PRIVACY POLICY

Last modified: February 2025

Introduction

Devatis ("Company" "We" "Us") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.
This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the global website (www.devatis.com) (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

• On this Website.
• In email, text, and other electronic messages between you and this Website.
• When you interact with our advertising and applications on third-party websites and services that link to this policy.

This Privacy Policy does not apply to:

• Information collected offline or through any other means, including on other websites operated by Devatis or third parties.
• Information collected by any third party, including through applications or content (including advertising) that may link to or be accessible from the Website.

By accessing or using this Website, you agree to this Privacy Policy. If you do not agree, please do not use this Website. We may update this Privacy Policy from time to time (see "Changes to Our Privacy Policy"), and your continued use of this Website constitutes your acceptance of those changes.

1. Individuals Under the Age of 18

This Website is not intended for users under 18 years of age. No one under age 18 may provide personal information to or on the Website. If we learn that we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we may have collected information from a child under 18, please visit our Contact Page to reach the appropriate contact for your region.

2. Information We Collect and How We Collect It

You can visit our Website without providing any personal information. We only collect personally identifiable information when you voluntarily submit it to us.

We may collect several types of information, including:

• Non-personally identifiable information that does not identify you individually but may be aggregated for analytics.
• Information about your internet connection, the equipment you use to access our Website, and usage details.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the Website (via cookies, web beacons, and similar technologies).
• From third parties, such as business partners and service providers.

3. International Data Transfers

As a global company, Devatis may transfer and process your personal information outside your country of residence. Data protection laws in other jurisdictions may differ from those in your country. By using this Website, you consent to such transfers.

4. Legal Basis for Data Processing (For GDPR Compliance)

If GDPR applies, we process personal data based on:

• Your consent (where required).
• Performance of a contract with you.
• Compliance with legal obligations.
• Legitimate interests pursued by us or third parties.

Personal Data Process the countries where we operate:

1- Germany & EU (GDPR Compliance)

a. Legal Basis for Processing Personal Data (Article 6 GDPR)

• We process your personal data based on your consent when you opt-in for certain services or actions on our Website.
• We may process your personal data when it is necessary for the performance of a contract to which you are a party.
• We may process personal data based on our legitimate interests, for example, to improve our services or to ensure the security of our Website.

b. Data Subject Rights (Article 12-23 GDPR)

Users in the EU have specific rights that need to be acknowledged:

• You have the right to request access to your personal data, along with a copy of the data we hold about you.
• You have the right to request that we correct any inaccuracies in your personal data.
• You have the right to request that we delete your personal data, subject to certain conditions.
• You can request the restriction of processing of your personal data under certain circumstances.
• You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
• You may object to the processing of your personal data for direct marketing purposes, or for processing based on our legitimate interests.
• We may transfer your personal data to third-party service providers located outside of the EU. We ensure that such transfers are protected through the use of appropriate safeguards, such as Standard Contractual Clauses or an adequacy decision by the European Commission.

  1. U.S. (CCPA Compliance for California Residents)

• If you are a California resident, you have the right to request that we disclose certain information we have collected about you, including the categories of personal data, the sources of that data, and how it has been shared or sold.
• You may request that we delete any personal information we have collected from you, subject to certain exceptions.

  1. Canada (PIPEDA Compliance)

• We collect and use your personal data only with your knowledge and consent, except where otherwise permitted or required by law.
• You may request access to your personal data that we have collected. You can review and correct this data at any time by contacting us.
• You can withdraw your consent to the collection, use, and disclosure of your personal data at any time by contacting us, except where we are required to retain certain information for legal reasons.

  1. New Zealand (Privacy Act 2020)

• We collect personal information directly from you and from third-party providers with your consent or as permitted by law.
• You have the right to access your personal information held by us and request correction if it is inaccurate.

  1. Australia (Privacy Act 1988 & APPs)

• We collect personal data only for lawful purposes and in a manner that is transparent and fair.
• You have the right to request access to your personal information and correct it if necessary. Please contact us to make a request.
• We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorized access, modification, or disclosure.

  1. Serbia (Alignment with GDPR)

If you believe your rights have been infringed, you have the right to file a complaint with the Serbian data protection authority.

  1. Switzerland (FADP Compliance)

• We may transfer your personal data outside of Switzerland, but we ensure that such transfers comply with Swiss data protection laws and are protected with adequate safeguards.
• You have the right to access, rectify, delete, and restrict the processing of your personal data, in line with the Swiss Federal Act on Data Protection (FADP).

  1. Azerbaijan (Local Regulations)

We follow best practices for data protection and respect the privacy of our users in line with international standards.

5. Cookies and Tracking Technologies

We use cookies to improve user experience and Website functionality. By using this Website, you consent to the use of cookies in accordance with our Cookie Policy. You may manage or disable cookies through your browser settings.

6. Third-Party Tracking and Advertising

Some content or applications, including advertisements, on the Website are served by third-party providers. These third parties may collect information about your online activities over time and across different websites. Devatis does not control their data collection practices. For more information, please visit their respective privacy policies.

7. How We Use Your Information

We use collected information to:

• Provide and improve our Website.
• Respond to inquiries and fulfill requests.
• Enforce our Terms of Use.
• Comply with legal obligations.

8. Disclosure of Your Information

We may disclose personal information:

• To subsidiaries and affiliates.
• To service providers bound by confidentiality obligations.
• In connection with a business transaction (merger, sale, etc.).
• To comply with legal requirements.

Data Processing by Service Providers

We may share your information with third-party service providers, such as hosting providers, payment processors, or customer support platforms, who are required to handle your data according to our Privacy Policy and contractual obligations. These providers are only allowed to process your data for the specified purposes and in accordance with applicable data protection laws.

9. Anonymized and Aggregated Data

We may use anonymized and aggregated data for analytics and research. This data does not personally identify you.

10. Data Security

We implement technical and organizational measures to secure your personal information. However, no data transmission over the internet can be guaranteed as 100% secure. Users are responsible for securing their own devices.

11. Your Rights and Choices

Depending on applicable laws (such as GDPR and CCPA), you may have rights to:

• Access, correct, or delete your personal information.
• Object to or restrict data processing.
• Withdraw consent for data collection.

To exercise your rights, please visit our Contact Page for relevant contact details, including email addresses for data protection inquiries.

12. Changes to Our Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via Website notifications or email. The "Last Modified" date at the top of this page indicates the most recent update.

13. Contact Information

For any questions regarding this Privacy Policy, please visit our Contact Page for country-specific contact details, including email addresses and office locations.