[London, 28th November 2023] Activate Learning, and NCG are partnering to address the rising demand for mental health support for young people in education in what is the largest clinical trial of its type. The college groups are joining forces with PsycApps Ltd. to conduct one of the largest college-based Randomised Controlled Trial (RCT) using cutting-edge mobile mental health app, eQuoo. eQuoo is a clinically-proven gamified app designed to improve student emotional health by tapping into skills that are shown to boost resilience and encourage personal growth, while reducing anxiety and depression. The RCT will have a sample size exceeding 8,000 students across both college groups, with the initiative focusing on the mental health issues that contribute to non-attendance, students dropping out of college, behavioural issues and academic struggles. The trial will launch early in the New Year and will last until summer 2025. Gary Headland, CEO of Activate Learning, highlighted the significance of this new research. He said: “We are seeing a significant demand in the FE sector to support more and more young people who are struggling with mental ill health. “We are continuing to build our data science capability and capacity, and this very large RCT should provide useful information, intelligence and knowledge of value to Activate Learning and NCG, and we will be pleased to share the findings with professional colleagues across the sector.” Elsbeth Tibbetts, Group Director of Student Experience and Safeguarding at Activate Learning, passionately highlighted the significance of this collaborative effort. She said: "The demand for mental health support among young adults is on the rise, with colleges still seeing the impact of the pandemic on our young people. “The mental health and wellbeing of our students is something we take incredibly seriously, and we see all the time how low mood and mental ill health can impact on their achievement. “I think this is a really bold approach we are taking with NCG by identifying and utilising eQuoo as an effective and engaging evidence-based tool, and I hope it’s one that will have enormous benefits for our students.” This move comes in the wake of the Association of Colleges (AoC) Mental Health Survey Report 2023, which revealed that more than 60% of colleges in the UK have seen an increase in demand for mental health support. The report also highlighted how demand continued to outstrip the supply of services and that greater access to community health services and in-college support was needed. Research by the Royal Society for Public Health (RSPH) has also found that 70% of young people aged 16 to 24 are using social media platforms as their primary source of information about mental health. This presents Activate Learning and NCG with an opportunity to create an intervention that can be both delivered at scale and via a medium that students prefer. Liz Bromley, CEO of NCG, said NG also recognised that the mental health of learners was vital to their success. She said: “At NCG we believe that the mental health and wellbeing of our students is crucial to their future success. Young people are facing real stress and mental pressures these days, which is why our NCG Guarantee ensures students across all of our colleges have access to the resources and initiatives that give them the tools they need to build mental resilience. “I am pleased to be able to collaborate with another forward-thinking college group to tackle such an important issue and offer thousands of young people across the country access to an innovative solution that we hope will bring them enormous benefits.” This was supported by Rachel Gibson, Assistant Director of Central Support Services at Newcastle College (part of NCG), who said: “The mental health and wellbeing of our students is a key priority for all NCG colleges, and we have seen first-hand the huge impact that mental wellbeing has on learning and progression. “All of our colleges have dedicated support teams, but this app will allow students to proactively manage their emotional wellbeing and hopefully develop the skills they need to protect their mental health. We are looking forward to seeing what benefits it can give learners across our group.” Silja Litvin, founder of eQuoo, said: “Our app, eQuoo, has been through multiple clinical trials, but we’re especially excited about our collaboration with Activate Learning and NCG because it allows us to explore the game in an educational setting with a young audience. “eQuoo is built to support adolescents and young adults, and the data from this trial will help us make the intervention at a preventative stage even more powerful.” About Activate Learning Activate Learning is a forward-thinking education group working across further and higher education, schools, apprenticeships and training. Group members: Activate Apprenticeships | Activate Business School | Activate Cycle Academy | Activate Rugby Academy | Banbury and Bicester College | Bracknell and Wokingham College | City of Oxford College and University Centre | Farnham College | Guildford College | Merrist Wood College and University Centre | Reading College and University Centre | South Central Institute of Technology (SCIoT) at Blackbird Leys Technology Campus and Reading College About NCG: NCG is one of the UK’s leading college groups, with a unique proposition that straddles the Further and Higher Education sectors. The group has a clear mission to enable social mobility and economic prosperity through exceptional education, delivered nationally through its seven colleges: Newcastle College Newcastle Sixth Form College Carlisle College West Lancashire College Kidderminster College Lewisham College Southwark College About PsycApps PsycApps Ltd is a leading innovator in mental health and wellbeing solutions. Established with a mission to improve the lives of individuals worldwide, we are dedicated to creating cutting-edge digital tools and resources that empower individuals to take control of their mental health and overall wellbeing. About eQuoo eQuoo is a cutting-edge gamified mobile mental health solution that blends psychoeducation and evidence-based techniques to promote emotional wellbeing and resilience. The app utilises interactive storytelling and engaging gameplay to empower users to develop essential emotional skills and improve their mental health. Committed to accessibility and effectiveness, the app strives to transform mental health support and provide a lifeline to young adults seeking personal growth and emotional wellness.

Many of us have experienced anxiety at some point - the racing heart, the feelings of dread, shaky legs and sweaty palms, that horrible feeling that makes you just want to escape - so when someone you care about struggles with anxiety, it’s natural to empathise and want to help ease their distress. While we can’t make anxiety disappear, there are thoughtful ways we can support and stand alongside those experiencing it. With some understanding and compassion, we can make their path a little smoother. Listen without judgement Creating a safe space starts with listening ears and an open heart. Resist the temptation to minimise their feelings or anxiety. Instead, let them share without fear of judgement or criticism. Even if their worries seem unreasonable to you, they are very real to those experiencing them. Seek to understand rather than fix. Offer reassurance Simple phrases like “I’m here for you” or “We’ll get through this together” go a long way. Reassurance helps replace anxious thoughts with comfort and support. But be careful not to offer hollow platitudes or false assurances. Your support means more when it’s realistic and caring. Encourage professional help While you can be a caring listener and great support, it can be really beneficial for those experiencing anxiety to seek professional help as well. A therapist can equip them with valuable coping skills and management strategies. Recommend speaking to their doctor about anxiety if they haven’t already. Educate yourself Learn about the symptoms of anxiety and common triggers. Understanding the causes better equips you to notice signs they may be struggling. But avoid trying to “diagnose” them or suggest their anxiety isn’t warranted. Your role isn’t to fix or downplay their feelings but to be an empathetic support as they work through it. Checking in Make it a point to regularly check in and let them know you’re available to talk if they need it. If it’s a friend, a quick text like “Thinking of you today” reminds them they have someone in their corner. But be careful not to pressure them to talk before they’re ready. Offer your open ear without demand or expectation. Help with practical tasks Everyday responsibilities can feel monumental when anxiety comes knocking. Offer to help lighten their load with tasks like planning, shopping or lifts to appointments. Reducing real-life stresses can help minimise anxiety triggers during difficult times. Encourage healthy habits Gentle encouragement of positive lifestyle habits can also help manage anxiety. Good self-care like healthy eating, exercise, quality sleep and saying no to unnecessary responsibilities all reinforce mental health. But be careful your suggestions don’t come across as prescriptive. Make them invitations, not expectations. Respect their boundaries Check in about what makes them most comfortable in social situations when anxiety flares up. Can they connect in smaller groups or one-on-one? Will it help if they are given advance notice before making plans? Respect their needs, even if it means changing regular routines. Navigating anxiety, your own or someone else’s, takes gentleness, learning and grace. But by walking alongside those struggling with patient love, you help lighten the load. Your open heart and listening ear can make a life-changing difference to someone weathering this storm.

As the UK has now waved goodbye to those precious extended daylight moments and the clocks wind back, a shadow falls upon many — the battle against Seasonal Affective Disorder (SAD) begins anew. SADly (pardon the pun), the winter blues, or seasonal affective disorder (SAD), affects around 2 million people in the UK. This seasonal foe grips a significant number of souls, unleashing a torrent of lethargy, melancholy, and an unsettling restlessness. Mornings become a Herculean task, an uphill climb from the warmth of the covers. And as the sun bids adieu by 5 pm, the urge to retreat under the comforting folds of blankets intensifies. Navigating through the darker days becomes an uphill trek. Every step of the routine feels like wading through molasses, and simply keeping pace seems an insurmountable challenge. Yet, within this bleakness, it’s crucial to cling to a routine like a lifeline, even when every fibre of your being yearns for hibernation. Here's a guide to help you combat SAD effectively: 1. Light Therapy Light therapy, or phototherapy, is a primary line of defence against SAD. Special lamps that emit artificial light mimic natural sunlight, stimulating the brain and mitigating the effects of reduced daylight exposure. Consider using these lamps in the morning to kickstart your day with a dose of simulated sunlight. 2. Maximise Natural Light Embrace natural light whenever possible. Position yourself near windows during the day, open curtains wide to let in sunlight, and take breaks outside to soak up as much daylight as you can. This can significantly uplift your mood and energy levels. 3. Stay Active Exercise plays a pivotal role in combating SAD. Engage in outdoor activities even during the shorter daylight hours—whether it's a brisk walk, a run, or outdoor sports. Physical activity boosts endorphin levels, improving mood and overall wellbeing. 4. Maintain a Healthy Lifestyle Eating a balanced diet, staying hydrated, and maintaining regular sleep patterns are crucial in managing SAD. Avoid excessive consumption of caffeine or alcohol, as they can exacerbate symptoms. 5. Mindfulness and Relaxation Techniques Explore relaxation techniques such as meditation, yoga, or deep breathing exercises. These practices can help alleviate stress and anxiety associated with SAD, promoting a calmer state of mind. 6. Social Engagement Maintaining social connections can act as a buffer against SAD. Plan activities with friends and loved ones, even if it’s virtually, to combat feelings of isolation and boost your mood. 7. Consider Professional Help If symptoms persist or significantly impact your daily life, consider seeking professional help. Therapists, counsellors, or psychiatrists can provide tailored strategies or recommend treatments like cognitive-behavioural therapy or medication. 8. Create a Supportive Environment Make your surroundings SAD-friendly. Consider decorating your space with bright colours, adding indoor plants for a touch of nature, or rearranging furniture to maximise natural light exposure. 9. Be Kind to Yourself Remember, it’s okay to feel affected by the change in seasons. Practice self-compassion, and don’t be too hard on yourself if you're not as productive or energetic as usual. Take things one step at a time. Final Thoughts As the clocks retreat and daylight dwindles, it's vital to guard oneself against Seasonal Affective Disorder's impending gloom. Implementing these strategies can aid in managing symptoms effectively, allowing you to embrace the changing seasons with resilience and a brighter outlook. Everyone’s experience with SAD differs, so it's essential to find what works best for you. Incorporating these techniques into your routine allows you to navigate the seasonal shift with greater ease and vitality. Stay strong, stay connected, and don’t let the darker days dim your inner light!

Privacy Policy Privacy Policy, 16 October, 2023 The Privacy Policy below applies to the UK only. To read our full Privacy Policy for your country, including French, German, Italian, Hungarian, Greek, Romanian, Dutch, Croatian, Serbian, Russian, Indonesian, Japanese, Turkish, Czech, Bulgarian, Swedish, Slovenian, Portuguese, Maltese, Latvian, Lithuanian, Irish, Finnish, Danish, Arabic, English (Californian-specific), UAE, Chinese and India-specific, click here . ​ In the following, “GDPR” shall automatically include the “UK-GDPR” and corresponding legal provisions of the Swiss Federal Data Protection Act (FDPA) and any laws and regulations enacted by Member States and/or other jurisdictions, if required or necessary to comply with these laws. ​ This document also includes the California-Specific Description of Consumers’ Privacy Rights of the Business (CCPA/CPRA), and transparency information regarding PDPL (United Arab Emirates), PIPL (People’s Republic of China), DPDPA (India) and other laws identified below. ​ The information contained in this Transparency Document shall also inform all data subjects, including business partners, suppliers and customers and their employees, our employees and job applicants, from all other jurisdictions that are not named or mentioned specifically. If you miss information regarding your jurisdiction, please contact Heiko Jonny Maniero (info@dg- datenschutz.de). He will provide you with additional country or state specific information regarding your specific jurisdiction. ​ A. Identity and the contact details of the Controller (Art. 13 I lit. a, 14 I lit. a GDPR/UK-GDPR, FDPA) and the Business under CCPA/CPRA, PDPL, PIPL, DPDPA and under other laws identified below or applicable to the data subject. For all customer1, supplier, employee and applicants’ data in possession of the following company and related processing activities the Controller/Business is: Psycapps Ltd Royal Street 1 SE1 7LL London or the company or business you received an email or other communication from, identified with is details in such email or other communication. ​ B. Contact details of the Data Protection Officer (Art. 13 I lit. b, 14 I lit. b GDPR/UK-GDPR) and the Business under CCPA/CPRA, PDPL, PIPL, DPDPA and under other laws identified below or applicable to the data subject. Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M. mult., M.L.E.* Franz-Joseph-Str. 11 80801 München (Germany) Phone: +49 (0) 8131-77987-0 Email: info@dg-datenschutz.de Website: https://dg-datenschutz.de/ *Obligatory information, please see our website. ​ C. Identity and contact details of all non-EU controller’s EU representative (Article 27 GDPR) Heiko Maniero E-Mail: info@dg-datenschutz.de Franz-Joseph-Str. 11, 80801 München, Bayern, Germany. ​ D. Identity and contact details of controller’s UK representative (Article 27 UK-GDPR) Heiko Maniero E-Mail: info@dg-datenschutz.de 120 High Road, East Finchley, N2 9ED, London, England, United Kingdom. ​ E. Identity and contact details of controller’s representative in Switzerland (Art. 14 FDPA) Heiko Maniero E-Mail: info@dg-datenschutz.de c/o Cancellarius AG, Attn. Heiko Maniero, Pflanzschulstrasse 3, 8400 Winterthur, Switzerland. ​ F. Identity and contact details of the data protection advisor Switzerland (Art. 10 FDPA) Antoine Parella E-Mail: office@cancellarius.ch c/o Cancellarius AG, Attn. Antoine Parella, Pflanzschulstrasse 3, 8400 Winterthur, Switzerland. ​ G. Contact person, who is authorized to respond to inquiries or complaints regarding the personal information processing (Art. 6 (1) of the Standard Contract for Outbound Cross-border Transfer of Personal Information for China) Heiko Maniero E-Mail: info@dg-datenschutz.de Franz-Joseph-Str. 11, 80801 München, Bayern, Germany. ​ H. Identity and contact details of the controller’s contact person for CCPA/CPRA inquiries. Heiko Maniero E-Mail: info@dg-datenschutz.de Franz-Joseph-Str. 11, 80801 München, Bayern, Germany. ​ USA & Canada Toll Free +1 (800) 2958960 (Direct Line to the Privacy Officer - For CCPA/CPRA enquiries only) ​ I. Data Protection Supervisory Authorities The following data protection supervisory authorities are responsible for the Controller/Business. ​ EU Lead Data Protection Supervisory Authority (Responsible for EU Data Subjects) Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach ​ Data Protection Authority of Switzerland (Responsible for Data Subjects from Switzerland) Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, 3003 Bern, Switzerland. ​ UK Data Protection Supervisory Authority (Responsible for Data Subjects from the UK) Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom. ​ California Privacy Protection Agency (CPPA) (Responsible for Data Subjects from California) California Privacy Protection Agency (CPPA), 2101 Arena Blvd, Sacramento, CA 95834, USA. ​ Data Protection Authority of the United Arab Emirates (Responsible for Data Subjects from UAE) UAE Data Office at (https://tdra.gov.ae/en/) at Data Telecommunications and Digital Government Regulatory Authority (https://tdra.gov.ae/en/). ​ Data Protection Authority of China (Responsible for Data Subjects from China) Cyberspace Administration of China (CAC) (http://www.cac.gov.cn/) with its local branches. ​ Information about the Processing of Personal Data (Article 13, 14 GDPR) ​ The personal data of every individual who is in a contractual, pre-contractual or other relationship with our company deserve special protection. Our goal is to keep our data protection level to a high standard. Therefore, we are constantly developing our data protection and data security concepts. ​ Of course, we comply with the statutory provisions on data protection. According to Article 13, 14 GDPR, controllers meet specific information requirements when collecting personal data. This document fulfills these obligations. ​ The terminology of legal regulations is complicated. Unfortunately, the use of legal terms could not be dispensed with in the preparation of this document. Therefore, we would like to point out that you are always welcome to contact us for all questions concerning this document, the used terms or formulations. ​ 1. Compliance with the information requirements when personal data is collected from the data subject (Article 13 GDPR) ​ A. Identity and the contact details of the controller (Article 13(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 13(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 13(1) lit. c GDPR) The purpose of the processing of personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller. Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre- contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. ​ In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. ​ Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). ​ D. Where the processing is based on Article 6(1) lit. f GDPR the legitimate interests pursued by the controller or by a third party (Article 13(1) lit. d GDPR) Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders. ​ E. Categories of recipients of the personal data (Article 13(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ F. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 13(1) lit. f, 46(1), 46 (2) lit. c GDPR) ​ All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies or recipients can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard contractual clauses, Article 46(2) lit. c GDPR. ​ The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. ​ G. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 13(2) lit. a GDPR) The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. ​ H. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability (Article 13(2) lit. b GDPR) All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. ​ Right to restriction of processing According to Article 18 GDPR any data subject is entitled to a restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. Under this provision, the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ I. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a GDPR or Article 9(2) lit. a GDPR (Article 13(2) lit. c GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. ​ Withdraw of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In todays information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ J. Right to lodge a complaint with a supervisory authority (Article 13(2) lit. d, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 13(2) lit. d GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. ​ K. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data (Art. 13(2) lit. e GDPR) We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). ​ Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact us. We clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data. ​ L. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 13 (2) lit. f GDPR) As a responsible company, we do not use automatic decision-making or profiling. ​ V. Compliance with the information requirements when personal data is not collected from the data subject (Article 14 GDPR) ​ A. Identity and the contact details of the controller (Article 14(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 14(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 14(1) lit. c GDPR) The purpose of the processing of personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. ​ Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). ​ D. Categories of personal data concerned (Article 14(1) lit. d GDPR) Customer data Data of potential customers Data of employees Data of suppliers E. Categories of recipients of the personal data (Article 14(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ F. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 14(1) lit. f, 46(1), 46(2) lit. c GDPR) All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard data protection clauses, Article 46(2) lit. c GDPR. ​ The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. ​ G. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 14(2) lit. a GDPR) The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. ​ H. Notification of the legitimate interests pursued by the controller or by a third party if the processing is based on Article 6(1) lit. f GDPR (Art. 14(2) lit. b GDPR) According to Article 6(1) lit. f GDPR, processing shall be lawful only if the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. According to Recital 47 Sentence 2 GDPR a legitimate interest could exist where there is a relevant and appropriate relationship between the data subject and the controller, e.g. in situations where the data subject is a client of the controller. In all cases in which our company processes personal data based on Article 6(1) lit. f GDPR, our legitimate interest is in carrying out our business in favor of the well-being of all our employees and the shareholders. ​ I. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability (Article 14(2) lit. c GDPR) All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. ​ Right to restriction of processing According to Article 18 GDPR any data subject is entitled to restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. ​ Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. According to this provision the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ J. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a or Article 9(2) lit. a GDPR (Art. 14(2) lit. d GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In todays information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ K. Right to lodge a complaint with a supervisory authority (Article 14(2) lit. e, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 14(2) lit. e GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. ​ L. Source the personal data originate, and if applicable, whether it came from publicly accessible sources (Article 14(2) lit. f GDPR) In principle, personal data is collected directly from the data subject or in cooperation with an authority (e.g. retrieval of data from an official register). Other data on data subjects are derived from transfers of group companies. In the context of this general information, the naming of the exact sources from which personal data is originated is either impossible or would involve a disproportionate effort within the meaning of Art. 14(5) lit. b GDPR. In principle, we do not collect personal data from publicly accessible sources. Any data subject can contact us at any time to obtain more detailed information about the exact sources of the personal data concerning him or her. Where the origin of the personal data cannot be provided to the data subject because various sources have been used, general information should be provided (Recital 61 Sentence 4 GDPR). ​ M. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 14(2) lit. g GDPR) As a responsible company, we do not use automatic decision-making or profiling. ​ Information about the Processing of Personal Data for Employees and Applicants (Article 13, 14 GDPR) ​ Personal data of employees and applicants deserves special protection. Our goal is to keep our data protection level to a high standard. Therefore, we are constantly developing our data protection and data security concepts. ​ Of course, we comply with the statutory provisions on data protection. According to Article 13, 14 GDPR, controllers meet specific information requirements when processing personal data. This document fulfills these obligations. ​ The terminology of legal regulation is complicated. Unfortunately, the use of legal terms could not be dispensed with in the preparation of this document. Therefore, we would like to point out that you are always welcome to contact us for all questions concerning this document, the terms used or formulations. ​ I. Compliance with the information requirements when personal data is collected from the data subject (Article 13 GDPR) ​ A. Identity and the contact details of the controller (Article 13(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 13(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 13(1) lit. c GDPR) For applicant’s data, the purpose of data processing is to conduct an examination of the application during the recruitment process. For this purpose, we process all data provided by you. Based on the data submitted during the recruitment process, we will check whether you are invited to a job interview (part of the selection process). In case of generally suitable candidates, in particular in the context of the job interview, we process certain other personal data provided by you, which is essential for our selection decision. If you are hired by us, applicant’s data will automatically change into employee data. As part of the recruitment process, we will process other personal data about you that we request from you and that is required to initiate or fulfill your contract (such as personal identification numbers or tax numbers). For employee data, the purpose of data processing is the performance of the employment contract or compliance with other legal provisions applicable to the employment relationship (e.g. tax law) as well as the use of your personal data to carry out the employment contract concluded with you (e.g. publication of your name and the contact information within the company or to customers). Employee data is stored after termination of the employment relationship to fulfill legal retention periods. The legal basis for data processing is Article 6(1) lit. b GDPR, Article 9(2) lit. b and h GDPR, Article 88 (1) GDPR and national legislation, such as for Germany Section 26 BDSG (Federal Data Protection Act). ​ D. Categories of recipients of the personal data (Article 13(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ E. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 13(1) lit. f, 46(1), 46 (2) lit. c GDPR) All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies or recipients can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard contractual clauses, Article 46(2) lit. c GDPR. The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. F. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 13(2) lit. a GDPR) The duration of storage of personal data of applicants is 6 months. For employee data the respective statutory retention period applies. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. G. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability (Article 13(2) lit. b GDPR) ​ All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. Right to restriction of processing According to Article 18 GDPR any data subject is entitled to a restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. ​ Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. Under this provision, the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ H. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a GDPR or Article 9(2) lit. a GDPR (Article 13(2) lit. c GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In today’s information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ I. Right to lodge a complaint with a supervisory authority (Article 13(2) lit. d, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 13(2) lit. d GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. ​ J. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personaldata; possible consequences of failure to provide such data (Art. 13(2) lit. e GDPR) We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact us. We clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data. ​ K. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 13 (2) lit. f GDPR) As a responsible company, we do not use automatic decision-making or profiling. VI. Compliance with the information requirements when personal data is not collected from the data subject (Article 14 GDPR) ​ A. Identity and the contact details of the controller (Article 14(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 14(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 14(1) lit. c GDPR) For applicant’s data not collected from the data subject, the purpose of data processing is to conduct an examination of the application during the recruitment process. For this purpose, we may process data not collected from you. Based on the data processed during the recruitment process, we will check whether you are invited to a job interview (part of the selection process). If you are hired by us, applicant’s data will automatically convert into employee data. For employee data, the purpose of data processing is the performance of the employment contract or compliance with other legal provisions applicable to the employment relationship. Employee data is stored after termination of the employment relationship to fulfill legal retention periods. The legal basis for data processing is Article 6(1) lit. b and f GDPR, Article 9(2) lit. b and h GDPR, Article 88 (1) GDPR and national legislation, such as for Germany Section 26 BDSG (Federal Data Protection Act). ​ D. Categories of personal data concerned (Article 14(1) lit. d GDPR) Applicant’s data Employee data ​ E. Categories of recipients of the personal data (Article 14(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ F. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 14(1) lit. f, 46(1), 46(2) lit. c GDPR) All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies or recipients can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard data protection clauses, Article 46(2) lit. c GDPR. The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. ​ G. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 14(2) lit. a GDPR) The duration of storage of personal data of applicants is 6 months. For employee data the respective statutory retention period applies. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. H. Notification of the legitimate interests pursued by the controller or by a third party if the processing is based on Article 6(1) lit. f GDPR (Art. 14(2) lit. b GDPR) According to Article 6(1) lit. f GDPR, processing shall be lawful only if the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. According to Recital 47 Sentence 2 GDPR a legitimate interest could exist where there is a relevant and appropriate relationship between the data subject and the controller, e.g. in situations where the data subject is a client of the controller. In all cases in which our company processes applicant’s data based on Article 6(1) lit. f GDPR, our legitimate interest is the employment of suitable personnel and professionals. I. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability (Article 14(2) lit. c GDPR) All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. Right to restriction of processing According to Article 18 GDPR any data subject is entitled to restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. ​ Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. According to this provision the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ J. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a or Article 9(2) lit. a GDPR (Art. 14(2) lit. d GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In today’s information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ K. Right to lodge a complaint with a supervisory authority (Article 14(2) lit. e, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 14(2) lit. e GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. L. Source the personal data originate, and if applicable, whether it came from publicly accessible sources (Article 14(2) lit. f GDPR) In principle, personal data is collected directly from the data subject or in cooperation with an authority (e.g. retrieval of data from an official register). Other data on data subjects are derived from transfers of group companies. In the context of this general information, the naming of the exact sources from which personal data is originated is either impossible or would involve a disproportionate effort within the meaning of Art. 14(5) lit. b GDPR. In principle, we do not collect personal data from publicly accessible sources. ​ Any data subject can contact us at any time to obtain more detailed information about the exact sources of the personal data concerning him or her. Where the origin of the personal data cannot be provided to the data subject because various sources have been used, general information should be provided (Recital 61 Sentence 4 GDPR). M. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 14(2) lit. g GDPR) As a responsible company, we do not use automatic decision-making or profiling. ​ ​ 1) For reasons of better readability, the simultaneous use of the language forms male, female, diverse and other gender identities (m/f/d/other) are not used on our websites, in publications and communication. All language used shall equaly apply to all genders..

Clinically proven digital gaming app designed to build emotional resilience in students. BOOK A DEMO CLINICAL RESEARCH Trusted and valued by 500 ,000+ teachers, students and professionals who have already discovered eQuoo teachers, students The Proof is in the Research eQuoo is in the 2% of mental health apps that have undergone clinical trials. ​ Seamless Onboarding and Ongoing Support We will support you all of the way to allow your students easy access to eQuoo, to help maximise early engagement and ensure a successful launch. Post-launch, your Account Manager will keep in regular contact and provide analytical reports to show the impact eQuoo is making to your students' resilience and wellbeing. Robust Reporting- see the value of eQuoo Access detailed reporting on student engagement and retention, the clinical impact on mental health, at-risk populations, trends, and student-reported value - including the impact on productivity and enjoyment in playing the game. Learn to Earn Integrate with your MiS system for centralised reporting Builds Resilience eQuoo is designed to build resilience and reduce anxiety and depression in just 5 weeks Custom Signposting Custom in-app signposting to direct students to the most suitable care Insights Reporting suite against all groups, SEN, Pupil Premium, Ethnicity and more Created by Psychologists Built for Education Primary & High Schools | Higher Education | Apprentices Created by Psychologists Built for Education Bespoke Triage System Link to Internal Staff and Resources Custom signposting for internal and external support Intuitive Emotional Wellbeing Assessment for Appropriate Signposting BOOK A DEMO BOOK A DEMO Created by Psychologists Built for Education Who we are working with Paragon Skills is an award-winning, Ofsted-rated ‘Good’, national apprenticeship provider inspiring over 7,000 learners annually and working with over 2000 businesses to deliver apprenticeships in a high-quality, consistent way. Paragon Skills partners with eQuoo as they recognise the emotional and mental health of their employees, and apprentices is of great importance to their personal growth and well-being. Join 500,000+ teachers, students, and professionals who have already discovered eQuoo BOOK A DEMO students, teachers and professionals who have already trusted us + 000 500, higher retention rate than other mental health apps 3 x longer sessions than other wellbeing apps 5 x to proven results ​ 5 weeks “Educational establishments across the UK have seen considerable growth in students requiring mental health support, partly due to the pandemic. We are providing a range of services to support these students, we recognise that eQuoo can help us to support students before they need that intervention and those in need of immediate support. We are using the eQuoo app to build the resilience of our students and are pleased to be collaborating on this project.” Deputy Principal, Cambridge I have already learnt how to help control these negative thoughts, and as I play through more of the game, I look forward to learning about my own mental health and how to improve my thinking. The game has a wealth of knowledge and information, based on scientific study to help you improve your emotional and mental health. You can begin improving your mental health today, just by playing through an adventure game and making choices based on your own thinking. Who we are working with Join 500,000+ teachers, students, and professionals who have already discovered eQuoo BOOK A DEMO 65 retained users stay for over 30 days % 5 longer sessions than other wellbeing apps x 3 higher retention rate than other mental help apps x

A Note from eQuoo Purpose-built for students and staff in education, eQuoo is a team of psychologists, mental health advocates and creatives with a shared passion for improving the mental wellbeing of all students. Mental health is more relevant than ever, especially in young adults but getting support is costly, with long waiting times and associated stigma. That’s why we’ve built a state-of-the-art app, accessible at any time, with the most robust reporting system so that every student and staff member can build the best versions of themselves. "We are here for your students We understand the pressures and challenges Schools and Colleges face and the growing wellbeing interventions needed to support students. Our mission, via our clinically proven solutions, is to build the resilience and mental health of UK students, reducing interventions and helping them become the best versions of themselves. " Tim Smith, Business Development Director Personal Growth Reduce Anxiety Relationship Skills Reduce Depression Resilience Integrated Wellbeing and achievement is an integrated concept Builds Resilience eQuoo is designed to lower anxiety & depression and build resilience Triage System In-app triage system to direct students to the most suitable care Insights Backend access to robust analytics and insights Cofounder, CEO & Psychologist SILJA LITVIN A clinical psychologist with years of experience providing counselling and therapy, including in the NHS NELFT mood and eating disorder division. Silja’s speciality is clinical psychology (depression and anxiety) and systemic psychology, the science of relationships. ​ "Psychological skills are a human's mental toolbox, and I'm here to equip young adults." Cofounder & COO VANESSA HIRSCH-ANGUS On the back of 17 years at AXA in global senior Leadership roles, Vanessa has significant health and wellbeing knowledge and wide-ranging, international business experience across multiple sectors, including Private Equity. ​ "Life has never been more complicated for young people. I’m passionate about finding ways for them to deal with those challenges - to thrive, not just survive" Founders Meet the Team Meet the talented and passionate team behind eQuoo! Our team is comprised of experienced professionals in the field of psychology, gaming, and technology. With their diverse backgrounds, our team members bring a unique perspective to the eQuoo project. From our developers, who work tirelessly to ensure that you're able to enjoy a seamless gaming experience, to our psychologists, who have lent their expertise to developing unique gamified tools that help people improve their emotional health and wellbeing, each member is committed to pushing the boundaries of what's possible in the world of gaming for good. Get to know us better and join us on our exciting journey to revolutionise online gaming! CFO ANTHONY LILLYMAN Business Development Director TIM SMITH Lead Researcher Dr. PHILIP JEFFERIES Lead Unity Developer ADELINE TUSHABE Marketing Manager SHREE MAGDANI Head of the Division of Psychology and Language Sciences, UCL ​ Prof. Peter Fonagy Professor of Psychology and Head of the Research Unit Emotion and Motivation, LMU Prof. Markus Maier Professor of Psychology, UCL ​ Prof. Steve Pilling Clinical Advisory Board