1) Introduction and Contact Details of the Responsible Party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The responsible party for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is GEMCore UG (limited liability), Ruhrallee 9, 44139 Dortmund, Germany, Tel.: 0231 13099086, Email: office@gemcore.ai. The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, that is, if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data that are technically necessary for us to display the website:

Our visited website Date and time of access Amount of data sent in bytes Source/referral from which you accessed the page Used browser Used operating system Used IP address (if applicable: in anonymized form) The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. However, we reserve the right to subsequently check the server log files should specific indications suggest illegal use.

2.2 This website uses an SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or inquiries to us). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 For the hosting of our website and the presentation of the page content, we use a provider who provides its services either directly or through selected subcontractors exclusively on servers within the European Union. All data collected on our website are processed on these servers. We have entered into a data processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

3.2 We use a Content Delivery Network from the following provider: 1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. This service allows us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have entered into a data processing agreement with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

4) Cookies To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files placed on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow the storage of page settings (so-called “persistent cookies”). In the latter case, you can find out the storage duration in the overview of the cookie settings of your web browser. If individual cookies we use also process personal data, the processing takes place in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit. You can configure your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for specific cases or generally. Please note that when rejecting cookies, the functionality of our website may be limited.

5) Contacting Us

5.1 WhatsApp Business We offer you the option of contacting us via the messaging service WhatsApp provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business Version” of WhatsApp. If you contact us via WhatsApp in connection with a specific business (for example, an order you placed), we will store and use the mobile number you used with WhatsApp as well as – if provided – your first and last name according to Art. 6 para. 1 lit. b GDPR to process and respond to your request. Based on the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address, or email address) in order to assign your inquiry to a specific transaction. If you use our WhatsApp contact for general inquiries (e.g., about the range of services, availability, or our online presence), we will store and use the mobile number you used with WhatsApp as well as – if provided – your first and last name according to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the efficient and timely provision of the requested information. Your data will always be used only to respond to your inquiry via WhatsApp. There will be no disclosure to third parties. Please note that WhatsApp Business gains access to the address book of the mobile device we use for this and automatically transmits phone numbers stored in the address book to a server of its parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact details of such users are stored who have contacted us via WhatsApp. This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR when first using the app on their device by accepting the WhatsApp terms of use. The transfer of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded. You can find the purpose and scope of the data collection and the further processing and use of the data by WhatsApp as well as your rights and settings for protecting your privacy in the privacy policy of WhatsApp: https://www.whatsapp.com/legal/?eea=1#privacy-policy Within the scope of the aforementioned processing, data transfer to servers of Meta Platforms Inc. in the USA may occur. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

5.2 In the context of contacting us (e.g. via contact form or email), personal data is collected. What data is collected in the case of using a contact form is evident from the respective contact form. This data will only be stored and used for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your inquiry aims at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that no legal retention periods oppose it.

6) Data Processing When Opening a Customer Account According to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed as necessary when you provide this when opening a customer account. Which data is required for account opening you can take from the input mask of the respective form on our website. Deletion of your customer account is possible at any time and can be accomplished by sending a message to the above-mentioned address of the responsible party. After the deletion of your customer account, your data will be deleted provided that all contracts concluded about it have been fully processed, no legal retention periods oppose this and we no longer have a legitimate interest in further storage.

7) Data Processing for Order Processing

7.1 As far as necessary for the contract processing for delivery and payment purposes, the personal data we collect will be forwarded to the commissioned transport company and the commissioned financial institution in accordance with Art. 6 para. 1 lit. b GDPR. If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact details you provided at the time of ordering (name, address, email address) to inform you within our legal obligations appropriately (by mail or email) about upcoming updates within the legally prescribed period. Your contact details will be used strictly purpose-bound for communications regarding updates owed by us, and to this end, will only be processed by us to the extent necessary for the relevant information. For the processing of your order, we also work with the following service provider(s) that support us in whole or in part in fulfilling concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

7.2 Use of Payment Service Providers – Apple Pay If you choose the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the “Apple Pay” function of your device operating on iOS, watchOS, or macOS by debiting a payment card registered with “Apple Pay.” Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify using the “Face ID” or “Touch ID” feature of your device. For the purpose of payment processing, your information provided during the ordering process along with information about your order will be transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card registered with Apple Pay for processing the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. Once the payment is made, Apple sends your device account number along with a transaction-specific, dynamic security code back to the originating website to confirm payment success. If personal data is processed during these transmissions, the processing occurs solely for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and an indication of whether the transaction was successfully completed. Anonymization completely excludes personal references. Apple uses anonymized data to improve “Apple Pay” and other Apple products and services. If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on Mac, your Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to “Wallet & Apple Pay” and disable “Allow Payments on Mac.” For further information on data protection regarding Apple Pay, please visit the following internet address: https://support.apple.com/de-de/HT203027 – PayPal On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you choose a payment method from the provider that requires you to make an advance payment, the payment data you provided during the ordering process (including name, address, bank and card details, currency, and transaction number) will be forwarded to them in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data occurs solely for the purpose of payment processing with the provider and only to the extent necessary for it. If you choose a payment method where we incur costs in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data for an alternative payment method). To safeguard our legitimate interest in establishing your creditworthiness in such cases, this data will be forwarded by us to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider checks based on the personal data you provided as well as additional data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option you selected can be granted with regard to payment and/or default risks. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, address data is included in the calculation of score values, but not exclusively. You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to continue processing your personal data if this is necessary for the contractual payment processing. – Stripe On this website, one or more online payment methods from the following provider are available: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. If you choose a payment method from the provider that requires you to make an advance payment (e.g., credit card payment), the payment data you provided during the ordering process (including name, address, bank and card details, currency, and transaction number) as well as information about the content of your order will be forwarded to them in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data occurs solely for the purpose of payment processing with the provider and only to the extent necessary for it. If you choose a payment method where the provider incurs costs in advance (e.g., invoicing or installment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, possibly data for an alternative payment method). To protect our legitimate interest in determining the creditworthiness of our customers, this data will also be forwarded by us to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider checks based on the personal data you provided as well as additional data (such as shopping cart, invoice amount, order history, payment experiences) whether the selected payment option can be granted with regard to payment and/or default risks. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, address data is included in the calculation of score values, but not exclusively. You can object to the processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to continue processing your personal data if this is necessary for the contractual payment processing.

7.3 Electronic Termination Option for Ongoing Obligations with Consumers Consumers who have entered into contracts for paid ongoing obligations (such as subscription contracts) on this website have the option to terminate these electronically via a button in accordance with the applicable cancellation periods. Pressing the button leads to a confirmation page where the consumer can provide further information regarding the termination, identify themselves clearly, and subsequently declare their termination electronically. The collection of personal data and their transmission to us occurs in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for proper processing of the termination. Based also on Art. 6 para. 1 lit. b GDPR, the provided personal data are used to confirm the receipt of the termination declaration and the termination date electronically in text form. Further legal basis for processing is Art. 6 para. 1 lit. c GDPR. We are legally obliged to maintain an electronic termination option for consumer contracts concluded via electronic commerce for paid ongoing obligations.

8) Page Functionality Google Web Fonts This page uses so-called web fonts from the following provider for the uniform representation of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When a page is called up, your browser loads the required web fonts into your browser cache to correctly display texts and fonts and establishes a direct connection to the servers of the provider. Certain browser information, including your IP address, is transmitted to the provider in this process. Data may also be transmitted to: Google LLC, USA. The processing of personal data during connection establishment with the font provider takes place only if you have explicitly granted your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent granted at any time with effect for the future by deactivating this service via the “cookie consent tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

9) Tools and Others Cookie Consent Tool This website uses a so-called “cookie consent tool” to obtain valid user consents for consent-required cookies and cookie-based applications. The “cookie consent tool” is displayed to you in the form of an interactive user interface when you access the page, on which you can grant consents for certain cookies and/or cookie-based applications by checking boxes. By using the tool, all consent-required cookies/services are only loaded if you grant corresponding permissions by checking boxes. This ensures that such cookies are only set on your respective device if consent has been given. The tool technically sets necessary cookies to store your cookie preferences. Personal user data is generally not processed here. If, in individual cases, the processing of personal data (such as the IP address) does occur for the purposes of storage, assignment, or logging of cookie settings, this will take place in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our online presence. Further legal basis for processing is also Art. 6 para. 1 lit. c GDPR. As responsible parties, we are under a legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. If necessary, we have entered into a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties. For further information about the operator and the configuration options of the cookie consent tool, please refer directly to the respective user interface on our website.

10) Rights of the Affected Person

10.1 The applicable data protection law grants you as the responsible party the following rights regarding the processing of your personal data (rights of access and intervention), referring to the respective exercise requirements to the legal basis cited: Right of access according to Art. 15 GDPR; Right to rectification according to Art. 16 GDPR; Right to deletion according to Art. 17 GDPR; Right to restriction of processing according to Art. 18 GDPR; Right to information according to Art. 19 GDPR; Right to data portability according to Art. 20 GDPR; Right to withdraw granted consents according to Art. 7 para. 3 GDPR; Right to lodge a complaint according to Art. 77 GDPR.

10.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERWHELMING LEGITIMATE INTEREST IN THE CONTEXT OF AN INTEREST BALANCE, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION AGAINST THIS PROCESSING WITH EFFECT FOR THE FUTURE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING SHALL BE RESERVED IF WE CAN DEMONSTRATE COMPELLING PROTECTABLE REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

11) Duration of Storage of Personal Data The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and – if applicable – additionally based on the respective legal retention period (e.g., commercial and tax retention periods). When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the affected data will be stored until you revoke your consent. If there are legal retention periods for data processed within the framework of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the expiration of the retention periods, provided they are no longer needed for contract fulfillment or the initiation of a contract, and/or we no longer have a legitimate interest in further storage. When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights, and freedoms, or the processing serves the establishment, exercise or defense of legal claims. When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object according to Art. 21 para. 2 GDPR. Unless stated otherwise in other information in this statement about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.