1. Responsible body and Data Protection Officer

This privacy policy informs the users of this website about the type, scope and purpose of the collection and use of personal data by the operator of the website https://ringradar.com (hereinafter “Website”) and the RingRadar mobile app. We take your data protection very seriously and always treat your personal data confidentially and in accordance with the statutory provisions. This policy makes frequent reference to our Terms of Service, and relevant laws such as CCPA and GDPR (a European standard which is typically stricter than US standards and laws).

Due to new technologies and the constant development of this Website, changes may be made to this privacy policy. We therefore recommend that you visit our privacy policy at regular intervals.

1.1. The responsible body within the meaning of Art. 4 No. 7 GDPR is:

RingRadar Inc.

35655 Palomares Rd

Castro Valley, CA 94552

The person authorized to represent the company is Eddie Lu, Chief Technical Officer.

1.2. Data protection officer

For all questions relating to data protection concerning our Website and our range of services or to exercise your personal rights, please contact our data protection officer:

Eddie Lu, Chief Technical Officer

eddie@ringradar.com

2. Rights of the data subject

You can exercise your data protection rights at any time and free of charge. Our data protection officer reviews and responds to each request individually. You can find his contact details under point 1.2.

2.1. Right to information pursuant to Art. 15 GDPR

You have the right to receive information free of charge at any time as to whether we are processing your personal data.

2.2. Right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 18 GDPR, right to data portability pursuant to Art. 20 GDPR and right to object pursuant to Art. 21 GDPR

You also have the option of exercising your rights to rectification, erasure, or restriction of processing. You can also object to the processing of your data by us at any time.

2.3. Revocation in the event of consent pursuant to Art. 7 para. 3 GDPR

If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time for the future. However, your withdrawal is only valid from the time you give it and has no retroactive effect. The use of your data up to this point remains lawful.

2.4. Your right to lodge a complaint with the supervisory authority

If you have a complaint about how we handle your data, we would like to hear from you at info@ringradar.com. If you believe that the processing of personal data concerning you is contrary to the GDPR or other applicable laws and statues, you have the right to appeal to a supervisory authority in accordance with Art. 77 and 78 GDPR. You can assert this right with a supervisory authority in the location of your residence, place of work or place of alleged infringement.

3. Data processing when accessing the page

When you use the Website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we may collect and process certain data automatically transmitted by your browser or device. This may include:

− the IP address

− the date and time of the request

− the time zone difference to Greenwich Mean Time (GMT)

− referrer URL (the previously visited page)

− the access status / HTTP status code

− the amount of data transferred in each case

− the Website from which the request comes

− the browser, its interface, the language and the version of the browser software

− the operating system and internet service provider of the user.

This data is stored in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with. 25 para. 2 no. 2 TDDDG, in order to carry out error analysis and to ensure the stability and security of the Website. The data is stored in log files. A storage of this data together with other personal data of the user does not take place. However, in the case of an error in an interface query, we additionally log the ID (pseudonymous identification), the IP address and the HTTP request in question to allow for later error analysis and correction.

For the operation of this Website, we use the services of a service provider specializing in web hosting. Upon request, we will provide you with information about the service providers we use. Furthermore, this privacy policy informs you about other integrated service providers and third-party providers.

4. Processing of your data when registering to use RingRadar

4.1. Registration on Our Platform

When you register on our platform in any role type, we may collect and process the following categories of personal data:

− Identity Information: Such as your name, gender, nationality, and date of birth.

− Contact Information: Including your address, email address, and phone number.

− Payment Information: Such as bank account details, PayPal or Payoneer addresses, and credit card information.

− Equine Information: Including details about horses you own or manage, such as names, owner information, membership IDs, breed, height, and birth dates.

− Technical and Log Information: Such as IP addresses, device information, and date/time of registrations or logins.

We process this data to:

− Create and manage your account and provide you with access to our platform in accordance with our contractual obligations (Art. 6(1)(b) GDPR).

− Ensure platform security, quality, and the prevention of fraud or duplicate registrations, based on our legitimate interests (Art. 6(1)(f) GDPR).

− Communicate summary information, which is anonymized and aggregated, to Event Managers and our partners.

This list is not exhaustive, and additional data may be processed, as necessary, to fulfill our legal obligations or other legitimate business purposes. For more details about how and why we process your personal data, please refer to the relevant sections of this policy.

4.2. How Do We Process Your Information?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

− To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

− To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.

− To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

− To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

− To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

− To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

− To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.

− To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.

− To administer prize draws and competitions. We may process your information to administer prize draws and competitions.

− To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.

− To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.

− To track and report summaries . To communicate to our partners some high level user summaries.

− To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.

4.3. Registration and Login via Social Log-In

As an alternative to registering on our platform, we may offer the option to log in via a social login. With a social login, a new login account is not created specifically for our platform. Instead, existing login credentials and information from another provider are used to log into our platform.

You can authenticate and subsequently register or log in using your existing profile with one of the following providers:

− Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

− Apple Inc., One Apple Park Way, Cupertino, California 95014, USA.

If you choose to log in via one of these providers, clicking on the respective icon will open a new window. In this window, you will enter the login credentials of the respective provider. After logging in, the provider will inform you of which data will be transmitted to us for authentication and the subsequent registration/login. Once you have given your consent for this data transfer, the fields required for registration will be populated with the transmitted data. These are in particular the following:

− Name, first name, last name, address, email address

− IP address, date/time of registration or login on our portals

Additionally, the following data will be transmitted from our servers to the provider’s servers:

− IP address, date/time of registration or login on our portals

Please note that we cannot exclude or prevent the respective provider from transmitting data to our servers that are not necessary for registration and account use or that data transmitted from our servers to the provider might be used for the provider’s purposes, e.g., to analyze user behavior, create a profile, or align their content with this profile. Furthermore, we inform you that personal data may be transmitted outside the legal jurisdiction of the USA, for example, to servers located in the European Union. The providers we use are certified under the Data Privacy Framework and guarantee an equivalent level of data protection in case of data transfer to the European Union.

We have no influence on this further processing of your data, its purpose, scope, or the location of data processing. Please refer to the respective provider’s privacy policy for information on how your data is processed.

The data transmitted to us will only be used to create and use an account on our platform. Any data not required for this purpose will be not imported or promptly deleted. The legal basis for registration and login via social login is your consent (Art. 6 (1) a GDPR), which you provide during the registration process.

Data entered by you will be retained as long as it is necessary to process your request (maximum: to fulfill the legal retention period).

4.4. Use of the Account

The data provided during registration (e.g., name, address, phone number, email address) is used by RingRadar solely to manage the contractual relationship with you as a customer (e.g., to contact you, inform you about the status of projects, for invoicing, to respond to your inquiries, etc.). The legal basis is Art. 6 (1) b GDPR, fulfillment of contractual obligations.

In addition to the data required to create your account, we also process other data that may arise during your use of the platform, including but not limited to:

− Event history, including class registrations, add/drops, checkout attempts, cancellations, refunds, payment confirmations, attendance records, and event feedback provided on the platform.

− Payment data, such as Stripe Payments, transaction history, payment methods used, invoice records, billing addresses, and payment status updates (e.g., pending, successful, or failed transactions).

− Digital signatures for contracts, waivers, and other agreements required for participation in events or use of the platform.

− Tax-related information, including tax ID numbers, VAT details, and tax-exemption documentation where applicable.

− Trainer, owner, rider, and horse relationships, including names, contact details, affiliations, and historical connections.

− Horse-related details, such as registration numbers, breed, age, height, past competition results, vaccination records, and ownership transfer history.

− Interaction logs, such as messages sent to support, feedback submissions, notifications opened, and updates to profile information.

− Platform usage history, including login timestamps, IP addresses, device types, and any customization settings applied to the user’s account.

We create profiles for individual users, which include data arising from the user's contractual relationship with RingRadar (e.g., address, tax information, etc.) as well as voluntary information provided by the user about their equestrian history. This data is used to offer users suitable services within the platform. During the course of the contractual relationship, data on event participation and results is collected.

Please note that we require your email address not only to create an account but also to inform you about suitable events, changes to our terms of use, and other information related to your contractual relationship.

Your information will be retained by us as long as your account is active or as long as retaining your information is necessary to provide you with our services, to comply with retention obligations, and if necessary, for fraud prevention, dispute resolution, and to enforce our agreements.

For our CRM, we use the cloud-based software solution provided by HubSpot Inc, 2 Canal Park Cambridge, MA 02141 United States (hereinafter HubSpot). We have contractually ensured that our CRM database is hosted by HubSpot on servers which are controlled by the company.

5. When and With Whom Do We Share Your Personal Information?

We may disclose aggregated information about our users, and information that does not identify any individual or device, without restriction. We do not sell, trade or otherwise transfer personal information to outside parties (except to the third parties with whom we have contracted to provide services to us, as detailed in the applicable section below). In addition, we may disclose personal information that we collect or you provide:

− To our affiliates, including companies within the RingRadar, Inc. group of brands and companies. We do not sell your personal data to third parties outside of our corporate group.

− To service providers we use to help deliver our products to you, such as payment service providers, warehouses and delivery companies.

− To other third parties we use to help us run our business, such as marketing agencies or Website hosts, which utilize their own terms and conditions and privacy policies:

● Microsoft

● Stripe

● Google

● HubSpot

● Amazon Web Services

● Heroku

● Twilio

− To third parties approved by you, including social media sites you choose to link your account to or third-party payment providers.

− To our insurers and brokers.

− To our banks.

− To parties in business transactions, such as a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform users is among the assets transferred. In these types of transactions, personal information may be shared, sold, or transferred, and it may be used subsequently by a third party.

− To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

− To enforce our rights arising from any contracts entered into between you and us.

− If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We may also share personal information with external auditors.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s Website.

6. How do we keep your information safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

7. What Is Our Stance on Third-Party Websites?

We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with, our Services.

The Services may link to third-party Websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other Websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party Websites, services, or applications.

The inclusion of a link towards a third-party Website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other Websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions.

8. Monitoring and Feedback

We use the "Sentry" service for error monitoring and user feedback collection as part of RingRadar. Sentry is provided by Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. If you submit feedback or encounter an error, relevant data, including application logs, browser details, and other diagnostic information, may be transmitted to Sentry servers. The server locations are usually in the USA, so a transfer of your data to the USA cannot be ruled out.

While Sentry has publicly shared its compliance efforts with GDPR and other regulations, we cannot guarantee that the processing of your data fully adheres to the provisions of the GDPR or other international data protection frameworks. Further information about Sentry's data protection practices can be found in its Privacy Policy (https://sentry.io/privacy/) and its Data Processing Addendum (https://sentry.io/legal/dpa/).

The processing of your feedback or error data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) to identify, analyze, and resolve issues with our application and improve our services. Your data will be retained only as long as necessary to fulfill these purposes unless statutory retention periods (e.g., Sections 238, 257 HGB) require longer storage.

Additionally, Sentry may collect other data, such as your browser type, hardware and software information, IP address, and session details, to ensure the proper functionality of its services. These data collection mechanisms are independent of our control and may involve the use of cookies or similar technologies.

We also use "Microsoft Clarity" to analyze user interactions on our Website. Microsoft Clarity is a tool provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Clarity collects information about how users navigate and interact with our site, including session replays, mouse movements, clicks, scroll activity, and other engagement data.

The data collected by Microsoft Clarity may be transmitted to and stored on servers in the USA, and a transfer of your data to the USA cannot be ruled out. Please note that we have not yet concluded a Data Processing Agreement (DPA) with Microsoft. While Microsoft states its compliance with GDPR and other data protection regulations, we cannot guarantee that the processing of your data adheres to these standards. For more information, please refer to the Microsoft Privacy Statement.

The processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) to understand user behavior, improve user experience, and optimize our Website. The data collected through Microsoft Clarity does not include sensitive personal information but may include technical and behavioral data.

If you wish to prevent the collection of data by Microsoft Clarity, you can adjust your browser settings or use opt-out options provided by Microsoft Clarity.

We also use "OpenReplay" to collect & analyze user interactions on our website. OpenReplay is a software company located in 33 Rue La Fayette, 75009 Paris, France.

9. Contact request / contact form

When you contact us by e-mail or via a contact form on our Website, the data you provide (your e-mail address, your name and telephone number, if applicable) will be stored by us in order to answer your questions. The provision of further data on your part always remains voluntary.

The legal basis for processing your contact request and its handling is Art. 6 para. 1 lit. b GDPR in the case of pre-contractual or already contractual relationships or, in the case of other requests, our legitimate interest in responding to you, Art. 6 para. 1 lit. f GDPR.

The storage of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you have given us by sending your contact request/clicking the send button. We delete the data collected in this context after storage is no longer required and the deletion does not conflict with any statutory retention obligations (e.g. in the event of subsequent contract processing).

10. Use of our appointment booking tool

If you as a client are interested in our Services, you have the option to book an appointment online or via email with our sales team. In this case, we process the data you enter to schedule and conduct the appointment. Certain information is required to carry out the appointment (name, company, contact information). Other information is provided voluntarily (e.g., your position in the company). The data entered are used for planning, carrying out, and possibly for the post-processing of the appointment. The legal basis for processing the data is Art. 6 Abs. 1 S. 1 lit. b GDPR (execution of pre-contractual measures). Your data will be deleted as soon as processing is no longer necessary. If further contact and/or an engagement results from the appointment, your data will continue to be stored in other systems (e.g., CRM system, correspondence, offer and contract documents) – possibly until the expiry of possible retention periods according to §§ 238, 257 HGB.

We use the services of Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA for the provision of the appointment tool and have concluded a Data Processing Addendum. When using our appointment tool, the transfer of personal data to the servers of Calendly located in the USA cannot be excluded. Calendly is certified under the Data Privacy Framework and guarantees an equivalent level of data protection in the event of a possible data transfer to the USA.

For information on data protection at Calendly, please visit: https://calendly.com/privacy and https://calendly.com/security.

11. Newsletter

You have the option to subscribe to our newsletter. To register, we require your email address, first and last name. Only this information is mandatory for sending the newsletter. The provision of additional data, such as salutation, your barn, horses, and phone number, remains voluntary. We send newsletters with promotional information, especially our current and interesting offers.

We store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data; the logging of the registration process is our legitimate interest according to Art. 6 Abs. 1 lit. GDPR.

The newsletter is sent based on your express consent according to Art. 6 Abs. 1 lit. a GDPR in conjunction with § 7 Abs. 2 No. 3 UWG.

After your confirmation, we store your data for the purpose of sending the newsletter.

You can revoke your consent to the sending of the newsletter at any time for the future and without giving reasons, thus unsubscribing from the newsletter, Art. 7 Abs. 3 GDPR. You can declare the revocation by clicking on the unsubscribe link provided in every newsletter email or by sending a message to the contact details provided in the imprint.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, our newsletters contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our Website.

For the evaluations, we link data and web beacons with your email address and an individual ID, which are included in the links in the newsletter. The following data are processed and evaluated for this purpose:

− the IP address, the date and time of the request

− the time zone difference from Greenwich Mean Time

− the content of the request (specific page)

− the access status/HTTP status code; the amount of data transferred

− the Website from which the request comes, the browser

− the operating system and its interface, the language, and the version of the browser software.

12. Cookies

12.1. Definition: Temporary and permanent cookies

Cookies are small text files that are stored on your computer by a web server. The next time you visit the Website, it can use the cookie to recognize your web browser. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Website more user-friendly and effective overall.

There are different types of cookies, the scope and function. There are so-called temporary or transient cookies, which are automatically deleted when you close the browser. These include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to a common session. This allows your computer to be recognized when you return to our Website. The session cookies are deleted when you log out or close your web browser.

Furthermore, there are permanent or persistent cookies, which initially remain stored after the browser is closed, but are automatically deleted after a specified period of time. The duration differs depending on the cookie, but we would like to point out that you can delete the cookies at any time using the security settings of your web browser.

Third-party cookies are cookies that are offered by providers other than the controller who operates the online service.

12.2. Legal basis for the use

The use of certain cookies is necessary to ensure the functionality and security of our Website (Art. 6 para. 1 lit. f GDPR, legitimate interest). When you visit our Website for the first time, you will be informed via our consent banner which technically necessary cookies are mandatory for the operation of the Website. You can also use the consent banner to select which technically “not required” cookies are used based on your visit to our site.

The implementation of this selection via the consent banner used by us requires the use of a cookie, which is stored on your end device for a period of one year, unless you delete it beforehand through your browser settings. The following data is processed through the use of a consent banner:

− Date and time of the visit

− Browser information

− Information on consents,

− Device information

− The IP address of the requesting device.

The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) to provide evidence of your cookie selection and to comply with our accountability obligation pursuant to Art. 5 para. 2 GDPR. If you agree via the consent banner that technically unnecessary cookies (usually for the implementation of tracking and remarketing tools) are set, the processing of your personal data is based on your consent (Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG).

12.3. Option to revoke cookies

You have the option of restricting or preventing the installation of cookies via your browser settings. You can also delete cookies that have already been saved at any time. The respective steps and measures for deleting cookies depend on the specific Internet browser you are using.

13. Use of Google services

13.1. 13.1 Google Analytics

We use Google Analytics on our Website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is a web-based analysis tool with which we can analyze the use of our Website and make our web presence more interest-oriented.

During your visit to our Website, Google Analytics places a cookie on your end device so your browser can be recognized and your behavior analyzed. If subpages of our Website are accessed, the following personal data is collected by Google Analytics:

− Your IP address

− the subpage accessed and time of access

− Source of origin of your visit (i.e. via which Website you came to us)

− technical information (information about browser, internet provider, end device and screen resolution)

− the achievement of "Website goals" (e.g. contact requests, newsletter registrations)

The use of Google Analytics is in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. § 25 para. 1 TDDDG only if you have given us your consent via the selection in our content banner. If you have not consented, no data processing will take place.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR and without giving reasons with effect for the future by clicking on the "Cookie settings" button integrated in the footer of our Website and thus calling up the consent banner. You can then use the banner to make a new selection. Alternatively, Google provides a deactivation add- on that can be installed on standard Internet browsers. You can find the link to the deactivation add-on at https://tools.google.com/dlpage/gaoptout. This add-on ensures that information about your visit to our Website is not transmitted to Google Analytics.

We cannot rule out the possibility that personal data may be transferred outside the legal area of the USA, e.g. to servers located in the European Union. Google is subject to the certification of the Data Privacy Framework and guarantees an equivalent level of data protection in the event of a possible data transfer to the USA. Furthermore, we have concluded agreements with Google regarding data processing. Through these agreements, Google guarantees that it will process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject ("EU Standard Contractual Clauses" (Art. 46 (2) lit. c GDPR)).

For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by Google Analytics, please refer to Google's privacy policy: https://policies .g oogle.com/technologies/partner-sites?hl=de.

13.2. Google Tag Manager

We may use Google Tag Manager on our Website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is an organizational tool with which we can manage our analysis tags via an interface. The Google Tag Manager collects data on our Website and forwards it to our connected analysis tools. The connected analysis tools store and evaluate this data. The Google Tag Manager itself does not set any cookies and does not store any personal data. The organization tool only collects data on how individual tags are used.

The Google Tag Manager is used in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. § 25 para. 1 TDDDG only if you have given us your consent via the selection in our content banner. If you have not given your consent, the Google Tag Manager will not be used.

You can revoke your consent at any time in accordance with Art. 7 para. 3 GDPR and without giving reasons with effect for the future by clicking on the link "Cookie settings" integrated in the footer of our Website and thus calling up the consent banner. You can then use the banner to make a new selection.

Google is subject to the certification of the Data Privacy Framework and guarantees an equivalent level of data protection in the event of a possible data transfer to the USA. We have also concluded agreements with Google regarding data processing. Through these agreements, Google guarantees that it will process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject ("EU Standard Contractual Clauses" (Art. 46 (2) lit. c GDPR)).

For details on the processing of your personal data by Google, please refer to Google's privacy policy: https://policies .g oogle.com/privac y.

13.3. Google reCAPTCHA, Google Fonts

We may use Google reCAPTCHA on our Website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google reCAPTCHA attempts to distinguish whether a particular action is performed by a human or a computer program or "bot".

During the verification by Google reCAPTCHA, the following personal data, among others, is transmitted to Google:

− The page that integrates Google reCAPTCHA

− Your IP address

− Your set language in the browser

− Screen and window resolution information

− The time zone

− Installation of browser plugins

In addition, Google reCAPTCHA checks whether a cookie has already been created in your browser. If this is not the case, a cookie will be set by Google reCAPTCHA.

We would also like to point out that Google Fonts is part of the Google reCAPTCHA tool and is also loaded as a necessary sub-function within this service. Google Fonts is a service that makes it possible to integrate various web fonts on Websites. When you access our Website on which reCAPTCHA is used, the required font is loaded into the browser cache by your web browser. These fonts are integrated by a server call to a Google server. Among other things, the following personal data is collected by Google Fonts:

− Your IP address

− The page you are visiting

− Your preferred language setting

− Technical information (information about browser, internet provider, end device, screen and window resolution and operating system)

The use of Google reCAPTCHA is carried out in accordance with Art. 6 para. 1 lit. f GDPR, i.e. based on our legitimate interest in recognizing spam mails and bots and also fending them off in the interest of our users. Data processing only takes place if you use certain of our services, e.g. the contact form, subscribe to the newsletter or register.

14. Processing of your data in the event of an application

In the future you may be able to apply for open positions via our Website or send us unsolicited applications. As part of the application process, we will process your application data electronically.

The processing of applicant data is only carried out to fulfill our (pre-)contractual obligations in the context of the application process in accordance with Art. 88 para. 1, Art. 6 para. 1 lit. b GDPR and in accordance with § 26 BDSG-new.

In order to guarantee that your application is processed exclusively by the authorized person of our company, we ask you to use the e-mail address provided for this purpose, which can be found on our "Careers" subpage.

In the event of an acceptance and consequently the conclusion of an employment contract, we store your data transmitted to us as part of the application for the purpose of standard administrative and organizational processes. The legal basis for this results from Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR i.V.m. § Section 26 BDSG.

15. Simplified linkage to the social media Websites

The LinkedIn, Facebook, Instagram, YouTube links integrated on our site are not integrated via a so-called social plug-in. The embedded graphic only contains an http link to our LinkedIn, Facebook, Instagram, YouTube page. This means that no direct connection to the servers of the aforementioned sites is established when our site is accessed.

16. Privacy policy for our corporate presence on social networks

As the operator of company presences on social networks, we process personal data together with the respective provider of the social network. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in presenting our company in common communication media and in offering users, interested parties and our customers a preferred form of communication with our company that is common in today's world.

Our company operates the following company presences on social networks:

− LinkedIn

− YouTube

− Facebook

We would like to point out that the use of social media by you, in particular the interaction with the networks, such as the posting and sharing of contributions, is at your own risk and that you can alternatively contact us via the contact form on our Website or by e-mail/letter/telephone.

16.1. Joint responsibility pursuant to Art. 26 GDPR

In accordance with Art. 26 GDPR, joint data processing with the respective provider of the social network requires the conclusion of an agreement in which the distribution of our obligations under the GDPR and the obligations of the respective provider of the social network are bindingly defined.

With the creation and publication of our company Websites, we have concluded such an agreement by accepting the so-called terms of use of the respective social network, which regulate the conditions for the use of the site and the resulting data processing.

The providers of the social network generally assume primary responsibility for fulfilling their data protection obligations (see ECJ judgment of 5.6.2018, case C-210/16). This includes, among other things:

− The fulfillment of information obligations (pursuant to Art. 12, 13 GDPR)

− The rights of data subjects (pursuant to Art. 15 - 22 GDPR)

− The security of the processing (pursuant to Art. 32 GDPR)

− The notification of data protection breaches (pursuant to Art. 33, 34 GDPR)

Further details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the respective provider of the social network can be found in the respective privacy policy of the platform operator.

As operators of company presences on social networks, we also assume responsibility for fulfilling our data protection obligations. This includes, among other things:

− The lawfulness of the data processing (pursuant to Art. 6 para. 1 GDPR)

− The forwarding of requests from data subjects relating to content published by us on the respective social networks to the respective platform operator

The obligation to create a privacy policy for our corporate presence on social networks.

16.2. Data processing by the social networks

We use the technical platform and services of the following companies for the information services offered:

− https://www.linkedin.com/company/ringradar, offered by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, California 94085, USA.

− https://www.youtube.com/@RingRadar_, offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

− https://www.facebook.com/ringradar1, https://www.instagram.com/ringradar_, and https://www.facebook.com/groups/863872812233100, Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

Your visit to our profile on the respective social network triggers a variety of data processing operations. Your personal data is not only collected, used and stored by us, but also by the social network. This happens even if you do not have a profile on this network yourself. We only process the personal data that you provide to us through your public account and by commenting on our posts. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our social media profile. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data.

The legal basis for the processing of your personal data is in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to communicate with users or interested parties as well as customers and to inform them about our services.

If you have a profile in the respective social network and are logged in, the social network processes, among other things, your voluntarily entered data such as first and last name, user name, email address and telephone number. In addition, the social network can analyze your usage behavior and create a usage profile corresponding to your usage behavior.

Cookies are stored on your end device for this purpose. These cookies allow the social network to create user profiles based on your preferences and interests and to display customized advertising (inside and outside the platform). We do not have access to the usage data that the social network collects to create these statistics. The individual data processing operations and their scope are not necessarily traceable for us. We are only provided with anonymous usage statistics by the social network, which we use in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to improve the user experience for specific target groups when visiting our company profile.

If you do not agree to the social network assigning the collected data directly to your profile, we recommend that you log out of this social network, delete your cookies as part of the browser settings and restart the browser. You also have the right to object to the creation of these user profiles, whereby you must contact the respective social network to exercise this right.

We cannot rule out the possibility that personal data may be transferred outside the legal area of the USA, e.g. to servers located in the European Union, when our company presence on social networks is accessed.

For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the social networks we use, please refer to the data protection declarations published there:

− LinkedIn: https://www.linkedin.com/legal/privacy-policy? and https://www.linkedin.com/he l p/linkedin/answer/a545600

− YouTube: https://policies .g oogle.com/privac y and https://myaccount .g oogle.com/intro/privacycheckup

− Facebook: https://www.facebook.com/about/privacy/update?ref=old_polic y; https://www.facebook.com/privacy/policy/?section_id=7-WhatIsOurLegal https://www.facebook.com/privacy/guide/securit y

17. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

18. Minors’ Participation and Privacy Policy

Minors (under 18) may only be registered as users of the Services and Website by a parent, legal guardian, or trainer authorized by the parent or guardian. Minors cannot independently register or provide personal information without parental consent. RingRadar does not collect parental consent directly; this is the responsibility of show managers and show management companies (collectively “Show Management Companies”), which must comply with our Terms of Service, Privacy Policy, and relevant laws such as CCPA and GDPR.

We process minors’ personal data based on the explicit consent of a parent or legal guardian, as required under applicable laws. Data processing may also be necessary for:

− Contractual Obligations: To register and facilitate a minor’s participation in competitions.

− Compliance with Legal Obligations: To meet tax reporting or other regulatory requirements related to competition participation.

Show Management Companies must follow these Data Collection and Use rules:

− Permissible Information: Only data necessary for competition participation—such as name, age, location, and tax details for prize distribution—may be collected.

− Beyond Competitions: No personal data from minors may be knowingly collected outside competition registration.

Show Management Companies must follow these Privacy Safeguards:

− Inform parents or guardians about what data is collected, how it is used, and if it is shared.

− Obtain explicit parental consent for data collection, use, and any communications.

− Limit data collection and storage to what is strictly necessary for participation.

− Provide parents or guardians with the right to access, modify, or delete their child’s data.

Participation requires parental consent. Parents or guardians can revoke consent or request deletion of data at any time, which may result in loss of access to services.

If we unknowingly collect data from a minor without proper consent, we will delete it upon notification. Report any such incidents to info@ringradar.com.

19. Specific Rights for United States Residents

19.1. What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

− Identifiers: Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name

− Personal information as defined in the California Customer Records statute: For example name, contact information, education, employment, employment history, and financial information

− Protected classification characteristics under state or federal law: Including gender and date of birth

− Geolocation data: Including device location

− Inferences drawn from collected personal information: Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

We will use and retain the collected personal information as needed to provide the Services or for long as the user has an account with us.

We may also collect commercial information including transaction information, purchase history, financial details, and payment information, and other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

− Receiving help through our customer support channels;

− Participation in customer surveys or contests; and

− Facilitation in the delivery of our Services and to respond to your inquiries.

19.2. How we use and share your personal information

Learn about how we use your personal information in the section, "How we process your Information"

19.3. Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information in the section, " When and With Whom Do We Share Your Personal Information? "

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to Website visitors, users, and other consumers.

19.4. California Residents

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

○ CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below. The California Code of Regulations defines a "residents" as:

− every individual who is in the State of California for other than a temporary or transitory purpose, and

− every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as "non-residents." If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

○ Your rights with respect to your personal data

a) Right to request deletion of the data — Request to delete: You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

b) Right to be informed — Request to know: Depending on the circumstances, you have a right to know:

− whether we collect and use your personal information;

− the categories of personal information that we collect;

− the purposes for which the collected personal information is used;

− whether we sell or share personal information to third parties;

− the categories of personal information that we sold, shared, or disclosed for a business purpose;

− the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

− the business or commercial purpose for collecting, selling, or sharing personal information; and

− the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

c) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights: We will not discriminate against you if you exercise your privacy rights.

d) Right to Limit Use and Disclosure of Sensitive Personal Information: We do not process consumer's sensitive personal information.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. , phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

− You may object to the processing of your personal information.

− You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.

− You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.

− You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by visiting https://www.ringradar.com/about-us , by email at info@ringradar.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

19.5. Colorado Residents

This section applies only to Colorado residents. Under the Colorado Privacy Act (CPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

− Right to be informed whether or not we are processing your personal data

− Right to access your personal data

− Right to correct inaccuracies in your personal data

− Right to request deletion of your personal data

− Right to obtain a copy of the personal data you previously shared with us

− Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling" )

To submit a request to exercise these rights described above, please email info@ringradar.com or visit https://www.ringradar.com/about-us. If we decline to take action regarding your request and you wish to appeal our decision, please email us at info@ringradar.com . Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

19.6. Connecticut Residents

This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

− Right to be informed whether or not we are processing your personal data

− Right to access your personal data

− Right to correct inaccuracies in your personal data

− Right to request deletion of your personal data

− Right to obtain a copy of the personal data you previously shared with us

To submit a request to exercise these rights described above, please email info@ringradar.com or visit https://www.ringradar.com/about-us .

If we decline to take action regarding your request and you wish to appeal our decision, please email us at info@ringradar.com . Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

19.7. Utah Residents

This section applies only to Utah residents. Under the Utah Consumer Privacy Act (UCPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

− Right to be informed whether or not we are processing your personal data

− Right to access your personal data

− Right to request deletion of your personal data

− Right to obtain a copy of the personal data you previously shared with us

− Right to opt out of the processing of your personal data if it is used for targeted advertising or the sale of personal data

To submit a request to exercise these rights described above, please email info@ringradar.com or visit https://www.ringradar.com/about-us .

19.8. Virginia Residents

Under the Virginia Consumer Data Protection Act (VCDPA):

− "Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

− "Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

− "Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data. Your rights with respect to your personal data

− Right to be informed whether or not we are processing your personal data

− Right to access your personal data

− Right to correct inaccuracies in your personal data

− Right to request deletion of your personal data

− Right to obtain a copy of the personal data you previously shared with us

Exercising your rights provided under the Virginia VCDPA

You may contact us by email at info@ringradar.com. If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at info@ringradar.com . Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

20. Specific Privacy Rights For Other Regions

20.1. Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act). This privacy notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information. If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:

− offer you the products or services that you want

− respond to or help with your requests

− manage your account with us

− confirm your identity and protect your account

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by sending an email to info@ringradar.com.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.