Ready to bring eQuoo to your school? As an educator, you know the value of interactive and engaging tools in the classroom. In today's digital age, students are increasingly drawn to technology, and eQuoo is no exception. Providing a unique and innovative approach to mental health education, eQuoo is a game-based tool that can help your students navigate the challenges of everyday life. With eQuoo, students will learn valuable skills in emotional intelligence, mindfulness, and positive psychology, all while having fun and interacting with their peers. Don't miss out on the opportunity to bring this exciting and effective tool to your school. Contact us today to learn more about how eQuoo can help your students thrive. BOOK A DEMO Personal Growth Reduce Anxiety Relationship Skills Reduce Depression Resilience Integrated Wellbeing and achievement is an integrated concept Builds Resilience eQuoo is designed to lower anxiety & depression and build resilience Triage System In-app triage system to direct students to the most suitable care Insights Backend access to robust analytics and insights Head of the Division of Psychology and Language Sciences, UCL Prof. Peter Fonagy Professor of Psychology and Head of the Research Unit Emotion and Motivation, LMU Prof. Markus Maier Professor of Psychology, UCL ​ Prof. Steve Pilling Clinical Advisory Board From Research to Application PsycApps Ltd., the company behind eQuoo, the Emotional Fitness Game, is aware of the great responsibility that comes along with designing and distributing mental wellbeing and mental health products. Litvin, Silja, Rob Saunders,Markus A. Maier,Stefan Lüttke (2020) Gamification as an approach to improve resilience and reduce attrition in mobile mental health interventions: A randomized controlled trial VIEW STUDY Litvin, Silja & Markus, Maier (2019) How mHealth programmes can treat depression: A randomised controlled trial VIEW STUDY Litvin, Silja (2019) A review on digital mental health applications types, PsycApps and eQuoo VIEW STUDY Clinical Research

Terms and Conditions MASTER SERVICES AGREEMENT ​ Last updated 08/06/2023 ​ 1. DEFINITIONS AND INTERPRETATION. As used in this Master Services Agreement: 1.1 “Affiliates” means , in respect of any entity, any entity that directly or indirectly controls, is controlled by or is under common control with that entity within the meaning set out in section 1124 of the Corporation Tax Act 2010; 1.2 “Agreement” means this Master Services Agreement together with all Signed Quotes, Privacy Policy, and other written documents made between Client and PsycApps whether by execution of such document by both Parties or incorporation by reference; 1.3 “App” means PsycApps application (eQuoo) available for download from third party application stores or as a mobile application on the Website; ​ 1.4 “Business Day” means any day of the year other than a Saturday, Sunday or a Statutory or public holiday in the Territory(ies), but only to the extent such term refers to a Service being delivered in respect of such Territory; 1.5 “Client Data” means any data of Client supplied by or on behalf of Client to PsycApps or any such data created as a result of the processing of such data, including any data contained or embodied in PsycApps Property; ​ 1.6 “Confidential Information” means any information identified by either Party and/or its Affiliates as “Confidential” and/or “Proprietary”, or which, under the circumstances, ought to be treated as confidential or proprietary, including non-public information related to the disclosing Party's (and/or an Affiliate’s) business, employees, service methods, software, documentation, financial information, prices and product plans; 1.7 “Effective Date” has the meaning set forth in Section 3.1 (Term); 1.8 “Fees” means the fees payable by Client to PsycApps for the licence, as contemplated in Section titled “Fees” below; 1.9 “Including” and “Includes” shall, wherever they appear in the Agreement, be deemed to be followed by the statement “without limitation”, and neither of such terms shall be construed to limit any words or statement which it follows to the specific or similar items or matters immediately following it; 1.10 “Initial Term” means the term as set out in the Quote; ​ 1.11 “Intellectual Property” means patents, rights to inventions, copyright and related rights, trademarks, trade names, domain names and names registrable on social media or other internet services, rights in get-up, rights in goodwill or to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications (or rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which may now or in the future subsist in any part of the world; 1.12 “Master Services Agreement” means this master services agreement and any exhibits, schedules, appendices or other attachments here to; 1.13 “Materials” means all materials, forms, brochures, tip sheets, posters, and online content furnished by PsycApps to the Client, and any derivatives there of; 1.14 “Quote” means the applicable quote signed by Client and PsycApps in respect of the Services; 1.15 “Parties” means collectively Client and PsycApps, and each is a “Party”; 1.16 “Personal Information” means information about an identifiable individual which constitutes information governed by any applicable privacy or data protection law, statute or regulation; 1.17 “Privacy Policy” means the terms of privacy, data protection and the use of cookies, posted on the Website and App, as amended from time to time; ​ 1.18 “PsycApps Contractor” means any person who is not a Party or an employee of PsycApps, who PsycApps contracts or otherwise engages to assist with or perform any part of the Services; 1.19 “PsycApps Property” means, collectively: (i) any and all systems, hardware, software, networks, online content, applications, source codes, specifications, templates, modules, devices, equipment, documentations or other property owned, licensed, leased, produced, designed, created or used by PsycApps as of the Effective Date or thereafter, whether for purposes of providing the Services pursuant to the Agreement or for any other purpose; (ii) all Confidential Information of PsycApps; (iii) all Materials; and (iv) any and all Intellectual Property in any of the foregoing or related there to; 1.20 “Renewal Term” has the meaning given to it in Section 3.1; 1.21 “Service Term” means the Initial Term and any Renewal Term; ​ 1.22 “Service Terms” means the applicable Terms of Use or Master Services Agreement for the App as posted on https://www.equoo-wellbeing.com/ at the time of signing the applicable Quote; 1.23 “Services” means, collectively, the services supplied by PsycApps to the Client under the Agreement, as such services are more particularly described in the Master Services Agreement, or Quote, and each is a “Service”; ​ 1.24 “Service Start Date” or “Contract Start Date” means, in respect of a Service, the commencement date for the provision of that Service as set out in the Quote; 1.25 “Software” means any software program(s) licensed or provided by PsycApps to the Client through which the Service will be provided, as such Software may be more particularly described in the Master Services Agreement; 1.26 “Taxes” means all sales taxes, value added taxes, goods and services taxes, business transfer taxes, withholding taxes or any other taxes now or hereafter levied or imposed by any governmental authority by reason of or with respect to the provision of the Services to Client, but, for certainty excluding PsycApps’ taxes for income derived under the Agreement; 1.27 “Territory” means the territory or territories in respect of which the Services are to be delivered; 1.28 “Users” means individuals who register an account to use the Services; 1.29 “User Terms” means the terms applicable to Users under this Master Services Agreement posted on the Website and App, as amended from time to time; 1.30 “Website” means PsycApps website https://www.equoo-wellbeing.com/ and all subdomains there of; and 1.31 “Website Terms of Use” means the terms under this Master Services Agreement governing the access to and use of the Website and App posted on the Website and App, as amended from time to time. 2. SERVICES 2.1 Services: PsycApps shall provide the Service(s) to Client as more particularly set forth in the Master Services Agreement and Signed Quote. Client acknowledges and agrees that certain Services or parts thereof may be subcontracted by PsycApps to PsycApps Contractors, including Affiliates of PsycApps. However, regardless of any such subcontract, PsycApps shall remain solely liable for performance of the Services and all of its obligations hereunder. ​ 2.2 Additional Terms: The following terms apply to the provision and use of the Services: 2.2.1 Website Terms of Use; 2.2.2 User Terms; and 4 2.2.3 Privacy Policy. ​ 2.3 Affiliates Use. All Services are provided to the Client on the strict condition that they are used for the Client’s own internal business use within the respective Establishment as reflected on the Signed Quote. However, and notwithstanding the above, it is agreed that the Services may be used by Client’s Affiliates provided that: 2.3.1 the Services are used by Client and/or its Affiliates only within the respective Establishment in which PsycApps has agreed to provide such Service; 2.3.2 Client shall remain liable for the acts and omissions of all of its Affiliates as if the acts and omissions were acts and omissions of Client; 2.3.3 any loss or damage arising in connection with the Services incurred by such affiliate shall be actionable by Client as if such loss and damage were incurred by Client, but shall not be actionable by Client’s Affiliate directly against PsycApps or any PsycApps Contractor; 2.3.4 such Affiliate shall be deemed to have agreed to comply with all covenants and obligations on the part of Client herein, and agreed that PsycApps shall be entitled to all of the rights and benefits granted herein, as if such Affiliate has been a signatory to the Agreement; 2.3.5 Client shall be liable for any and all Fees and other charges, arising as a result of such Affiliate’s use of the Services, including any consequent increases in transactions, user numbers, set-up requirements, data records or Service provision. ​ 2.4 Professional Services. Any work or services to be delivered by PsycApps will be described in the Signed Quote. However, and for the avoidance of doubt, if for any reason Client avails itself of work or services provided by PsycApps which are not specifically identified in the Signed Quote, such work will be provided subject to the terms and conditions of this Master Services Agreement, and at PsycApps then current price for such additional work or services. The scope of services may be amended from time to time upon mutual agreement via a new Signed Quote by the Parties. PsycApps shall assign employees or subcontractors qualified to perform such professional services work, who shall exercise due professional care and competence in the performance of such Services. With respect to such professional Services, Client shall: 2.4.1 provide qualified personnel to work with PsycApps personnel in the execution of such services; 2.4.2 supply adequate resources and information as mutually agreed; 2.4.3 notify PsycApps in writing of any request for changes to the Signed Quote; 2.5 Client remains solely responsible for all decisions affecting its employees/users and for using the Services in accordance with applicable laws, professional guidelines, and privacy requirements. 3. TERM AND TERMINATION 3.1 Term. The Agreement will become effective when the Quote is signed by Client and by PsycApps (the “Effective Date”) and shall continue for the Initial Term and thereafter the Agreement shall renew for successive periods as per the Initial Term (each a “Renewal Term”) unless: (a) either Party notifies the other party of a change in the upcoming Renewal Term, which shall renew for no less than twelve (12) months, or (b) either Party notifies the other party of termination, in writing, at least three (3) months before the end of the Initial Term or any Renewal Term, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Term; or (c) otherwise terminated earlier in accordance with the terms hereof. The Service Term for each particular Service shall commence on the Service Start Date and continue for the Service Term. While PsycApps will use commercially reasonable endeavours to meet the anticipated Service Start Date, the Parties acknowledge that implementation timelines have been estimated in good faith and Client shall not be entitled to any compensation or relief for loss resulting from a failure to meet such estimated time frames. ​ 3.2 Termination. The Agreement (or at the option of the Party exercising the termination right, only the affected Service Terms) may be terminated as follows: 3.2.1 immediately by PsycApps without further notice to Client (provided PsycApps expressly refers to the threat of termination), if Client fails to pay any Fees when due, and such failure continues for a period of fourteen (14) days after PsycApps provides Client with written notice of such breach; 3.2.2 by either Party immediately if the other Party fails to materially perform, or is otherwise in default of, any one or more of its material obligations under the Agreement (except failure by Client to pay Fees, when the provisions of the preceding subsection shall prevail), and (only where such failure or default is remediable) fails to remedy such failure within thirty (30) days after receiving written notice of default from the non-defaulting Party; or 3.2.3 immediately by either Party if the other Party is, or is deemed for the purposes of any law to be, unable to pay its debts as they fall due or insolvent, or any corporate action, legal proceedings or other procedure or step is taken against such Party in relation to or with a view to winding-up, dissolution, administration, reorganisation (in each case, whether out of court or otherwise) in respect of such Party (or a Client Affiliate receiving Services) or any of its assets, or any analogous procedure or step is taken in any jurisdiction. 4. FEES AND PAYMENT ​ 4.1 Fees. Client will pay the Fees plus all applicable Taxes, in the amounts and in accordance with the payment terms and processes set forth in the Quote and Master Services agreement. All invoices from PsycApps shall be paid by Client within thirty (30) calendar days of the Client’s receipt of the relevant invoice. Any Taxes imposed on any transactions between Client and PsycApps contemplated under the Agreement shall be the subject of an additional charge and shall be shown separately on any invoice or similar document together with the required tax registration numbers, and paid by the relevant Party at the same time as that Party pays the amount in respect of which such Taxes are payable. All Fees (and applicable Taxes) for Services provided within a Territory are the sole responsibility of Client and will be invoiced to, and payable by, the local Client entity located in such Territory. However, in the event that Services are invoiced to a Client entity from a PsycApps entity outside of the Territory in which the Client entity receiving such Services is located, the Client entity shall remit payment to the PsycApps entity issuing the invoice and shall be solely responsible to self-assess for all Taxes relating to such Services to the extent such Taxes are not paid to PsycApps. In addition, neither Party shall exercise the right of set-off against any Fees. 4.1.1 All fees relating to subscriptions and services are non-refundable. 4.2 Expenses. PsycApps reserves the right to require the Client, in addition to all Fees, to reimburse PyscApps for all reasonable expenses (in accordance with PsycApps’ then current expense policy) incurred in connection with the implementation and provision of the Services, including travel, accommodation and meals. 4.3 Late Fees. PsycApps may charge a late payment fee in the amount of 1% per month for late payments made by Client. Client agrees to pay late payment fees including all costs of collection (including reasonable legal fees and expenses). If Client fails to comply with any of the terms of payment in the Agreement for more than seven (7) Business Days after receipt of a written demand for payment (unless subject to a good faith dispute that the Client has provided notice in writing to PsycApps of), PsycApps may, in addition to any other right available to it, suspend performance of all or any part of its Services. 4.4 Currency. All Fees are payable in the currency stated in the relevant Quote and shall be remitted to PsycApps in that currency. If remitted in another currency and/or from outside the Territory, sufficient funds must be remitted such that the net sum received by PsycApps in the requisite currency after foreign exchange and other bank charges is that stated on the relevant invoice. PsycApps will be entitled to invoice the Client for any shortfall. 5. CONFIDENTIALITY AND PRIVACY ​ 5.1 Non-Disclosure. Neither Party shall disclose Confidential Information of the other Party except as permitted in accordance with the terms of the Agreement. The receiving Party shall use the same degree of care as it uses to protect its own Confidential Information of like nature, but no less than a reasonable degree of care, to maintain in confidence the Confidential Information of the disclosing Party. The foregoing obligations shall not apply to any information that (i) is at the time of disclosure, or thereafter becomes, part of the public domain through a source other than the receiving Party; (ii) is subsequently learned from a third party that does not impose an obligation of confidentiality on the receiving Party; (iii) was known to the receiving Party at the time of disclosure; (iv) was generated independently by the receiving Party; or (v) is required or permitted to be disclosed by law. PsycApps may transfer Client's Confidential Information to a third party, the identity of which will be provided on request, to the extent necessary for PsycApps to perform its obligations under the Agreement. 5.2 Compliance. PsycApps and Client each hereby represent that they have taken commercially reasonable steps to ensure that they will at all times be in compliance with applicable laws relating to privacy and the collection, use and disclosure of Personal Information relating to the Services. PsycApps and Client each hereby represent that any Personal Information provided by it to the Other Party under the Agreement has been and shall be collected, transferred, disclosed, and/or processed in compliance with such privacy laws (including obtaining the proper consent where applicable). In addition, each Party agrees to provide reasonable cooperation to the other in the instance that the other Party is subject to an inquiry by a regulatory authority, the scope of which includes operations or information within the assisting Party’s control. ​ 5.3 Use and Retention. PsycApps acknowledges that it is receiving Personal Information in connection with the performance of Services it provides under the Agreement and, where it does so, it will process such Personal Information as a data controller and any such processing will be carried out in accordance with the Privacy Policy and all applicable law. 5.4 Personal Information. Client acknowledges and agrees that PsycApps may transfer or disclose such Personal Information to its employees or other representatives and PsycApps Contractors, provided that such transfer or disclosure is limited to those parties who PsycApps reasonably requires to access such information for the Purpose, provided that such parties have confidentiality obligations with respect to the Personal Information at least as protective of the obligations contained herein, whether by contract or operation of law. 5.5 Injunctive Relief. Without prejudice to any other rights or remedies that each Party may have, each Party acknowledges and agrees that damages alone would not be an adequate remedy for any breach of the terms of the Agreement by the other Party. Accordingly, each Party shall be entitled to the remedies of injunctions, specific performance or other equitable relief for any threatened or actual breach of the Agreement. 6. INTELLECTUAL PROPERTY 6.1 Ownership of Intellectual Property. Each Party shall remain the owner of all Intellectual Property it owns prior to the Effective Date and that which it creates in the performance of its obligations under the Agreement. PsycApps is and shall remain the sole and exclusive owner of all PsycApps Intellectual Property and any and all components thereof, whether owned on the Effective Date or acquired thereafter, and Client is and shall remain the sole and exclusive owner of Client Data and any and all components thereof. Client acknowledges and agrees that Client does not acquire any ownership of, or other rights in relation to, any such Intellectual Property rights by virtue of receiving the Services or by using the Website or the App. Forthwith upon the expiration or termination of the Agreement or the Service Terms, as the case may be, each Party shall forthwith return to the other Party, all such property in its possession or control relating to Agreement or terminated Service Terms, as the case may be. ​ 6.2 Right of Use. PsycApps hereby grants to Client, starting on the Effective Date and continuing for so long as required for a Service, the right to access and use the Software and such other PsycApps Property as may be required for Client to receive and use the Services internally within the Establishment as reflected on the Signed Quote, subject to and in accordance with the following terms: 6.2.1 the Software and PsycApps Property is provided solely for the purpose of enabling Client to receive and use the Services, and without limitation, Client shall not use it in any manner that would be illegal, offensive or damaging to PsycApps or any third party; 6.2.2 Client shall use all reasonable endeavours to prevent unauthorised access to, or use of, the Services, as well as notify PsycApps promptly of any such unauthorised access or use; 6.2.3 Client shall not modify, merge, copy, disseminate, display, disassemble, reverse engineer, tamper with, or otherwise attempt to decrypt or derive the source code, any trade secrets or any proprietary information or create any applications or any derivative works of the Software or PsycApps Property; and 6.2.4 Feedback. Clients may from time to time provide suggestions, comments, or other feedback with respect to the Service (“Feedback”). For the avoidance of doubt, Feedback will only refer to suggestions, comments or other feedback provided to PsycApps specifically regarding the Service and will not include User Information or Customer Data. PsycApps may want to incorporate Feedback into its Service and this clause provides PsycApps with the necessary licence to do so. Client hereby grants to PsycApps and PsycApps’s assigns a royalty-free, worldwide, perpetual, irrevocable, fully transferable and sublicensable right and licence, if any, to use, disclose, reproduce, modify, create derivative works from, distribute, display, and otherwise distribute and exploit any Feedback as PsycApps sees fit, entirely without obligation or restriction of any kind, except that PsycApps will not identify Customer as the provider of such Feedback. 6.3 Indemnity for Infringement. PsycApps will indemnify and hold Client harmless from and against any and all claims alleging that the Services and any Intellectual Property furnished by PsycApps violate any third party's patent, trade secret or copyright, except to the extent that such claims arise from Client's modification of the Services or Intellectual Property or from Client’s use of such Services in excess of the provisions set out in this Section 6. However, PsycApps’ liability hereunder shall be conditional upon Client providing PsycApps with timely written notice of any such claim or threat thereof, and the full and exclusive authority for, and information for and assistance with, the defence and settlement thereof. If such claim has occurred, or in PsycApps’ opinion is likely to occur, Client agrees to permit PsycApps, at its option and expense, either to procure for Client the right to continue using the Intellectual Property, or replace or modify the same so that it becomes non-infringing. If neither of the foregoing alternatives is reasonably available, PsycApps may immediately terminate the Agreement in its entirety. 7. DISPOSITION OF DATA 7.1 Record Retention. Except as otherwise expressly provided for in the Agreement, will not be responsible for storing copies of Client’s records or Client Data when PsycApps no longer requires such information to provide Services to Client, and Client shall be responsible for retaining its own business records and Client Data. Client will reimburse PsycApps for the reasonable out of pocket costs of producing any information in PsycApps’ possession or control relating to Client’s business or employees that PsycApps produces in response to a Client request or court order. Unless otherwise required by law, upon termination of the Agreement or any of the Services, PsycApps may dispose of Client’s records and data in accordance with PsycApps’ data retention policy. Client shall utilise the reporting tools (where applicable) supplied under this Agreement, to extract Client Data required during this Agreement and/or upon expiration or termination of this Agreement; where Client requests PsycApps provide such data, this activity will be chargeable. 8. REPRESENTATIONS AND WARRANTIES ​ 8.1 PsycApps’ Representations and Warranties. PsycApps represents and warrants to Client as follows: 8.1.1 it has all the requisite authority to enter into the Agreement and is lawfully entitled to supply the Services to Client in the manner contemplated herein; 8.1.2 it will use all reasonable skill and care in accordance with industry practice in the course of performing the Agreement; and 8.1.3 it will comply with all laws and regulations applicable to it relating to the provision of the Services in the Territory. ​ 8.2 Client’s Representations and Warranties. Client represents and warrants to PsycApps as follows: 8.2.1 it has all the requisite authority and is lawfully entitled to enter into the Agreement; and 8.2.2 it will comply with its obligations as set out in the Agreement, including any associated Service Terms and will provide all reasonable cooperation to PsycApps in the performance of the Agreement. 8.3 Exclusions. The express and limited representations and warranties provided in the Agreement comprise all of the representations and warranties made with respect to the Services, products, Intellectual Property and other items provided, furnished, licensed, leased or otherwise made available or performed to Client by PsycApps pursuant to or in relation to the Agreement. Any further or other warranties or conditions, whether express or implied, are expressly excluded to the extent permitted by law. Without limiting the foregoing, PsycApps does not warrant that, to the extent the Services require computer software or Services delivered using computer software, the provision of those Services will be entirely error free or will run uninterrupted. 9. LIMITATIONS OF REMEDIES ​ 9.1 Limitation of Liability. To the maximum extent permitted by applicable law, Client agrees that PsycApps’ maximum aggregate liability (including that of PsycApps’ Affiliates and PsycApps Contractors) to the Client, its Affiliates and other related parties (collectively in this Section referred to as the “Aggrieved Parties”) for all past, present and future claims, demands, actions, causes of actions, requests, lawsuits, judgments, damages, costs, expenses, prejudices or losses (collectively in this Section referred to as the “Claims”) in relation to or arising under the Agreement (whether for breach of contract, strict or statutory liability, negligence or any other legal or equitable theory) shall be limited to the Aggrieved Parties’ actual direct damages and shall not, under any circumstances, exceed, in the aggregate, for all Claims, the greater of: (i) the total amount paid by the Client (and any Affiliates) for the defective Services causing the damages during the 12 months immediately preceding the loss; or (ii) £35,000. However, the above limitation of liability shall not apply to Claims relating to the following: 9.1.1 death or personal injury resulting from PsycApps’ negligence; 9.1.2 PsycApps’ fraud or statements made fraudulently; 9.1.3 any Claim for indemnity by the Client under Section 6.3 (IP Infringement); and 9.1.4 any acts or omissions for which the governing law prohibits the exclusion or limitation of liability. 9.2 Damages Disclaimer. To the maximum extent permitted by applicable law, and notwithstanding anything to the contrary contained in the Agreement, neither Party shall be liable for any indirect, consequential (including damages for business interruption or loss of business information or data), or special damages, claims by third parties, or damages for loss of profits, goodwill, anticipated savings or revenues, arising in relation to or under the Agreement, even if advised of the possibility of such damages or if the possibility of such damages was reasonably foreseeable. 10. CHANGES 10.1 Changes to Legislation. In the event of a change to any applicable law or regulation affecting the Services, or any reasonably unforeseen change materially affecting the cost of providing the Services, PsycApps may make changes to the Agreement with thirty (30) days’ prior written notice to Client. If, upon notification of the change, Client elects not to continue the Services, then notwithstanding anything to the contrary in the Agreement, Client may terminate the Agreement upon thirty (30) days’ prior written notice without penalty or cancellation fees. ​ 10.2 Changes to Service. Client acknowledges and agrees that in order to maintain flexibility in the business, PsycApps reserves the right to make changes to the Services or the manner in which they are delivered, at any time and from time to time, as PsycApps considers reasonable and/or necessary (including changes to improve such Services and/or necessary to reflect legislative changes), provided that such change does not materially adversely impact the Services being delivered to Client. 10.2.1 Any changes or updates resulting from the changes described above to the Master Services Agreement will be indicated at the top of the page with the date that the relevant terms were last revised. The Customer’s continued use of our Websites and/or Services after any such changes have been made, constitutes the Customer’s acceptance of the new Master Services Agreement. 11. NOTICES 11.1 All notices to the Parties shall be in writing and shall be sent to Client at the address set forth on the Order Form, and to PsycApps to the attention and address of Client’s account representative (if any) or to the local PsycApps service centre or to such other address or fax number as either Party may hereafter specify by written notice to the other Party. Each such notice, request or communication shall be effective upon receipt, provided that if the day of receipt is not a Business Day, then the notice shall be deemed to have been received on the next succeeding Business Day. 12. FORCE MAJEURE 12.1 Neither Party nor their respective Affiliates (nor PsycApps Contractor) shall be held liable or responsible to the other Party nor be deemed to have defaulted under or breached the Agreement for failure or delay in fulfilling or performing any term of the Agreement (except for the failure to pay money) when such failure or delay is caused by or results from causes beyond the reasonable control of the affected Party. 13. GENERAL PROVISIONS ​ 13.1 The Agreement and the Parties’ rights and obligations shall be governed by English law, and the parties submit to the exclusive jurisdiction of the English courts. 13.2 PsycApps may assign its rights and obligations under the Agreement without the consent of Client provided that it gives prior written notice to Client. Client shall not assign, sub-contract, transfer, mortgage, charge, declare a trust of or deal in any other manner with any or all of its rights under this Agreement, in whole or in part, without PsycApp’s prior written consent (such consent not to be unreasonably withheld or delayed). The Agreement shall enure to the benefit of and be binding upon the Parties hereto and their respective successors and permitted assigns. Upon request of the non-assigning Party, any permitted assignee shall execute an agreement in writing with the other Party hereto assuming all obligations of its assignor under the Agreement. 13.3 During the Service Term and for one year thereafter, Client shall not intentionally solicit the services of any PsycApps employees who were involved in the performance of such Services, except that Client shall not be precluded from hiring any such employee who: (i) initiates discussions regarding such employment without any direct or indirect solicitation by Client; or (ii) responds to any public advertisement placed by Client. ​ 13.4 In the case of any conflict between this Master Services Agreement and the terms applicable to only one or more particular Service(s) as set forth in the Signed Quote, the terms of the Signed Quote shall govern, but only with respect to the particular Services and/or Establishment to which the Signed Quote relates. 13.5 No delay by either Party at any time, to enforce any of the provisions of the Agreement, or any right with respect thereto, shall be construed as a waiver of such provision or right, nor shall it prejudice or restrict the rights of that Party. A waiver of its rights shall not operate as a waiver of any subsequent breach. No right, power or remedy conferred upon or reserved for either Party is exclusive of any other right, power or remedy available to that Party and the rights, powers and remedies shall be cumulative. 13.6 Any provision of the Agreement which is unenforceable in any jurisdiction shall, as to such jurisdiction, be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions and any such prohibition or unenforceability in any jurisdiction shall not invalidate or render unenforceable such provision in any other jurisdiction. 13.7 Headings in the Agreement are for ease of reference only and will not affect its interpretation. 13.8 The Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes all prior or contemporaneous agreements and understandings regarding the subject matter hereof, whether written or verbal. Any amendment to the Agreement must be in writing and signed by authorised representatives of both Parties. 13.9 No term of the Agreement is enforceable under the Contracts (Right of Third Parties) Act 1999 by a person who is not a party to the Agreement ​ 13.10 Publicity. Provided that the Customer gives its prior, written consent, PsycApps may identify the Customer and use and display the Customer’s name, logo, trademarks, or service marks on PsycApps’s website and in PsycApps’s marketing materials, including without limitation press releases, announcing the Customer, why the Customer chose PsycApps, and how the Customer will use PsycApps. Customers will be given the opportunity to provide input and feedback on the press release, as well as a quote, prior to distribution. Customers will consider participating in a case study, webinar, and other joint marketing activities within 12 months of deployment.

Book a meeting with our specialists to find out how eQuoo can help your school achieve positive mental wellbeing through resilience and emotional health. Speak to our team "I have already learnt how to help control negative thoughts, and as I play through more of the game, I look forward to learning about my own mental health and how to improve my thinking." Paragon Skills

Webinars Online & On-Demand Our programme of webinars cover the big topics around psychology and mental health in education. ​ All webinars are free to join. Created by Psychologists Built for Education Bespoke Triage System Link to Internal Staff and Resources Custom signposting for internal and external support Intuitive Emotional Wellbeing Assessment for Appropriate Signposting BOOK A DEMO BOOK A DEMO Created by Psychologists Built for Education Register Now for Our Free Live & On-Demand Webinars REGISTER NOW THE POWER OF EQUOO Live Webinar 14th March, 4pm GMT. LIGHTING THE SPARK Live Webinar 27th March, 5pm GMT. REGISTER NOW REGISTER NOW DISTORTED SELF-IMAGE Live Webinar 22nd April 2024, 4pm GMT. UNLEASHING POTENTIAL Live Webinar 23rd May 2024, 4.30pm GMT. REGISTER NOW TACKLING STUDENT ABSENTEEISM On-Demand Webinar WATCH NOW WATCH NOW MASTERING MOCK EXAMS On-Demand Webinar Join 500,000+ teachers, students, and professionals who have already discovered eQuoo BOOK A DEMO 65 retained users stay for over 30 days % 5 longer sessions than other wellbeing apps x 3 higher retention rate than other mental help apps x Who we are working with Paragon Skills is an award-winning, Ofsted-rated ‘Good’, national apprenticeship provider inspiring over 7,000 learners annually and working with over 2000 businesses to deliver apprenticeships in a high-quality, consistent way. Paragon Skills partners with eQuoo as they recognise the emotional and mental health of their employees, and apprentices is of great importance to their personal growth and well-being.

Our Mission Our mission is to promote the wellbeing of people of all ages through our innovative and empowering digital solutions. ​ By teaming up with schools, colleges, and workplaces, we strive to cultivate positive mindsets and create thriving communities. Our vision is a future where everyone has the psychological tools to bounce back from adversity, connect meaningfully to others, and pursue their passions—a world where all individuals and organisations can flourish with purpose. TALK TO US ABOUT HOW WE CAN HELP YOU Our Story As a Clinical Psychologist who spent years providing counselling and therapy, co-founder (Dr.?) Silja Litvin found herself wishing that there were more effective mental health solutions for young people. One that could provide effective prevention, rather than waiting until there was a need for professional support. With that in mind, she founded PsycApps with Vanessa Hirsch-Angus and started to develop our flagship teen mental health app, eQuoo . Since then, we've grown to incorporate a wealth of passionate and creative minds, from developers and story-writers, to psychologists, customer support experts and a dedicated sales team. Together we work together towards our joint goal of making clinically-proven, effective mental health solutions accessible to all and we are here to support schools, colleges and workplaces to create a resilient and thriving mindset. Created by Psychologists Built for Education Bespoke Triage System Link to Internal Staff and Resources Custom signposting for internal and external support Intuitive Emotional Wellbeing Assessment for Appropriate Signposting BOOK A DEMO BOOK A DEMO Created by Psychologists Built for Education Our Team SILJA LITVIN VANESSA HIRSCH-ANGUS Cofounder, CEO & Psychologist ​ A clinical psychologist with years of experience providing counselling and therapy, including in the NHS NELFT mood and eating disorder division. Silja’s speciality is clinical psychology (depression and anxiety) and systemic psychology, the science of relationships. Cofounder & COO ​ On the back of 17 years at AXA in global senior Leadership roles, Vanessa has significant health and wellbeing knowledge and wide-ranging, international business experience across multiple sectors, including Private Equity. ANTHONY LILLYMAN CFO Dr. PHILIP JEFFERIES Lead Researcher Business Development Manager HELEN BAKER ADELINE TUSHABE Lead Unity Developer Join 500,000+ teachers, students, and professionals who have already discovered eQuoo BOOK A DEMO 65 retained users stay for over 30 days % 5 longer sessions than other wellbeing apps x 3 higher retention rate than other mental help apps x Who we are working with Paragon Skills is an award-winning, Ofsted-rated ‘Good’, national apprenticeship provider inspiring over 7,000 learners annually and working with over 2000 businesses to deliver apprenticeships in a high-quality, consistent way. Paragon Skills partners with eQuoo as they recognise the emotional and mental health of their employees, and apprentices is of great importance to their personal growth and well-being.

Privacy Policy Privacy Policy, 16 October, 2023 The Privacy Policy below applies to the UK only. To read our full Privacy Policy for your country, including French, German, Italian, Hungarian, Greek, Romanian, Dutch, Croatian, Serbian, Russian, Indonesian, Japanese, Turkish, Czech, Bulgarian, Swedish, Slovenian, Portuguese, Maltese, Latvian, Lithuanian, Irish, Finnish, Danish, Arabic, English (Californian-specific), UAE, Chinese and India-specific, click here . ​ In the following, “GDPR” shall automatically include the “UK-GDPR” and corresponding legal provisions of the Swiss Federal Data Protection Act (FDPA) and any laws and regulations enacted by Member States and/or other jurisdictions, if required or necessary to comply with these laws. ​ This document also includes the California-Specific Description of Consumers’ Privacy Rights of the Business (CCPA/CPRA), and transparency information regarding PDPL (United Arab Emirates), PIPL (People’s Republic of China), DPDPA (India) and other laws identified below. ​ The information contained in this Transparency Document shall also inform all data subjects, including business partners, suppliers and customers and their employees, our employees and job applicants, from all other jurisdictions that are not named or mentioned specifically. If you miss information regarding your jurisdiction, please contact Heiko Jonny Maniero (info@dg- datenschutz.de). He will provide you with additional country or state specific information regarding your specific jurisdiction. ​ A. Identity and the contact details of the Controller (Art. 13 I lit. a, 14 I lit. a GDPR/UK-GDPR, FDPA) and the Business under CCPA/CPRA, PDPL, PIPL, DPDPA and under other laws identified below or applicable to the data subject. For all customer1, supplier, employee and applicants’ data in possession of the following company and related processing activities the Controller/Business is: Psycapps Ltd Royal Street 1 SE1 7LL London or the company or business you received an email or other communication from, identified with is details in such email or other communication. ​ B. Contact details of the Data Protection Officer (Art. 13 I lit. b, 14 I lit. b GDPR/UK-GDPR) and the Business under CCPA/CPRA, PDPL, PIPL, DPDPA and under other laws identified below or applicable to the data subject. Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M. mult., M.L.E.* Franz-Joseph-Str. 11 80801 München (Germany) Phone: +49 (0) 8131-77987-0 Email: info@dg-datenschutz.de Website: https://dg-datenschutz.de/ *Obligatory information, please see our website. ​ C. Identity and contact details of all non-EU controller’s EU representative (Article 27 GDPR) Heiko Maniero E-Mail: info@dg-datenschutz.de Franz-Joseph-Str. 11, 80801 München, Bayern, Germany. ​ D. Identity and contact details of controller’s UK representative (Article 27 UK-GDPR) Heiko Maniero E-Mail: info@dg-datenschutz.de 120 High Road, East Finchley, N2 9ED, London, England, United Kingdom. ​ E. Identity and contact details of controller’s representative in Switzerland (Art. 14 FDPA) Heiko Maniero E-Mail: info@dg-datenschutz.de c/o Cancellarius AG, Attn. Heiko Maniero, Pflanzschulstrasse 3, 8400 Winterthur, Switzerland. ​ F. Identity and contact details of the data protection advisor Switzerland (Art. 10 FDPA) Antoine Parella E-Mail: office@cancellarius.ch c/o Cancellarius AG, Attn. Antoine Parella, Pflanzschulstrasse 3, 8400 Winterthur, Switzerland. ​ G. Contact person, who is authorized to respond to inquiries or complaints regarding the personal information processing (Art. 6 (1) of the Standard Contract for Outbound Cross-border Transfer of Personal Information for China) Heiko Maniero E-Mail: info@dg-datenschutz.de Franz-Joseph-Str. 11, 80801 München, Bayern, Germany. ​ H. Identity and contact details of the controller’s contact person for CCPA/CPRA inquiries. Heiko Maniero E-Mail: info@dg-datenschutz.de Franz-Joseph-Str. 11, 80801 München, Bayern, Germany. ​ USA & Canada Toll Free +1 (800) 2958960 (Direct Line to the Privacy Officer - For CCPA/CPRA enquiries only) ​ I. Data Protection Supervisory Authorities The following data protection supervisory authorities are responsible for the Controller/Business. ​ EU Lead Data Protection Supervisory Authority (Responsible for EU Data Subjects) Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach ​ Data Protection Authority of Switzerland (Responsible for Data Subjects from Switzerland) Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, 3003 Bern, Switzerland. ​ UK Data Protection Supervisory Authority (Responsible for Data Subjects from the UK) Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom. ​ California Privacy Protection Agency (CPPA) (Responsible for Data Subjects from California) California Privacy Protection Agency (CPPA), 2101 Arena Blvd, Sacramento, CA 95834, USA. ​ Data Protection Authority of the United Arab Emirates (Responsible for Data Subjects from UAE) UAE Data Office at (https://tdra.gov.ae/en/) at Data Telecommunications and Digital Government Regulatory Authority (https://tdra.gov.ae/en/). ​ Data Protection Authority of China (Responsible for Data Subjects from China) Cyberspace Administration of China (CAC) (http://www.cac.gov.cn/) with its local branches. ​ Information about the Processing of Personal Data (Article 13, 14 GDPR) ​ The personal data of every individual who is in a contractual, pre-contractual or other relationship with our company deserve special protection. Our goal is to keep our data protection level to a high standard. Therefore, we are constantly developing our data protection and data security concepts. ​ Of course, we comply with the statutory provisions on data protection. According to Article 13, 14 GDPR, controllers meet specific information requirements when collecting personal data. This document fulfills these obligations. ​ The terminology of legal regulations is complicated. Unfortunately, the use of legal terms could not be dispensed with in the preparation of this document. Therefore, we would like to point out that you are always welcome to contact us for all questions concerning this document, the used terms or formulations. ​ 1. Compliance with the information requirements when personal data is collected from the data subject (Article 13 GDPR) ​ A. Identity and the contact details of the controller (Article 13(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 13(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 13(1) lit. c GDPR) The purpose of the processing of personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller. Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre- contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. ​ In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. ​ Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). ​ D. Where the processing is based on Article 6(1) lit. f GDPR the legitimate interests pursued by the controller or by a third party (Article 13(1) lit. d GDPR) Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders. ​ E. Categories of recipients of the personal data (Article 13(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ F. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 13(1) lit. f, 46(1), 46 (2) lit. c GDPR) ​ All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies or recipients can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard contractual clauses, Article 46(2) lit. c GDPR. ​ The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. ​ G. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 13(2) lit. a GDPR) The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. ​ H. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability (Article 13(2) lit. b GDPR) All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. ​ Right to restriction of processing According to Article 18 GDPR any data subject is entitled to a restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. Under this provision, the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ I. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a GDPR or Article 9(2) lit. a GDPR (Article 13(2) lit. c GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. ​ Withdraw of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In todays information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ J. Right to lodge a complaint with a supervisory authority (Article 13(2) lit. d, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 13(2) lit. d GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. ​ K. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data (Art. 13(2) lit. e GDPR) We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). ​ Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact us. We clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data. ​ L. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 13 (2) lit. f GDPR) As a responsible company, we do not use automatic decision-making or profiling. ​ V. Compliance with the information requirements when personal data is not collected from the data subject (Article 14 GDPR) ​ A. Identity and the contact details of the controller (Article 14(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 14(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 14(1) lit. c GDPR) The purpose of the processing of personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. ​ Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). ​ D. Categories of personal data concerned (Article 14(1) lit. d GDPR) Customer data Data of potential customers Data of employees Data of suppliers E. Categories of recipients of the personal data (Article 14(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ F. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 14(1) lit. f, 46(1), 46(2) lit. c GDPR) All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard data protection clauses, Article 46(2) lit. c GDPR. ​ The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. ​ G. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 14(2) lit. a GDPR) The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. ​ H. Notification of the legitimate interests pursued by the controller or by a third party if the processing is based on Article 6(1) lit. f GDPR (Art. 14(2) lit. b GDPR) According to Article 6(1) lit. f GDPR, processing shall be lawful only if the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. According to Recital 47 Sentence 2 GDPR a legitimate interest could exist where there is a relevant and appropriate relationship between the data subject and the controller, e.g. in situations where the data subject is a client of the controller. In all cases in which our company processes personal data based on Article 6(1) lit. f GDPR, our legitimate interest is in carrying out our business in favor of the well-being of all our employees and the shareholders. ​ I. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability (Article 14(2) lit. c GDPR) All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. ​ Right to restriction of processing According to Article 18 GDPR any data subject is entitled to restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. ​ Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. According to this provision the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ J. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a or Article 9(2) lit. a GDPR (Art. 14(2) lit. d GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In todays information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ K. Right to lodge a complaint with a supervisory authority (Article 14(2) lit. e, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 14(2) lit. e GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. ​ L. Source the personal data originate, and if applicable, whether it came from publicly accessible sources (Article 14(2) lit. f GDPR) In principle, personal data is collected directly from the data subject or in cooperation with an authority (e.g. retrieval of data from an official register). Other data on data subjects are derived from transfers of group companies. In the context of this general information, the naming of the exact sources from which personal data is originated is either impossible or would involve a disproportionate effort within the meaning of Art. 14(5) lit. b GDPR. In principle, we do not collect personal data from publicly accessible sources. Any data subject can contact us at any time to obtain more detailed information about the exact sources of the personal data concerning him or her. Where the origin of the personal data cannot be provided to the data subject because various sources have been used, general information should be provided (Recital 61 Sentence 4 GDPR). ​ M. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 14(2) lit. g GDPR) As a responsible company, we do not use automatic decision-making or profiling. ​ Information about the Processing of Personal Data for Employees and Applicants (Article 13, 14 GDPR) ​ Personal data of employees and applicants deserves special protection. Our goal is to keep our data protection level to a high standard. Therefore, we are constantly developing our data protection and data security concepts. ​ Of course, we comply with the statutory provisions on data protection. According to Article 13, 14 GDPR, controllers meet specific information requirements when processing personal data. This document fulfills these obligations. ​ The terminology of legal regulation is complicated. Unfortunately, the use of legal terms could not be dispensed with in the preparation of this document. Therefore, we would like to point out that you are always welcome to contact us for all questions concerning this document, the terms used or formulations. ​ I. Compliance with the information requirements when personal data is collected from the data subject (Article 13 GDPR) ​ A. Identity and the contact details of the controller (Article 13(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 13(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 13(1) lit. c GDPR) For applicant’s data, the purpose of data processing is to conduct an examination of the application during the recruitment process. For this purpose, we process all data provided by you. Based on the data submitted during the recruitment process, we will check whether you are invited to a job interview (part of the selection process). In case of generally suitable candidates, in particular in the context of the job interview, we process certain other personal data provided by you, which is essential for our selection decision. If you are hired by us, applicant’s data will automatically change into employee data. As part of the recruitment process, we will process other personal data about you that we request from you and that is required to initiate or fulfill your contract (such as personal identification numbers or tax numbers). For employee data, the purpose of data processing is the performance of the employment contract or compliance with other legal provisions applicable to the employment relationship (e.g. tax law) as well as the use of your personal data to carry out the employment contract concluded with you (e.g. publication of your name and the contact information within the company or to customers). Employee data is stored after termination of the employment relationship to fulfill legal retention periods. The legal basis for data processing is Article 6(1) lit. b GDPR, Article 9(2) lit. b and h GDPR, Article 88 (1) GDPR and national legislation, such as for Germany Section 26 BDSG (Federal Data Protection Act). ​ D. Categories of recipients of the personal data (Article 13(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ E. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 13(1) lit. f, 46(1), 46 (2) lit. c GDPR) All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies or recipients can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard contractual clauses, Article 46(2) lit. c GDPR. The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. F. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 13(2) lit. a GDPR) The duration of storage of personal data of applicants is 6 months. For employee data the respective statutory retention period applies. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. G. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability (Article 13(2) lit. b GDPR) ​ All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. Right to restriction of processing According to Article 18 GDPR any data subject is entitled to a restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. ​ Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. Under this provision, the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ H. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a GDPR or Article 9(2) lit. a GDPR (Article 13(2) lit. c GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In today’s information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ I. Right to lodge a complaint with a supervisory authority (Article 13(2) lit. d, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 13(2) lit. d GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. ​ J. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personaldata; possible consequences of failure to provide such data (Art. 13(2) lit. e GDPR) We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact us. We clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data. ​ K. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 13 (2) lit. f GDPR) As a responsible company, we do not use automatic decision-making or profiling. VI. Compliance with the information requirements when personal data is not collected from the data subject (Article 14 GDPR) ​ A. Identity and the contact details of the controller (Article 14(1) lit. a GDPR) See above ​ B. Contact details of the Data Protection Officer (Article 14(1) lit. b GDPR) See above ​ C. Purposes of the processing for which the personal data are intended as well as the legal basis for the processing (Article 14(1) lit. c GDPR) For applicant’s data not collected from the data subject, the purpose of data processing is to conduct an examination of the application during the recruitment process. For this purpose, we may process data not collected from you. Based on the data processed during the recruitment process, we will check whether you are invited to a job interview (part of the selection process). If you are hired by us, applicant’s data will automatically convert into employee data. For employee data, the purpose of data processing is the performance of the employment contract or compliance with other legal provisions applicable to the employment relationship. Employee data is stored after termination of the employment relationship to fulfill legal retention periods. The legal basis for data processing is Article 6(1) lit. b and f GDPR, Article 9(2) lit. b and h GDPR, Article 88 (1) GDPR and national legislation, such as for Germany Section 26 BDSG (Federal Data Protection Act). ​ D. Categories of personal data concerned (Article 14(1) lit. d GDPR) Applicant’s data Employee data ​ E. Categories of recipients of the personal data (Article 14(1) lit. e GDPR) Public authorities External bodies Further external bodies Internal processing Intragroup processing Other bodies ​ F. Recipients in a third country and appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available (Article 14(1) lit. f, 46(1), 46(2) lit. c GDPR) All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. A list of all group companies or recipients can be requested from us. According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard data protection clauses, Article 46(2) lit. c GDPR. The standard contractual clauses of the European Union or other appropriate safeguards are agreed on with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from us. The standard contractual clauses are also available in the Official Journal of the European Union. ​ G. Period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period (Article 14(2) lit. a GDPR) The duration of storage of personal data of applicants is 6 months. For employee data the respective statutory retention period applies. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. H. Notification of the legitimate interests pursued by the controller or by a third party if the processing is based on Article 6(1) lit. f GDPR (Art. 14(2) lit. b GDPR) According to Article 6(1) lit. f GDPR, processing shall be lawful only if the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. According to Recital 47 Sentence 2 GDPR a legitimate interest could exist where there is a relevant and appropriate relationship between the data subject and the controller, e.g. in situations where the data subject is a client of the controller. In all cases in which our company processes applicant’s data based on Article 6(1) lit. f GDPR, our legitimate interest is the employment of suitable personnel and professionals. I. Existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability (Article 14(2) lit. c GDPR) All data subjects have the following rights: ​ Right to access Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact us to exercise the right to access. ​ Right to rectification According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact us to exercise the right of rectification. ​ Right to erasure (right to be forgotten) In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting us. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period. Right to restriction of processing According to Article 18 GDPR any data subject is entitled to restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact us to exercise the right to restriction of processing. ​ Right to object Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact us to exercise the right to object. ​ Right to data portability Art. 20 GDPR grants the data subject the right to data portability. According to this provision the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact us to exercise the right to data portability. ​ J. The existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, where the processing is based on Article 6(1) lit. a or Article 9(2) lit. a GDPR (Art. 14(2) lit. d GDPR) If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In today’s information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to us is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us. ​ K. Right to lodge a complaint with a supervisory authority (Article 14(2) lit. e, 77(1) GDPR) As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 14(2) lit. e GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority. L. Source the personal data originate, and if applicable, whether it came from publicly accessible sources (Article 14(2) lit. f GDPR) In principle, personal data is collected directly from the data subject or in cooperation with an authority (e.g. retrieval of data from an official register). Other data on data subjects are derived from transfers of group companies. In the context of this general information, the naming of the exact sources from which personal data is originated is either impossible or would involve a disproportionate effort within the meaning of Art. 14(5) lit. b GDPR. In principle, we do not collect personal data from publicly accessible sources. ​ Any data subject can contact us at any time to obtain more detailed information about the exact sources of the personal data concerning him or her. Where the origin of the personal data cannot be provided to the data subject because various sources have been used, general information should be provided (Recital 61 Sentence 4 GDPR). M. Existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 14(2) lit. g GDPR) As a responsible company, we do not use automatic decision-making or profiling. ​ ​ 1) For reasons of better readability, the simultaneous use of the language forms male, female, diverse and other gender identities (m/f/d/other) are not used on our websites, in publications and communication. All language used shall equaly apply to all genders..