Privacy Policy

GrapheneUP SE is aware that the protection of your private information is a very important concern as you use our websites. We take the protection of your personal data very seriously. Therefore, we would like to take this opportunity to explain the basic principles we apply in handling your personal data. This information is always provided whenever such data is collected. The following document refers to the statutory regulations of the EU General Data Protection Regulation, as an example. To ensure better legibility, this global Data Privacy Declaration does not refer to national regulations, which are frequently comparable. If we obtain consent from a data subject to process personal data, Art. 6 para. 1 lit. a. of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing such personal data. When processing personal information necessary to fulfill a contract to which the data subject is a contractual party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing procedures necessary to take steps prior to entering into a contract. If personal data must be processed to fulfill a legal obligation of our company, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If data processing is required to safeguard a legitimate interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the above interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing. Our company has a legitimate interest in carrying out and improving our business activities and in ensuring and improving the proper and error-free operation of the website and further coordinating website operations to the needs of users.

Collecting and processing information

You can use GrapheneUP’s website without providing any personal data to us. Some offers and services available on our websites, however, do require personal information to access.

Recording technical access data

When you visit our website, GrapheneUP SE uses an automated system to collect data and information. However, this information is not associated with any individual for the purpose of assessing their behaviour. Technical access data saved in server log files includes, for instance, the following data:

• information on your browser type and version used
• the user’s operating system Privacy Policy
• the user’s internet service provider
• the user’s IP address
• date and time of access
• websites from which the user’s system accessed our website (referrer)
• websites accessed by the user’s system through our website.

Data is processed to deliver the content of our website, to ensure the functionality of our IT systems, and to optimize our website, as well as to protect our justifiable interests and clarify any issues in case of unauthorized access or attempts to access our website (Art. 6 (1, f GDPR).

Cookies

Our websites use cookies. These are files saved on the user’s computer system by their web browser. Cookies can be transmitted to the user’s browser when they access a page, and are used to identify the user. Cookies help simplify the use of websites for users. You can prevent cookies from being saved by changing your browser settings at any time. Saved cookies can be deleted at any time. We would like to note that, if you deactivate cookies, you may not be able to use all of the functions of our website to their fullest extent.
The following section provides further information on the cookies / pixels / tools listed above:

Google Analytics (Cookie)

Google Analytics is integrated into our website.

Google Analytics is a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (hereafter: Google), which can be used to further improve websites by analyzing users’ interaction with them. Google Analytics also uses cookies (text files saved on your computer, which enable an analysis of how websites are used). The information created by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there.

The information saved by Google Analytics cookies includes the date and time the website was visited, the frequency with which the user visited the website and the user’s approximate location. To determine the user’s approximate location, Google first records the user’s IP address. On our website, however, we have activated IP anonymization. As a result, within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area, your IP address is shortened by Google before it is transmitted to the USA; for example, by deleting the last octet of IPv4 user IP addresses or the last 80 bits of IPv6 addresses. Furthermore, it is contractually ensured that the IP address transmitted by your browser as part of Google Analytics is not used in connection with other data from Google.

On our behalf, Google will use the above-mentioned information to evaluate your use of the website, compile reports about website activities and provide the website operator with additional services connected with the use of the website and the internet.

You can prevent Google Analytics from saving cookies by selecting the appropriate settings in your browser (“Private Mode”, found under Settings on most browsers). It should be noted, however, that you may not be able to make full use of all functions of this website in this case. In addition, you can prevent Google from collecting the data, which is generated by the cookie and related to your use of the website (including your IP address), and from processing this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Additional information on data protection in relation to Google Analytics can be found directly on Google.

Marketing data and direct communication (Cookie)

GrapheneUP SE use data and communication technology to process and profile personal information (personal data). Data processing is carried out for two primary purposes, for which the communication channels listed below are used:

• Fulfillment of requested digital services: GrapheneUP SE offers a range of digital services and online services that require data processing and communication with users, based on their nature. These services include, but are not limited to: registering for webinars and digital events (such as online exhibition booth), inquiries submitted via the contact form, exclusive downloads of PDF documents, sample orders, general inquiries, newsletter registration, survey registration, meeting inquiries, e-shope, text chat. The communication channel used to fulfill these requests will depend on the specific service ad from the data provided by the user. Generally, one of the following channels will be used: e-mail, telephone, text chat or web browser notification. •
• Advertising / marketing communication: in addition to the aforementioned fulfillment of digital services, users can consent to advertising / marketing communication (opt-in). the purpose of the advertising communication is to inform the user regarding in-person and digital events, products, job functions or industry-relevant expertise and surveys, in order to improve user and customer experiences with GrapheneUP. The communication channel used depends on the type of good purchased, and the data provided by the user. Generally, one or more of the following channels will be used: e-mail, telephone, text chat or web browser notification, LinkedIn Matched Audience, Facebook Custom Audience, Google Ads Audience. Users may revoke their consent to advertising / marketing communication at any time by sending a notification to GrapheneUP SE.
• Data processing includes collecting information applicable to known and unknown users of GrapheneUP SE websites, as well as to known stakeholders and customers with and without contractually agreed business relationships. The information recorded includes demographic data (such as the user’s first name, last name and profession), company-specific data (such as the company name, headquarters, industry), behavioural data (such as registering to a certain webinar, downloading a certain product data sheet), transaction data (such as requesting an offer, signing a contract), and consent data (such as accepting the Data Privacy Declaration). Data management also includes comparing and assembling current and historical information. This type of data processing is used both for information from the same source (such as from the same web form, if it was completed twice), as well as for data that comes from different sources The goal of collecting and managing the above information is to create a contact profile. The contact profile is supplemented using analytic and statistical methods based on heuristic algorithms. This approach is also called contact scoring and segmenting. This type of data processing is only carried out if the data subject agrees to the use of cookies. The data subject can withdraw his or her consent at any time. They may do so either by using the link to revoke consent which is included in every communication, or by using the contact e-mail address provided in this Data Privacy Declaration to request revocation of their consent.

In some cases, your data may also be processed in countries outside of the European Union (“EU”) or European Economic Area (“EEA”), e.g. In areas which may have a lower level of data privacy protection than the EU. In such cases, we conclude contractual agreements or other measures with our contractual partners to ensure they provide a sufficient level of protection for your data, or we ask you for your explicit consent.

Generally, users must be registered to access content or services. Registered individuals may request that their stored data be deleted or modified at any time.You have the right to object to the processing of your personal data at any time. Data subjects can receive information regarding their saved personal data at any time.

Collection and processing of personal data

Registration is required to access the e-shop, download documents and offered content.

Your personal data is collected and saved both by GrapheneUP SE. We store your personal data for as long as necessary to provide you access to the requested or approved service/webinar, unless we are subject to other statutory obligations, such as retention periods under trade or tax law or requirements associated with ongoing court proceedings.

Facebook (Pixel)

We use the so-called “Facebook Pixel” of the Facebook social network on our website, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We use this tool also based on your approval (art. 6 para. 1, p. 1 lit. a GDPR). We use the Facebook pixel to be able to show you personalized advertising on Facebook and to analyze your user behaviour on our website. You can withdraw your consent at any time with effect for the future. To do this, simply use one of the opt-out options listed below.

If you connect to our website, then the Facebook pixel is triggered when connected to our website and one of our cookies, which collects the recorded data, is placed on your terminal (so-called first party cookie). In addition, Facebook as well as other companies directly place cookies (so-called third party cookies). Web beacons and other storage technologies may also be used. This means that a so-called cookie is placed on your terminal.

The Facebook pixel enables us to understand the effectiveness of the Facebook advertisements (so-called “Facebook ads”) and your interaction with our website for statistical and market research purposes. By using the Facebook pixel we can, for example, identify whether you were transferred to our website after the click on the Facebook ad and how you integrated with our website (so-called “conversion”). By using the Facebook pixel, we can specify you and additional visitors of our website as a target group for Facebook ads. Therefore, we are using the Facebook pixel to achieve a better customer approach on Facebook. Because the Facebook ads that are placed by us will only be transferred to those Facebook users who have shown an interest in our offerings or who show certain characteristics (e.g. interest in certain subjects or products, which are determined based on the visited websites, so-called “custom audiences through website”). We also want to ensure that our Facebook ads are in accordance with your interests and that they do not bother you.

A variety of event and conversion data are recorded for this purpose on our website, e.g. which sub- pages you are visiting or how you interact with our website. This means, that we analyze your activities on our website and we are using this analysis for a personalized advertisement.

If you log in subsequently at Facebook or if you are logged in at Facebook when visiting our website, this visit will be recorded on our website with your Facebook profile. However, the data will be converted to number chains immediately during the recording (“hashed”). These data do not permit any conclusions about you. However, we point out that these data are also stored and processed by Facebook. Facebook can use this information for their own market research and advertising purposes. We do not influence this process.

The Facebook data usage directive is applicable to the data processing by Facebook. This includes general information on the display of Facebook ads: https://www.facebook.com/policy.php.

Further information on Facebook Pixel and its function is available in the Help area of Facebook: https://www.facebook.com/business/help/651294705016616.

To set which kinds of ads are displayed to you on Facebook, you can access the page set up by Facebook and track information on the settings for usage-based advertisement there: https://www.facebook.com/settings?tab=ads. The settings are independent of the platform, i.e. they will be assumed by all devices such as desktop computers or mobile devices. General information from Facebook on how it handles cookies is available here: https://www.facebook.com/policies/cookies/.

You can prevent data from being recorded by Facebook pixel and prevent the use of your data to display Facebook ads, and revoke your consent for it to do so. To do so please click here: Deactivate Facebook Pixel.

If you deactivate the Facebook Pixel, an “opt-out” cookie is saved on your device. You must click on the link again if you delete the cookies in this browser. However, this opt-out only works within the browser currently used by you and only for our website. To reject these and other interest-based advertisements, you can also access the following websites: http://www.networkadvertising.org/choices/; http://www.youronlinechoices.com/.

LinkedIn (Cookie)

We place advertisements on the social network “LinkedIn” (LinkedIn Ireland Unlimited, Company Wilton Plaza, Wilton Place, Dublin 2 Ireland). Our advertisements are delivered by LinkedIn to the target groups. During the planning of the campaign, we determine the criteria that the target group must fulfill. We can select within the following options: Locations, companies, age or gender, education, professional experience and interests. In this connection we do not process personal data of the members and we are not receiving any access to these data.

The user will be transferred to our website if she/he clicks on one of our advertisements. If you connect to our website, then the LinkedIn pixel is triggered when connected to our website and one of our cookies will be placed on your terminal (so-called first party cookie).

As explained in our cookie guideline, we are using cookies and similar technologies (e.g. web beacons, pixels, display tags and device identifications) to identify you and/or your device(s) internal, external and across several services and devices. We also permit certain third parties to use cookies in accordance with our cookie guideline. You can control cookies through your browser settings and other tools. You can reject our usage of cookies and similar technologies, which track your behavior on other websites for advertising purposes of third parties. The rejection function for visitors is available here.

LinkedIn is responsible for the data processing in connection with the delivery of our advertisements within the social network. Further information on data processing by LinkedIn is available here: https://www.linkedin.com/legal/privacy-policya/.

Twitter Ads and conversion tracking (Pixel)

Furthermore, we place ads on the social network “Twitter” (Twitter Inc., One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland). With your consent, we use the “User interaction pixel” from Twitter Inc. on our website. Twitter conversion tracking saves and processes information regarding your user behavior on our websites, and uses cookies to do so. These are saved locally on your device.

We use Twitter conversion tracking for marketing and optimization purposes, in particular to analyze use of our website and improve individual functions and services, as well as the overall user experience. By statistically analyzing user behavior, we hope to improve our website and make it more interesting to users. We have a legitimate interest in data processing the above data in order to do so, using the services of third-party providers (legal basis Art. 6 para. 1 clause 1 lit. f GDPR).

You can prevent the installation of cookies by deleting cookies that are already present and deactivating the function to save cookies in the settings of your web browser.

Furthermore, you can prevent this information from being saved by Twitter by changing the settings accordingly on the following page linked from Twitter: https://twitter.com/personalization/

Please note that these settings will be deleted when you delete your cookies.

Further information on conversion tracking and the data protection settings for customized ads is also available at: https://support.twitter.com/articles/20171528#

Twitter is responsible for the data processing in connection with the delivery of our advertisements within the social network. Further information on data processing by the third-party provider Twitter is available on the following website: https://twitter.com/en/privacy

Social networks and other websites

Our websites can contain links to third-party websites. By following these links, you are leaving our website. This is also the case, for instance, when you click on the links to share on social networks. GrapheneUP SE selects the linked websites with care, but GrapheneUP SE cannot accept any responsibility or liability for how your personal data is used, processed, stored and transmitted by the operating companies of these websites. If you are active on social networks where GrapheneUP SEis present or if you visit other websites, you should familiarize yourself with the terms of use and data protection policies of the respective operating companies. This will give you the opportunity to understand and control whether and which personal data you provide to the respective social or websites.

Personal Information

Other personal information is only collected if you provide it to us, for instance by filling out a form, sending e-mails, while placing an order for services or products, or while making an inquiry or requesting materials.

Registration on our websites

If you take advantage of the opportunity to register on our website and provide us with personal information, data entered into the input fields will be transmitted to the entity responsible for processing it.

When a user registers on our website, their IP address and the date and time of registration are saved. The purpose of this is to prevent misuse of services.

Data must be registered to provide content or services. Registered persons may delete or amend their saved data at any time. Affected persons may obtain information on their saved personal information at any time.

We may collect and process the following information about you:

• identity Data, including username or similar identifier and an encrypted version of your login/password;
• profile Data, including your user-generated content (on your profile page or in your comments and creations), preferences, feedback and survey responses, as well as any profile data which we have added (for example, using analytics and profiling);
• technical Data, including internet protocol (IP) address, browser type and version, time zone setting and city-level location, operating system and platform and other technology on the devices you use to access our services;
• usage Data, including information about how you use our website, products and services;
• tracking Data, including information we or third party providers collect about you from cookies;
• marketing and Communications Data, including your preferences in receiving direct marketing from us, and records of your emails or calls to us;

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users visiting a specific product page. In some instances we may combine Aggregated Data with your personal data, in which case we treat the combined data as personal data in accordance with this privacy policy;

We do not collect any Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Contact options

Our website includes a contact form that can be used to contact us electronically. If you choose this option to contact us, personal information you provide will be saved automatically. Data is saved only for the purpose of processing or contacting the person in question.

Alternatively, you can also contact us at the provided telephone number or in writing via the provided address.

Newsletter

If you subscribe to our company newsletter, the data you enter in the input fields will be submitted to the entity responsible for data processing.

When a user registers for our newsletter, their IP address and the date and time of registration are saved. This is done to prevent a misuse of services or misuse of the individual’s e-mail address. Data is never transmitted to third parties, except if we are required to transmit such data by law.

This data is only used to send the newsletter. The affected person can cancel their newsletter registration at any time. They can also revoke their consent to have their personal information saved at any time. A link is provided in each newsletter for this purpose.

Transmitting data for the purpose of contract data processing

In some cases, we use specialized service providers to process your data. These providers only process personal information on our behalf, acting strictly in accordance with our instructions and based on relevant agreements for contract data processing.

Data processing outside of the EU / EEA

In some cases, your data may also be processed in countries outside of the European Union (“EU”) or European Economic Area (“EEA”), areas which may have a lower level of data privacy protections than the EU. In such cases, we establish contractual agreements or other methods with our contractual partners for ensuring they provide a sufficient level of protection for your data, or we ask you for your explicit consent.

Storing your data

We save your personal information as long as necessary to complete a service you have requested or consented to, unless we are subject to other legal obligations such as commercial or tax law retention periods or those related to ongoing court proceedings.

Data security

Data you provide to us is protected using suitable technical and organizational means, with the objective of securing it against accidental or intentional manipulation, loss, destruction, unauthorized access, or unauthorized disclosure to third parties. Our security measures are continuously reviewed and improved in accordance with technological developments and organizational possibilities.

Your personal data is only transmitted to service providers in a third country if the specific requirements of Art. 44 et seqq. GDPR are fulfilled.

Information about your rights

You have the right to:

• receive information on your personal data saved by us;
• have your personal information corrected, deleted, or to have processing restricted;
• object to processing that serves our justifiable interest, the public interest, or profiling, unless we can show that there are mandatory grounds for this processing which outweigh your interests, rights, and freedoms, or unless the processing is completed to assert, exercise, or defend legal claims;
• have your data transmitted to the extent allowed under the law, such as in Art. 20 GDPR, and

You can revoke any consent you have granted to have your personal information collected, processed, and used at any time, effective for the future. Further information is provided in the individual sections describing data processing to which you must consent.

A written letter sent to the Data Privacy Office will be sufficient (for address and contact form see below).

Protecting the privacy of children

We do not knowingly collect the personal information of children. Typically, we have no way of knowing how old visitors to our site are. Since it is highly important to us to protect children as they use the internet, we advise all parents and guardians to teach their children how to use the internet safely and responsibly. Children should not transmit personal information to GrapheneUP SE without the express consent of their parent or guardian.

If you have any questions or suggestions related to data privacy, please contact the GrapheneUP SE Data Privacy Office.

Telephone: +420 722 098 256

privacy(at)grapheneup.com

Ongoing development on the internet requires that we adjust our data privacy declaration from time to time. We reserve the right to make such changes at any time.