA, as further noted below. The USA (and other non-EEA countries) do not offer a level of data protection comparable to that of the European Union and, in particular, access by state authorities cannot be excluded in individual cases. Marketo Inc., however, is contractually bound by the EU standard contractual clauses to process data in conformity with data protection regulations. By registering for the newsletter, you also agree to possible data transfers to the USA to Marketo Inc.. If you have given us your consent to do so, we will forward your e-mail address and any other contact data to the companies of the Infios Group so that they can send you newsletters and information.

F. Newsletter Performance Measurement - The newsletters contain a so-called. "web-beacon", which means a pixel-sized file that is retrieved when the newsletter is opened, either from the server of the Infios Group Company or from the server of the service provider Marketo. In the course of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of retrieval may be collected. We receive a statistical report from Marketo about whether recipients open the newsletters, when they open it and which links they click. This processing serves us to recognize the reading habits of the newsletter recipients and to adapt the content to them or to send different content according to their interests. Your consent to receive the newsletter also covers the consent to performance measurement. The legal basis for data processing is Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. For this purpose you can e.g. use the unsubscribe link in each newsletter or contact us. A separate revocation of the performance measurement is unfortunately not possible; in this case, you must revoke the consent to the newsletter in its entirety.

G. Declare Objection - You can declare your objection directly to these companies. You will find a possibility to declare your objection or revocation in every e-mail. You can also declare your revocation to Infios. We will then forward it to the responsible company.

H. Advertisement Emails - If you agree to be informed by e-mail about the latest products and services of the Infios Group, the companies will send you this information by e-mail. Your details will be stored in a shared distribution list for this purpose. You can revoke your consent at any time with effect for the future. To do so, you can use the unsubscribe link in each newsletter or contact us. In addition, we will add you to our mailing list to send you e-mail advertisements for our own similar goods or services if you purchase a good or service from us and you have not previously objected to this processing of your e-mail address. You may object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates. You will be notified of this in each email and can, for example, use the unsubscribe link in each email.

I. Events and Webinars - When you register for an event or webinar, we process your personal data to facilitate organization and your participation. For this purpose, we typically require your first and last name, email address, and, where applicable, your phone number and company.

The legal basis for this data processing is your participation in the event based on our terms and conditions, in accordance with Art. 6 (1) lit. b GDPR (performance of a contract). You are not obligated to provide your personal data. However, if you choose not to provide it, your participation in the event may not be possible or may be limited.

For our Elevate events, we use the app provided by Cvent Deutschland GmbH, c/o TMF Steuerberatung GmbH WPG, Maximilianstr. 54, 80538 Munich, Germany. You can find more information about data protection when using this app here: https://www.cvent.com/en/cvent-global-privacy-policy and on the registration page under "Privacy."

For our webinars, we use video conferencing tools from On24. The personal data you provide during registration will be shared with this provider to enable the webinars execution. This data transfer is necessary for the performance of the contract (your participation in the webinar). Additionally, we have a legitimate interest in the efficient and smooth operation of our webinars, in accordance with Art. 6 (1) lit. f GDPR.

On24: ON24, Inc., 50 Beale Street, 8th Floor, San Francisco, CA 94105, USA. ON24, Inc. is certified under the Data Privacy Framework. Further information on data protection at On24 can be found here: Platform Privacy | Webinar Event Solutions | ON24

You are welcome to communicate with us by e-mail at any time. Please be advised that we use an E-mail Gateway of an external provider of security technologies to defend against SPAM e-mail, other threatening e-mail, threatening e-mail attachments and URLs. In doing so, this external provider may process your first and last name, e-mail address and IP address. The legal basis is our legitimate interest in preventing unauthorized access to communications networks, the spread of malicious code and damage to computers and electronic communications systems (Article 6.1(f) GDPR in conjunction with Recital 49).

You can apply to us online via our career portal https://www.koerber-supplychain-software.com/en/about-us/careers. You can create a user account (or profile) to use our career portal at https://www.koerber-supplychain-software.com/en/about-us/careers for applications. In this case, we ask you to provide us with the personal data (e.g. first name, last name, email address) listed in the registration form. Fields marked with an asterisk are mandatory. By registering, you accept the terms of use of the Career Portal.

To protect your profile, you will be asked to choose a password. For your security, the password must meet minimum complexity requirements, which will be explained to you when you complete the form. If you forget your password, you can use the "Forgot password" function to have a new password sent to your registered email address. The next time you log in, you will be asked to enter a new password.

After registering, you will need to provide us with some personal information, name, address, country, email address, phone number, and how you hear from us, in the "My Information" section of our Career Portal. In the next step, under "My Experience", we will ask you to upload your resume and certificates. In the third step "Application Questions" you will have to answer questions about [...]. After that, you have the opportunity to provide voluntary information. At the end of the application process through our Career Portal, you can review the information you entered in the career portal before submitting your application.

As part of the application process, we process this data, your marital status, qualifications, any other personal information from your cover letter and resume, and file attachments (including CV/Certifications) and references) that you may include, as well as the company and location where you would like to start with us, your salary expectations, the possible start date and the position (job title) for which you are applying.

The processing is carried out for the purpose of contacting you and carrying out the application procedure. The legal basis is the initiation of an employment relationship with you (Art. 6 (1) (b) GDPR). The personal data you provide as part of a specific application procedure will be treated confidentially. Access to your data is granted to the responsible employees within the Infios Group who are involved in the respective personnel selection procedure. In addition, we may pass on your application data to affiliated companies of the Infios Group. Beyond that, your application data will not be used or passed on.

The user can become part of the applicant pool by entering search criteria in his or her application profile and releasing them for Infios and other Infios companies. In this case, Infios may notify the respective user as soon as suitable job offers are available from the Infios Group. The legal basis is the consent given by the user pursuant to Art. 6 (1) (a) GDPR. The consent given can be revoked at any time with effect for the future, e.g. by deleting the applicant profile, changing the settings in the profile or by sending an e-mail to us.

If your application is unsuccessful, this data will be deleted six months after completion of the application process, unless you have expressly agreed to longer storage e.g. when becoming part of the Infios applicant pool. If we conclude an employment contract with you, your personal data will be stored for the purpose of processing the employment relationship in accordance with the statutory provisions.

In connection with our career portal and application process, we use the application module of the HCM solution from Workday Limited, which is based in the UK. UK has an adequacy decision from the European Commission. Workday, Inc. that may have access for support and maintenance purposes is certified under the Data Privacy Framework.

This section explains how we handle your personal data when you download and use our app.

When Downloading the App
When you download our "Final Mile Mobile App," the app store you use (like Google Play or the Apple App Store) collects certain information about you. This typically includes your username, email address, the time of download, payment information (if applicable), and a device identifier. As the app operators, we do not receive most of this data directly from the app store. We are only notified that the download was successful. For detailed information on exactly what data the app store provider collects and how they process it, please refer to the providers respective privacy policy:

• Google Play Store (Android): Google LLC., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. Privacy Policy: https://policies.google.com/privacy?hl=en&gl=de
• App Store (iOS): Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014. Privacy Policy: https://www.apple.com/legal/privacy/

When Using the App
When you use the Final Mile Mobile App, we collect and process certain personal data:

• Your Phone Number: We collect your phone number to uniquely identify your device.
• Location Information: We collect your location data, including precise location information from your device. This is necessary for the App to perform its main functions:
• Calculate accurate estimated times of arrival (ETAs) for deliveries.
• Provide real-time route guidance.
• Track the status of deliveries while you are en route.

Data Sharing
We do not sell your personal data and generally do not share it with third parties. An exception exists when necessary for ETA calculation and the performance of the delivery. In this case, your current location data or the calculated ETA may be shared with involved third parties, such as the recipient of the delivery, or other parties involved in managing the delivery chain.

Required Permissions and Legal Basis
To fully use the Final Mile Mobile App, the app requires you to grant access to your devices location. Without this permission, we cannot provide the delivery functions (ETA, routing, tracking). The App will ask for your consent for this location permission the first time it needs access or when a specific feature requires location data. You can usually manage, or revoke granted permissions at any time through your devices operating system settings. The processing of your personal data (such as phone number and location data for delivery tasks) primarily takes place because it is necessary to fulfill our contract with you (Art. 6 (1) (b) GDPR). This contract involves providing you with the delivery service through the App. Additionally, particularly for the collection of precise location data, we may also rely on your explicit consent (Art. 6 (1) (a) GDPR). You provide this by granting the App the relevant location permission on your device.

The data we collect from you may be transferred to and stored at a destination outside of the European Economic Area ("EEA"). It may also be processed by staff operating outside of the EEA who works for us, one of our group companies or our suppliers for the purposes set out in this Privacy Policy. In order to ensure that any third party processes your personal data in a way which is consistent with the EUs laws on data protection, to the extent that we share data outside of the EEA, we will seek to put in place agreements with those third parties, including with our group companies, which contain provisions approved by the EU for protecting personal data. Your personal information will only be transmitted to third parties if this is legally permitted or if you have given your prior consent. For example, we may transfer data to other companies of the Infios group, if this is necessary to respond to a request you have made. We will only disclose your personal information to government authorities within the framework of legal obligations or as a result of an official order or court decision. Processing described under Sections 2., 4. and 5. may lead to data transfers to third countries outside the EEA, especially to the USA. Please note that in the event of a data transfer to third countries outside the EEA, Chapter V of the GDPR requires that the recipients have an adequate level of data protection. Most of the US providers we use are certified under the EU-US Data Privacy Framework, which enables secure data transfers to these US providers. The Tool/Provider list in Sections 2 and 6 indicates if the respective provider is certified under the Data Privacy Framework. A complete list of companies certified under the Data Privacy Framework can be accessed via the following link: https://www.dataprivacyframework.gov/s/participant-search. If a provider is not certified under the Data Privacy Framework this provider is contractually bound by the EU standard contractual clauses to process data in conformity with data protection regulations. Please note that transfers from the EU to non-certified U.S. providers are also subject to stricter U.S. rules on government surveillance programs under Executive Order 14086, which was adopted as a condition of the European Commissions adequacy decision for U.S. providers certified under the Data Privacy Framework. Should you have any questions in this regard, please contact our data protection officer (see Section 15).

We delete your personal information as soon as it is no longer needed for the purposes for which the personal information was collected, as far as no legal storage obligations stand in the way.

Infios has taken the necessary technical and organizational measures to protect the personal data you provide from loss, destruction, manipulation and unauthorized access. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly. Both internal and external tests ensure compliance with all data protection relevant processes at Infios. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" ("https://") or a green, closed lock symbol is added to the address component. By clicking on the icon, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the encrypted and complete transmission of your data. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security risks. A complete protection of data against access by third parties is not possible.

Data protection laws give EEA and UK residents in particular, but also residents of other countries, a number of rights in relation to data about you (data subject rights). These rights usually include the following

• Right to Access. You have the right to request a copy of any information that we hold about you. If you would like a copy of this information, please contact us. We may request proof of your identity before sharing such information with you.
• Right to Rectify. If you discover that the personal information we hold about you is incorrect or out of date, you may ask us to correct that information.
• Right to erasure (Right to be Forgotten)/Restriction of Processing. You may ask us to delete or restrict processing the personal information we hold about you in certain circumstances. It may not be possible for us to delete or restrict processing all the personal information we hold about you where we have an ongoing relationship, however please contact us and we will do our best to assist with your request.
• Right to Withdraw Consent. Where we process your data on the basis that you have consented to such processing, you have the right to withdraw your consent at any time by unsubscribing or contacting us, as applicable. Please note that in the event of a revocation, we will continue to retain your consent. This is because even after revocation and deletion of your personal data, we must be able to prove consent. The legal basis for the (also continued) storage of consent is Art. 6 (1) (c) in conjunction with. Art. 5 (1) (a), (2), Art. 7 (1) GDPR and Art. 6 (1) (f) GDPR.
• Right to Portability. You may ask us to transfer your personal information to a third party in certain circumstances. If you would like any other information regarding this right, please contact us.
• Right to Object. In the case of processing based on Art. 6 (1)(e) or (f) GDPR or direct marketing, you may object to the processing, in which case, except in the case of direct marketing, you must provide a specific reason.
• Promotional Communications. If you do not want us to use your email address/contact information to promote our products or services, you can opt out by sending us an email. If you have received a promotional email from us, you can also opt out of receiving future promotional emails from us by following the unsubscribe instructions contained in such email.

The relevant data protection laws, e.g. the GDPR and the BDSG, determine whether and to what extent these rights apply in individual cases and under what conditions.

The EU General Data Protection Regulation also grants you the right of appeal to a the competent data protection supervisory authority. However, if you have any questions or complaints regarding data protection at Infios, we recommend that you first contact our data protection officer (see Section 15).

Our California Consumer Privacy Act (CCPA) Notice applies to California residents from whom we collect personal information. Please visit Privacy Notice for California Residents to learn more about how we adhere to the CCPA ( as amended by CPRA) and how to exercise the rights afforded to you under the CCPA (as amended by CPRA).

California Civil Code Section § 1798.83 may permit users of our Services who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us.

Automated decision making and profiling includes any decision-making processes that occur solely through automated means. As far as this is not exceptionally necessary for the conclusion of a contract or permitted by law (as in the case of age verification), we do not use your personal data for automated individual decisions.

You will find our contact details as the responsible body in the imprint. You may also email us at info@infios.com. If you wish to exercise the rights mentioned under Section 12 or if you have any questions about data protection with us or this data protection declaration, you can also contact our data protection officer: privacy@infios.com.

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website. In the event we make a material change to how we use your personal information, we will provide you with notice by posting on our website. The date this Privacy Policy was last revised is at the top of this page. We encourage you to review this Privacy Policy periodically to check for any updates or changes.