Privacy Policy

Welcome to Privacy Policy of CNTR GmbH ("Privacy Policy").

We take the protection of your personal data very seriously and are committed to ensuring that it is processed responsibly in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. In this privacy policy, we describe how we implement this protection at CNTR Digital Services GmbH. We explain which data we process or pass on to other persons and for what purposes.

We refer to GDPR, when describing the processing of personal data, but because we operate globally, other relevant data protection legislation can apply. When reading the Privacy Notice, please note that the reference to the GDPR or other local laws only applies when it is applicable.

By "personal data" we mean any information relating to an identified or identifiable individual, in accordance with the GDPR. This is not only personal or private information, but also information such as your name, date of birth, and email address.

Opernturm, Bockenheimer Landstraße 2-8

In this Privacy Policy, "CNTR", "we", "us" or "our" refers to the company CNTR GmbH, which is the data controller within the meaning of the GDPR.

We look forward to your feedback. Do you have any comments, complaints or questions about this Privacy Policy or our processing of your personal data?

Or would you like to exercise your rights as a data subject? Then please contact us using the following contact details:

CNTR GmbH

60306 Frankfurt am Main, Germany

Phone: +49 69 29924 6149

Fax: +49 69 29924 6502

E-Mail: contact@cntr.com

This Privacy Policy explains how we collect, store, use, disclose and transfer (hereinafter "process") your personal data. We process your data for the reasons described below and only for the purpose for which it is intended.

Our Services are not directed to, nor intended for, children.

2.1 Server logs when visiting our website

If you only use this website to obtain information and do not provide any data, then we will only process the data that is necessary to display the website on the internet-enabled device you are using (server logs). These are in particular:

• IP address
• amount of data transferred in each case
• the website from which the request comes
• Browser type and version
• the date and time of your visit and how long you were there; and
• Other similar data and information that serves to avert the risk of an attack on our information technology systems.

This data cannot be assigned to specific persons for us.

The legal basis for the processing of this data is legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to enable the presentation of the website in principle.

2.2 Personal Data obtained from you directly

You have the possibility to contact CNTR using the contact email addresses, telephone and fax numbers provided there. When you contact us through the above channels, we will store and process the resulting personal data for the purposes of dealing with your request. The legal basis for the processing of the data is Article 6 (1) ( f) GDPR (general requests). Where the data are processed in order to take steps prior to entering into a contract at your request, the legal basis shall be Art. 6 (1) (b) GDPR. We process the personal data we collect solely for the purposes of effectively handling the requests addressed to us. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

2.3 Google Analytics

If you have given your consent, this website uses Google Analytics (GA4), a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing

Google Analytics uses JavaScript, Pixel and cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyze user behavior across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

As part of the evaluation, Google Analytics 4 also utilizes artificial intelligence such as machine learning for automated analysis and enrichment of data. For instance, Google Analytics 4 models conversions when there is not enough data available to optimize the evaluation and reports.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

• Page views
• First visit to the website
• Start of session
• Your "click path", interaction with the website
• Scrolls
• clicks on external links
• internal search queries
• interaction with videos
• file downloads
• language settings
• newsletter subscription

Also recorded:

• Your approximate location (region)
• your IP address (in shortened form)
• technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• your internet service provider
• the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Duration of storage

Google places the following cookies when you visit our website and consent to the use of Google Analytics cookies:

_ga (14 Months): This helps us count how many people visit our web presentation if you have already visited before.

_gid (24 Hours): This helps us count how many people visit our web presentation if you have already visited before.

_gat (14 Months): This helps us manage the frequency at which requests for page views are made.

Legal basis

The legal basis for this data processing is your consent pursuant to Article 6 (1) (a) GDPR.

Revocation

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a) not giving your consent to the setting of the cookie or

1. downloading and installing the browser add-on to disable Google Analytics HERE .

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

2.4 Cookie Notice

2.5 Job Applicants

We have the applicants' area of our different recruiting websites, where potential applicants can apply for jobs, internships and other positions. For this specific purpose a separate data protection notice applies (refer to the supplementary Recruitment Privacy Policy).

What path does your data take with CNTR?

As soon as you submit your data to us or it is collected on our websites, we forward it within CNTR to the recipients who need to know about it.

External service providers

Insofar as we involve service providers who support us in the processing of personal data or otherwise and who may come into contact with your personal data in the process, this will only happen after we have previously concluded a so-called contract for order processing, with which we oblige our service providers to process personal data only according to our instructions and to treat it confidentially.

Intra-group sharing, Joint Controllers

Within the CNTR Group's organization, there is a need to exchange Personal Data on an intra-group basis as Controller to Controller or Joint Controllers.

For example in the course of our business relationship with you, we may share Business Partner contact information with affiliated group companies. We and these companies (see the list here ) are jointly responsible for the proper protection of your personal data (Art. 26 GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these companies granting you the right to centrally exercise your data subject rights under section 4 of this Privacy Notice against CNTR Digital Services GmbH, Opernturm, Bockenheimer Landstraße 2-8, 60306 Frankfurt am Main, Germany.

CNTR entities might also be established outside the EU or the EEA. In such cases, we will ensure that there are adequate safeguards (i.e. EU standard contractual clauses) in place to protect your Personal Data. We at CNTR are responsible for informing you about your rights as a data subject under applicable data protection laws. You can address any requests or complaints you may have with regard to your Personal Data to CNTR. The other CNTR entities within the CNTR Group's organization that might also keep your Personal Data will give us reasonable cooperation, assistance and information in order to comply with such requests or complaints.

Transfer of data to third parties

As a general rule, we will not share, sell or otherwise market personal data to third parties, such as other companies or organisations, without your express consent, unless such disclosure is necessary for the performance of our contractual obligations between CNTR and you.

For example, the following categories of recipients may receive your personal data:

• Authorities, courts, parties to a dispute or their agents to whom we are required to provide your personal data by virtue of applicable law, regulation, legal process or enforceable governmental order, e.g. tax and customs authorities, regulatory authorities and their authorised bodies, financial market supervisory authorities, public registers;
• Auditors or external advisors such as lawyers, tax advisors, insurers or banks, and
• Another company in the event of a change of ownership, merger, acquisition, or sale of assets.

Transfer of data to countries outside the EU/EEA

When there is a sufficient legal basis, your personal data may be transferred to and processed in other countries outside the EU/EEA where the laws and regulations governing the processing of personal data are less stringent. In such cases, we will ensure that the data transfer is based on an adequacy decision or the conclusion of the EU Standard Contractual Clauses.

You have rights with respect to CNTR in relation to your personal data in accordance with Art. 15-21 GDPR. In particular, you have the right to. In particular, you have the following rights:

• You can request information at any time as to whether and which personal data about you is stored by CNTR and request a copy of it (right to information, Art. 15 GDPR);
• If your personal data that we have stored is inaccurate or incomplete, you have the right to request that CNTR correct this data at any time (right to rectification, Art. 16 GDPR);
• You have the right to request that CNTR delete your personal data or restrict data processing (right to erasure, Art. 17 GDPR, and right to restriction of processing, Art. 18 GDPR);
• You can object to the processing of your personal data at any time (right to object, Art. 21 and 22 GDPR);
• You have the right to have your personal data transferred to you or to another controller (right to data portability, Art. 20 GDPR).

If you are not satisfied with the way we have handled your personal data or with your data protection requests, you have the right to complain to the competent supervisory authority (Art. 77 GDPR). However, we would appreciate it if we could address your concerns before contacting the regulator. Therefore, please feel free to contact us first, the contact details can be found under point 1. Who is responsible and how can you contact us?

We store personal data in accordance with the statutory retention periods. We routinely delete or block this personal data once these periods have expired or the reasons for storing it in accordance with the data protection regulations have ceased to apply.

Of course, we comply with the applicable data protection laws. These state, in relation to the personal data we hold about you, that they...

• used legally, fairly and in a transparent manner;
• be collected only for valid purposes that we have explained to you and not in a way that is incompatible with those purposes;
• only for the purposes – and only for those purposes – of which we have informed you
• are accurate and, where appropriate, kept up to date;
• be kept only for as long as is necessary for the purposes we have informed you about; and
• safely.

This Privacy Policy was last modified on March 24, 2026. We may amend or amend this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will update the modification date at the top of this Privacy Policy. If they are material changes, we will take steps to notify you of those changes. The new, amended or supplemented privacy policy will be effective as of the date stated in each case. Please always check whether you have consulted the latest version of the privacy policy.