PRIVACY STATEMENT

1. Information on the collection of personal data

(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) The responsible party pursuant to Art. 4 (7) of the General Data Protection Regulation (DS-GVO) is:

ELAC Electroacustic GmbH Fraunhoferstrasse 16 24118 Kiel Germany

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below.

2. Your rights

(1) You have the following rights in relation to personal data relating to you:

- Right to information, - Right to rectification or erasure, - Right to restriction of processing, - Right to object to processing, - Right to withdraw from processing where consent has been given - Right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. You can view the addresses of the data protection authorities here:

For Germany: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

For Europe: https://www.bfdi.bund.de/DE/Service/Anschriften/Europa/Europa-node.html

3. Storage of access data

(1) Each time our website is accessed, access data is stored in a log file on our provider's server.

(2) This data record consists of, for example, your IP address, the date and time of the request, the name of the requested file, the amount of file transferred and the access status, a description of the web browser and operating system used and the name of your internet service provider.

(3) This data is collected for technical reasons. Deletion takes place automatically after 14 days at the latest. The legal basis for the collection of this data is Art. 6 para. 1 f) DSGVO. Our legitimate interest is the technically error-free presentation and optimization of the website.

(4) In the case of merely informational use of the website, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data mentioned under 3.2, which your browser transmits in order to technically enable you to visit the website.

4. Processing of data from your end devices

(1) In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether to generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view before going into more detail about your individual choices by describing technically necessary cookies and cookies that you can voluntarily select or deselect.

(2) Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the body that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis we will explain below:

-Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. In this way, various requests from your browser can be assigned to the joint session and your computer can be recognized when you return to our website.

-Persistent cookies: These are automatically deleted after a predefined duration, which is set differently depending on the cookie. You can view the cookies set and the duration at any time in the settings of your browser and delete the cookies manually.

-Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. The result is likewise that we can use the techniques described below. Here, too, you can of course consent or object.

(3) Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use techniques, in particular cookies. Without these techniques, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website.

If cookies are used, data processing is regularly based on your consent pursuant to Section 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a DSGVO. If we consider the use of cookies to be absolutely necessary, the data processing is based on Section 25 (2) no. 2 TTDSG. Further processing is based on Art. 6 para. 1 lit. f DSGVO.

(4) Optional cookies when you give your consent: We only set various cookies after you have given your consent, which you can select via the Consent Manager when you visit our website for the first time. The functions are only activated in the event of your consent and may serve in particular to enable us to analyze and improve visits to our website, to make it easier for you to use it via different browsers or terminal devices, to recognize you when you visit or to serve advertising (possibly also to orient advertising to interests, to measure the effectiveness of advertisements or to show interest- oriented advertising).

The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation.

Our consent manager is CookiePro.

The legal basis for the use of the Consent Manager is Art. 6 (1) f) DSGVO (balancing of interests) in conjunction with Art. 6 (1) c) DSGVO (obligation to provide evidence).

5. Links to external services

We use direct links to social media providers. If you do not want these providers to associate access data with your user account there, please log out before clicking on one of the links to these services. The data collected there may be transferred by the aforementioned companies to countries outside the European Union and may also be merged with other data there. A level of data protection appropriate to the legal framework of the European Union cannot always be guaranteed.

Facebook Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Meta Platforms Inc, Menlo Park, California, USA. Facebook Data Policy: https://www.facebook.com/policy Information on Page Insights https://www.facebook.com/legal/terms/information_about_page_insights_data Privacy policy: https://www.facebook.com/about/privacy Standard contractual clauses: https://www.facebook.com/legal/EU_data_transfer_addendum

YouTube Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy policy: https://policies.google.com/privacy Opt-Out: https://adssettings.google.com/authenticated For more information on terms of use and privacy, see privacy policy: policies.google.com/privacy Opt-Out: adssettings.google.com/authenticated

Instagram Provider: Meta Platforms Ireland Limited , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Meta Platforms Inc, Menlo Park, California, USA. Cookie Policy: https://help.instagram.com/1896641480634370?ref=ig Instagram privacy policy: https://instagram.com/about/legal/privacy.

Twitter Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/privacy, Settings: https://twitter.com/personalization

Xing Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Privacy policy: https://www.linkedin.com/legal/privacy-policy Standard contractual clauses: https://legal.linkedin.com/dpa

Possibility of objection (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting- opt-out For information on the internal processing of Page Insights at LinkedIn, please refer to the regulations at https://legal.linkedin.com/pages-joint-controller-addendum.

6. Liability for contents

The contents of our pages were created with the greatest care. However, we cannot assume any liability for the correctness, completeness and topicality of the contents.

7. Liability for links

Our pages may contain links to external websites of third parties over whose content we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages.

8. Automated decision making

Automated decision making is not used here.

9. Data security

We secure our website and other systems through appropriate technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. However, despite regular checks, complete protection against all risks is not possible. Our website uses the industry standard SSL/TLS (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal information over the Internet. You can tell whether encrypted transmission is taking place by the closed key/lock symbol in your browser display. We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is technically not possible.

10. Passing on of data

Your personal data will only be passed on to third parties - if you have given your express consent to this in accordance with Art. 6 para. 1 a DS-GVO; - if the passing on of the data is necessary for the fulfilment of contractual obligations in accordance with Art. 6 para. 1 b DS-GVO; - if we are legally obliged to pass on the data in accordance with Art. 6 para. 1 c DS-GVO; - if the disclosure of the data is in the public interest as defined in Art. 6 para. 1 e DS-GVO or; - if the disclosure of the data is necessary to protect our legitimate interests or the legitimate interests of a third party in accordance with Art. 6 para. 1 f DS-GVO, provided that your interests in the protection of your data do not prevail.

11. Categories of recipients

We use various external service providers who work exclusively on our behalf and are bound by instructions (order processing) to provide the services offered, e.g. hosting this website or operating our IT. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

Third party receiver In order to process your requests satisfactorily, we may need to share your personal data with third party recipients. Third party recipients may include our suppliers, transport and logistics partners and our trading partners.

12. Duration of the storage of personal data

We store your data for as long as they are needed for the respective purposes on which the processing is based. Beyond that, we only store data insofar as we are legally obliged to do so, e.g. due to statutory retention obligations.

13. Detailed information on the right to object

An objection to the processing of personal data concerning you on the basis of Article 6 (1) (e) (data processing in the public interest) or (f) (data processing for the protection of legitimate interests based on a balance of interests) is possible at any time in accordance with Article 21 of the GDPR. In the event of an objection, the personal data will no longer be processed unless compelling legitimate grounds for the processing are demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. Please address your objection to the responsible body mentioned under point 1.

14. Detailed information on the right of withdrawal

If you have given us your consent to the processing of personal data, you can revoke this consent at any time. Of course, this also applies to declarations of consent given to us before 25 May 2018 (before the application of the GDPR). The revocation of consent can only be valid for the future. The lawfulness of the processing is not retroactively eliminated by a revocation. Please address your revocation to the responsible body mentioned under point 1.

15. Changes to this privacy notice

This privacy policy was last updated in August 2022. It is the current and valid version of our privacy policy. However, we would like to point out that a revision of this data protection declaration may become necessary from time to time due to actual or legal changes.

16. Data protection officer

If you have any data protection questions, please feel free to contact our data protection officer:

Cord Lange c/o Vater Solution GmbH Boschstr. 5 24118 Kiel e-mail: colange@vater-gruppe.de