Data Protection and Legal Notice - Data Protection / Legal Notice

AVM Computersysteme Vertriebs GmbH (subsequently also referred to as "we") is responsible for the web presence at avm.de and the associated subdomains (e.g. business.avm.de, fritzfinder.avm.de, content.avm.de, download.avm.de) as well as on the AVM social media platforms.

In the following we would like to inform you about how personalized data are processed during the use of our websites and/or online services.

Personalized data are erased as soon as possible, and never used or passed on for advertising purposes without your consent.

1. Definitions

The definitions are in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation” or “GDPR”). In particular, the definitions of Article 4 and Article 9 of the GDPR apply.

2. Scope of Personal Data Processing

We collect and use the personalized data of our users in principle only insofar as this is necessary to render and provide our services and to prepare our web presence or online offers.

Further, personalized data are collected and used on a regular basis only

(i) with the user's consent,
(ii) if the processing takes place for the purpose of fulfilling the contract, or
(iii) for the protection of legitimate interests, insofar as this is not overridden by the interests or fundamental rights of the persons affected that require the protection of personalized data. This also includes the transmission of data to authorities and/or courts.

Moreover, such cases are excepted in which it was not possible to obtain prior consent for practical reasons, or in which the processing of the data is permitted by statutory regulations.

3. Legal Bases

Insofar as personalized data are processed on the basis of consent by the data subject, Article 6(1a) of the GDPR is the legal basis for such processing.

For the processing of personalized data for the performance of a contract to which the data subject is party, Article 6(1b) of the GDPR is the legal basis; this also applies for processing which is necessary for the implementation of pre-contractual measures.

If personalized data are processed in order to comply with legal obligations (such as, for example, retention periods stipulated by tax or commercial law, or information provided by authorities, etc.), Article 6(1c) of the GDPR is the legal basis.

For the case that vital interests of the data subject or another natural person necessitate the processing of personalized data, Article 6(1d) of the GDPR is the legal basis.

If processing is carried out to protect a legitimate interest of our company or of a third party, and this interest is not overridden by the interests, fundamental rights, and basic freedoms of the data subject, Article 6(1f) of the GDPR is the legal basis for processing.

4. Obtaining Consent / Right of Revocation

Consent in accordance with Article 6(1a) of the GDPR is generally obtained electronically. Consent is given, for example, by checking the checkbox in the corresponding field to document that consent was granted. When consent is granted electronically, the "opt-in" method is used in the area for registered users (e.g. for Newsflash); for the purpose of identifying the user, "double opt-in" is used (e.g. to register for the newsletter). The contents of the consent form are logged electronically.

Right of revocation: Please note that consent already granted can be revoked prospectively at any time – in full or in part; the legality of any processing that took place on the basis of consent up to the time consent was revoked remains unaffected. Please direct any revocation to the contact information for the responsible authority or the data protection officer listed under (II).

5. Possible Recipients of Personalized Data

In order to provide our web and/or online services, we also employ service providers ("processors") to act on our behalf and upon our instructions in the framework of service provision. In the framework of service provision, these service providers can receive personalized data or come into contact with personalized data, and constitute third parties or recipients in the terms of the GDPR.

In such a case we ensure that our service providers offer sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject (cf. Article 28 of the GDPR).

Insofar as a transmission of personalized data to third parties and/or recipients outside of processing a job, we ensure that this occurs only in accordance with the requirements of the GDPR (e.g., Article 6(4) of the GDPR) and only where there is a corresponding legal basis (e.g., Article 6(4) of the GDPR).

6. Processing of Data in So-called "Third Countries"

In general, the processing of your personalized data takes place within the EU, or within the European Economic Area (“EEA“).

Only in exceptional cases (e.g., in connection with the involvement of service providers to provide web analytic services) can it happen that information is transferred to so-called "third countries". "Third countries" are countries outside of the European Union and/or the Agreement on the European Economic Area, in which it cannot necessarily be assumed that the level of data protection is adequate according to the standards of the EU.

Insofar as the transmitted information also includes personalized data, we ensure before such a transfer that an adequate level of data protection is guaranteed in the given third country, or by the given recipient in the third country, or that you have provided your consent to such transfer, or there is another basis that permits such a transfer (e.g. Article 49 of the GDPR). An adequate data protection level can arise from what is called an "adequacy decision" by the European Commission or be guaranteed by application of the "EU standard contractual clauses". We are happy to provide you with further information on appropriate and suitable guarantees for adherence to an adequate level of data protection upon request; the contact information is provided under (II) of this data protection documentation.

7. Data Erasure and Storage Period

Personalized data on the data subject are erased or locked as soon as the purpose of processing has expired. Data are stored after the purpose of processing has expired only when this is provided for by the European or national legislator in EU regulations, laws or other directives to which our company is subject (e.g., to satisfy legal record-keeping requirements and/or when there are justified interests in storage, e.g., during the period of statutes of limitation for the purpose of legal defense against any claims). The data are also erased or locked when a storage period prescribed by the relevant standards expires, unless there is a necessity for the further storage of the data for the conclusion of a contract of for other purposes.

8. Rights of the Data Subjects

The GDPR grants certain rights to data subjects effected by the processing of personalized data (known as "rights of the data subject", especially Articles 12 through 22 of the GDPR). The individual rights of the data subjects are clarified in (X). If you would like to exercise one or more of these rights, you can contact us at any time. Please do so by using the contact information (responsible authority or data protection officer) listed under (II).

Registration and/or creation of a personal user account are required for certain services provided via our website and online platforms. In the framework of registration and creating a user account, we collect and store the following personal data ("mandatory information"). These data are not transmitted to third parties:

• Username
• User's business email address
• Password
• Title, first name, last name
• Company (where relevant)
• Address
• Country, state/county and city where company is located

Mandatory information required for the purpose of registration are marked in the input mask with an asterisk to designate them as required fields. Registration cannot be completed without complete and valid entries in the mandatory fields. Application for registration is not completed until after you provide entries for all of the mandatory fields AND confirm the password link we send you by email.

Also stored upon registration are (i) the user's IP address and (ii) the date and time of registration.

The user may provide voluntary details in addition to this mandatory information. Such details may include data as telephone number, fax number, mobile telephone number, or details about the company such as number of employees, sector, floor space. Voluntary information may be used for the purpose of improving our sales and marketing services.

1. Purpose and Legal Basis

Registration of the user serves to restrict and/or control access to certain contents and services that we offer only to registered users on our websites and/or online platforms. Such a registration can further serve the purpose of providing certain contents and services for registered users as part of contract performance and/or for the implementation of pre-contractual measures.

The legal basis for processing data for the purpose of registration with the user's consent is Article 6(1a) of the GDPR. If registration serves the performance of a contract to which the user is party, or the implementation of pre-contractual measures, the legal basis for processing is Article 6(1b) of the GDPR. Insofar as registration serves the purpose of access restriction and/or control, the protection of legitimate interest is the legal basis as stipulated in Article 6(1f) of the GDPR; in this case the legitimate interest is in the restriction of access to protect the contents and information we developed.

2. Data Erasure and Storage Period

Should registration take place in connection with fulfilling a contract or implementing pre-contractual measures (Article 6(1b) of the GDPR), the registration data are stored for the duration of the given working or contractual relationship, and then erased or locked after expiration of the given contract, or after the period of notice as stipulated in (III.7).

If registration does not take place in connection with performance of a contract or the implementation of pre-contractual measures, the registration data are erased as stipulated in (III.7) as soon as a registration with our websites is withdrawn, modified or deleted by the user.

3. Opt-out and Elimination Options

The data about you that are stored in registered areas can be modified at any time. Such a change to the data you provided can be made in the registered area, or after contacting us with your request. If the data are (still) required for the performance of a contract or the implementation of pre-contractual measures, they can be erased only if no contractual or legal obligations prevent their erasure.

Every time our websites are opened, our system automatically collects data and information from the requesting user's computer system. The following data are collected (hereinafter "log data"):

• information about the type and version of the browser used

• information about the user's operating system

• the user's IP address

• date and time of access

• file size of the object accessed

The log data mentioned above – with the exception of the IP address – do not make it possible to identify the person of the user; personalized identification is possible only by allocating or linking the log data to a certain IP address.

1. Purpose and Legal Basis

The collection and processing of log data, especially the IP address, takes place for the purpose of providing to the user the contents contained on our website, that is, for the purpose of communication between the user and our web or online services. Temporary storage of the IP address is necessary for the duration of the given communication process. This is required for addressing the communication traffic between the user and our web or online presence, or necessary in order to utilize our web and/on online services. The legal basis for this data processing – which applies for the duration of your visit to our websites – is Article 6 (1b) of the GDPR, or Sections 9, 25 of the TDDDG (Telecommunications Digital Services Data Protection Act).

Any processing and storage of the IP address in log files that goes above and beyond a given communication process is undertaken in order to ensure the functionality of our web and online content, for the purpose of optimizing this content, and to guarantee the security of our information technology systems. The legal basis for storage of the IP address for these purposes above and beyond a given communication process is Article 6(1f) of the GDPR (protection of legitimate interests) or Section 19(4) of the TDDDG.

2. Data Erasure and Storage Period

Data are erased as soon as they are no longer required to achieve the purpose of their collection. In the case of data collection for the preparation of the websites, this is the case whenever the given session – the visit to the website – has ended. Any storage of log data above and beyond this, including saving the IP address for the purpose of system security, will last for a period of no longer than seven days from the time the user leaves the web page. Any processing and/or storage of log data above and beyond this is possible and permissible, as long as the IP addresses of the users are erased or altered after the above mentioned storage period of seven days such that it is no longer possible to match the log data to an IP address.

3. Opt-out and Elimination Options

The collection of log data for the preparation of websites, including their storage in log files as limited in the above paragraph, is absolutely necessary for operation of the websites. There is therefore no possibility for the user to opt out. The above does not apply for the processing of log data for purposes of analytics; depending on the web analytic tool used and the kind of data analysis (personalized/anonymous/pseudonymous), this is conform to (VII).

In the following we inform you about the use of cookies and the processing of other data on our websites.

1. Purpose and Legal Basis

We use cookies that are strictly necessary and other technologies to guarantee the smooth operation of our web presence and/or online offers; therefore these cannot be disabled. Some of the functions on our websites cannot be offered without the use of cookies and other technologies. For this it is also necessary that the browser also be recognized even after switching pages. The data processed by our strictly necessary cookies / other technologies are used for the following purposes:

• language settings

• anti-spam protection

• provision of Chat Support (Zendesk – see under IX( 5.)

• remembering search terms and filter settings

• volume settings

The legal basis is Article 6 (1b) of the GDPR, Section 25(2.2) of the TDDDG, insofar as the cookies/other technologies are used to provide chat support. Further, the legal basis is Article 6(1f) of the GDPR, Section 25(2.2) of the TDDDG, since the use of cookies serves to ensure the protection of our legitimate interests and the smooth use and essential basic functions of the websites.

2. Data Erasure and Storage Period

Cookies are saved on the user's terminal device (smart device/PC) and transmitted from there to our websites. The system differentiates between permanent cookies and session cookies. Session cookies are saved for the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the browser session is closed, but saved on the user's terminal device for a longer period. Cookies for provision of chat support are deleted no more than 8 hours after the session has concluded.

In order to optimize our websites and adapt to the changing habits and technical conditions of our users, we use tools for what is known as "web analytics". Such tools measure things such as which elements are visited by users, and whether the information they seek is easy to find. Such information cannot be interpreted in any meaningful way until information on a larger group of users can be considered. The data collected for such analysis are aggregated into larger units.

This way we can adapt the design of pages or contents, for instance, if we discover that a relevant share of site visitors are using new technologies, or are having trouble finding available information.

We carry out the following analyses on our website and online platforms and/or implement the following tools for web analytics:

1. Analysis of Log Data

Log data are used exclusively for analytics purposes on an anonymous basis; in particular, there is no linkage with data that can be used to identify the user personally and/or matched with an IP address or a cookie. Such an analysis of log data thus is not subject to the data protection provisions of the GDPR.

2. Matomo

For the analysis of the use of our website (click counts, for instance), we use the Matomo web analytics service (formerly PIWIK). This service does not set cookies. No personalized data are processed.

1. Newsletter / Competitions / Surveys

1.1. Newsletter

We process the data provided during your registration for the newsletter (e.g. first name, surname, email). For newsletter dispatch we use the LianaMailer tool from Lianatech GmbH, Leopoldstraße 180, 80804 Munich, Germany.

If you decide to subscribe to our newsletter, we need you to provide a valid email address. To check whether you are the owner of the email address provided, or that the address's owner consents to receiving the newsletter, after the first registration step we will send an automated email to the email address provided (the so-called "double opt-in"). Only after confirmation of registration via a link in the confirmation email will we include the given email address in our mailing list. We do not collect any data beyond the email address and the information provided to confirm the registration.

In addition to the data supplied while registering for the newsletter, the following data are processed:

• information about the deliverability of the newsletter mailing,
• information about which editions of the newsletter the newsletter recipient opened,
• information about which links the newsletter recipient clicked on in the newsletter they opened,

Your data are processed for the purpose of mailing the newsletter you requested, including surveys included within, in order to improve our services and to organize competitions. The legal basis for this processing is Article 6 (1a) of the GDPR. You can unsubscribe from the newsletter at any time; in addition, the remarks on the right of revocation in (III.4) apply. We store the data processed in connection with the newsletter for the duration of your registration for the newsletter. Upon unsubscribing from the newsletter your personalized data are deleted.

1.2. Competitions

Unless otherwise specified for a competition, the following applies: If you win a competition, we will contact you at the email address provided to determine the mailing address for sending the prize. Your postal address is used only for the purpose of sending the prize. We store the data supplied in the context of the competition until the competition is completed (generally deletion takes place no more than eight weeks after the deadline for pariticipating in the competition), unless we have other statutory retention obligations (e.g. relating to tax law).

For competitions – unless otherwise indicated – we use software from the provider Alchemer. Alchemer is operated by Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA.

1.3. Surveys

We use the provider Alchemer to integrate surveys on our websites. Alchemer is operated by Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA.

The data recorded are processed for surveys, to improve our services, and to organize competitions. Your personalized data will be deleted from the tool no later than 8 weeks after conclusion of the given campaign. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

Data are processed exclusively within the EU. Further information on data processing and data protection by Alchemer is available at https://www.alchemer.com/privacy.

2. Advertising and Marketing Messages / Customer Satisfaction Surveys

Your personalized data are used for the purpose of advertising and/or marketing and for the purpose of performing customer satisfaction surveys only when corresponding permission has been granted, or when there is another legal basis that permits advertising or marketing messages even without express consent (e.g., in accordance with the Act Against Unfair Competition).

The legal foundation for advertising and/or marketing measures on the basis of express consent is Article 6 (1a) of the GDPR; correspondingly, the remarks on consent in (III) apply. The legal basis for the use of personal data for the purpose of direct marketing by post is Art. 6 (1f) of the GDPR (legitimate interest); the legitimate interest here consists in addressing potential customers for the purpose of direct advertising for our products and services. For advertising and/or marketing measures via email for the purpose of direct advertising for similar wares or services of our own, the legal basis is Section 7(3) of the German Fair Trade Practices Act (UWG); this is subject to the condition that (i) we received your email address in connection with the sale of a good or service, (ii) you did not refuse to allow your email address to be used for the purpose of direct advertising and (iii) upon the collection of your email address and every time we use it, we clearly point out that you may refuse at any time to have your email address used in this way (on the right to refuse, see [X.6]).

Your personal data will be stored and used for advertising purposes indefinitely, depending on the respective legal basis for the advertising measure (consent or legitimate interest), until you object to the use of your data for advertising purposes or until you revoke your corresponding consent. You can revoke consent to a processing of personal data at any time, with effect for the future. You may object to processing on the basis of legitimate interests at any time. In the event of revocation and/or objection, the personal data will no longer be processed for the purposes concerned; with the exception of processing of data which is still required for the purpose of fulfilling the contract (Art. 6 (1b) of the GDPR) including statutory storage obligations and/or if the data is still required within the framework of legitimate interests (Art. 6 (1b) GDPR) (e.g. in the event of an advertising objection, processing of data in a so-called blacklist in order to prevent future advertising approaches).

3. Google Maps

We use maps from Google Maps on our website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

On some pages (e.g., the retailer search) we use a Google Maps plug-in. When you open a page equipped with such a plug-in, a connection to Google Maps is not established automatically. A connection to Google Maps is established only when you consent to the display of contents. Further information on data processing and data protection by Google Maps (Google) is available at https://policies.google.com/privacy.

4. Social Networks

On our websites we use social network plug-ins in accordance with the information from the providers listed below, so that you can enjoy the interactive potentials of the social networks you use on our websites as well. With these plug-ins we embed video contents into the websites. This makes various functions available, the object and extent of which are determined by the operators of the social networks. Keep in mind that the IP address of your browser session may be linked to your own profile with the given social network if you are currently logged in to that network. Similarly, your visit to our websites can be linked to your profile with the social network if it recognizes you from a cookie that was set during a previous session with the social network and is still stored on your computer.

Please note that we are not the provider of the social networks and thus have no influence on data processing by the given provider. For more information on data handling, please refer to the websites of the respective social network operators.

4.1. Facebook

Our websites do not include any plug-ins from the social network Facebook belonging to Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. There is merely a passive link to our contents on Facebook.

If you contact us and interact with us on Facebook (requests, "like" button, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, as well as software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA to process the user data generated by Facebook in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.2. X (formerly Twitter)

Our websites have not embedded any functions from the social network "X" belonging to Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. There is merely a passive link to our contents on X.

If you contact us and interact with us on X (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, as well as software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA to process the user data generated by X in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.3. LinkedIn

Our websites have not embedded any functions from the social network "LinkedIn" belonging to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. There is merely a passive link to our contents on LinkedIn.

If you contact us and interact with us on LinkedIn (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by LinkedIn in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.4. XING

Our websites have not embedded any functions from the "XING" service belonging to New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

If you contact us and interact with us on XING (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by XING in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.5. YouTube

We use the provider YouTube to integrate videos ("Ask FRITZ!", etc.) YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

On some pages we also use a YouTube plug-in. When you open a page equipped with such a plug-in, no connection to YouTube servers is established automatically. A connection to YouTube is established only when you consent to the display of contents. Further information on data processing and data protection by YouTube is available at https://policies.google.com/privacy.

If you contact us and interact with us on YouTube (requests, comments, etc.), for example for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by YouTube in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4.6. Instagram

There are no plug-ins from the social network Instagram, belonging to Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, integrated on our websites. There is merely a passive link to our contents on Instagram.

If you contact us and interact with us on Instagram (requests, comments, etc.), be it for the purpose of support requests, sales queries, requests regarding the company, press queries, or in order to send us feedback, we also use the Swat.io tool from Swat.io GmbH, Schönbrunner Str. 213-215, Floor 3, 1120 Vienna, Austria, to process the user data generated by Instagram in order to process these requests. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

5. Messaging apps

If you follow our channels on the messaging apps WhatsApp and Telegram, the public username and ID you use therer are displayed to us. Your data (username) is processed exclusively for the purpose of providing with information about the latest news from AVM, as requested by you. The legal basis for this processing is Article 6 (1b) of the GDPR. You can unsubscribe from the news service at any time. More information is provided in the data protection statement of the respective service provider (WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea and Telegram: https://telegram.org/privacy/de).

6. Zack Speed Test

At zack.avm.de you can determine the upload and download speeds and the ping time of your broadband connection. This test uses a PHP script via the provider GeoIPLookup.io to retrieve the IP address of your connection along with the approximate geo-data as well as your internet provider and type of browser. If you use a FRITZ!Box, depending on the browser, the FRITZ!Box model and FRITZ!OS version will also be displayed. No data processing takes place on our servers. No IP address is saved.

1. Contact Forms

On our websites there are various contact forms (web forms) or contact options for different topics, which the user can use to establish contact with us electronically (for instance, for product and sales consultation, product suggestions, support requests, chat support). If the user uses these forms, the data entered in the input mask by the user or data on the telephone contact are transmitted to us and stored. Depending on the form used or the type of contact, these data can include:

• Company*
• First name*
• Last name*
• Telephone number*
• Email*
• Type of query* (private or business customer / vendor)
• Postal code*
• Country
• When you can be reached
• Any relevant documents/materials/support information/logs
• Internet provider*

* Mandatory information (depending on the web form or type of contact used), which are required for the purpose of registration/contact are marked with an asterisk (in the input mask as well) to designate them as required fields.

2. Feedback

On our websites users are able to send us feedback e.g. in the FRITZ! Lab.

If the user makes use of this, the data entered in the input mask are transmitted to us and stored. These statistical data cover:

• First name
• Last name
• Email address

When the message is sent, the following data are also processed:

• the user's IP address
• date and time when message was dispatched

To process your feedback we use software from Alchemer LLC, 168 Centennial Pkwy, Louisville, CO 80027, USA. Data are processed exclusively within the EU. Further information on data processing and data protection by Alchemer is available at https://www.alchemer.com/privacy.

3. Email contact

Alternatively, you can contact us using the email addresses listed on the websites. In this case the personalized data of the user transmitted with the email will be stored. We process email queries using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA - see also at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis.

4. Chat Support

On our websites you also have the opportunity to enter into a chat with our support staff, for instance, in order to receive information on our products ("chat function").

When the chat is used, the following (personalized) data are processed:

• Name
• Title
• Language settings
• Date and time
• IP address
• Email address
• Contents of your communication
• Information on the web browser used (language settings, software version, etc.)
• Country, city / approximate location

AVM processes personalized data provided by a user through a chat only insofar as they are necessary to respond to your personal query in the chat. You decide whether the data listed above are stored for the purposes listed under 6.

If the query cannot be answered conclusively in the chat, your query may be transferred by our staff to our AVM Support desk. The text you entered within the chat (including any personalized data you provided in this context) will be forwarded there.

5. Support Requests

We process support requests (by email or telephone) as well as queries via chat support using software from Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA - see also at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/ - as well as software telegra GmbH, Oskar-Jäger-Straße 125, 50825 Cologne, Germany - see also at https://www.telegra.com/datenschutzerklaerung/. We also use SugarCRM software from Insignio CRM GmbH, Ludwig-Erhard-Str. 14, 34131 Kassel, Germany, to organize and store the data. In the case of telephone contact, we reserve the right - also in the interest of further inquiries - to process your telephone number in addition to your name and the associated support query. Insofar as this involves the processing of personalized data, Article 6(1b) of the GDPR is the legal basis..

In addition to the chat function, users can receive information from AVM by telephone or via the contact form on the company's Product and Sales consulation pages. For more information on these options, go to en.avm.de/products/sales-consultation.

6. Purpose and Legal Basis

These data are processed exclusively for the purpose of responding to the given request or suggestion. The other data collected during transmission of the message serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Insofar as data are processed for the purpose of fulfilling a customer order or responding to a customer request, the legal basis for data processing is Article 6 (1b) of the GDPR, regardless of whether contact was made via a contact form, by email, or by telephone. The legal basis for processing the user's feedback is Article 6 (1f) of the GDPR. We are interested in improving our products and services for our users. The legal basis for processing the data with the user's consent is Article 6 (1a) of the GDPR. The legal basis for collecting additional data during sending is Article 6 (1f) of the GDPR; the legitimate interest here is in the prevention of misuse and ensuring system security (cf. [V.1]).

7. Data Erasure and Storage Period

In general, data are erased as soon as they are no longer required to achieve the purpose of their collection. For the personalized data from the input mask of the contact form and those that were send by email, this is the case when the given communication with the user has ended and/or the user's request was responded to conclusively.. The communication is concluded, or a conclusive response is provided, when the circumstances allow the conclusion that the matter concerned has been resolved; in the case of support and chat support, no more than 2 years after the last communication, with the exception of the cases listed in (III.7), or after no more than 3 years if we offered you a replacement under warranty and/or your problem requires interaction with our development department. In the case of warranty processing, we delete the associated communication required no later than upon expiry of the warranty period. Instead of being deleted, data will be stored and locked if further storage of the data is required for the reasons listed in (III.7).

8. Opt-out and Elimination Options

The user has the possibility to terminate communication with us and/or rescind his request at any time, and to object to the corresponding use of his data. In such a case the communication cannot be continued. In this case, all personalized data stored in the course of making contact are erased, unless the further storage of data is required for the reasons listed in (III.6 and IX.7.).

According to the GDPR, the user is entitled in particular to the following data subject rights:

1. Right to information (Article 15 of the GDPR)

You have the right to request information about whether or not we process personalized data pertaining to you. If personalized data pertaining to you are processed by our company, you are entitled to information about

• the purposes of processing;
• the categories of personalized data (kinds of data) that are processed;
• the recipients or categories of recipients to whom your data were disclosed or are to be disclosed; this is the case especially when data were disclosed or are to be disclosed to recipients in third countries outside the purview of the GDPR;
• the planned duration of storage, to the extent this is possible; if the duration of storage cannot be given, in any case the criteria for determining the duration of storage (e.g. legal retention periods or the like) must be communicated;
• your right to rectification and erasure of the data pertaining to you, including the right to restrict processing and/or the right to revoke consent (on this, see also the subsequent clauses);
• the existence of the right to lodge an appeal with a supervisory authority;
• the source of the data, if the personalized data were not collected from you directly.

Further, you are entitled to information about whether your personalized data are the object of automated decisions in the sense of Article 22 of the GDPR, and, if this is the case, which decision criteria are the basis for such an automated decision (logic) or what the effects and consequences the automated decision can have for you.

If personalized data are transmitted to a third country outside the purview of the GDPR, you are entitled to information about whether, and if so, on the basis of which guarantees, an adequate level of protection is ensured by the data recipient in the third country in accordance with Articles 45 and 46 of the GDPR.

You have the right to request a copy of your personalized data. We always provide copies of data in electronic form unless you request otherwise. The first copy is free of charge; for additional copies, reasonable compensation can be requested. The copy is provided as long as the rights and freedoms of other persons are not compromised through the transmission of the copied data.

2. Right to Rectification (Article 16 of the GDPR)

You have the right to request that we rectify your data, should these be incorrect, inaccurate and/or incomplete; the right to rectification includes the right to complete your data by adding supplementary clarifications or information. A rectification and/or supplement must take place immediately – that is, without undue delay.

3. Right to Erasure (Article 17 of the GDPR)

You have the right to request that we erase your personalized data, insofar as

• the personalized data are no longer required for the purposes for which they were collected and processed;
• data processing takes place on the basis of consent you granted and you have rescinded your consent, insofar as there is no other legal basis for data processing;
• you entered an objection to data processing in accordance with Article 21 of the GDPR and there are no overriding reasons for further processing;
• you entered an objection to data processing for the purpose of direct advertising in accordance with Article 21(2) of the GDPR;
• your personalized data were processed illegally;
• the data in question concern a child, and were collected in relation to information society services in accordance with Article 8(1) of the GDPR.

There is no right to the erasure of personalized data insofar as

• the rights to freedom of expression and to knowledge are in conflict with the request for erasure;
• the processing of personalized data (i) in order to fulfill a legal obligation (e.g. legal retention periods), (ii) in order to fulfill public duties and interests in accordance with EU law and/or the law of the member states (this also includes interests in the area of public health) or (iii) for the purposes of archiving or research;
• the personalized data are required for the assertion, exercise or defense of legal claims.

The erasure must take place immediately – that is, without undue delay. If personalized data have been made public by us (e.g. in the internet), we are responsible, in the framework of what is technically possible and reasonable, for informing third-party processors about the erasure request, including the deletion of links, copies and or replicates.

4. Right to Restriction of Processing (Article 18 of the GDPR)

You have the right to have the processing of your personalized data restricted in the following cases:

• If you have contested the accuracy of your personalized data, you can request that your data not be used for other purposes for the duration of the accuracy check and insofar restricted.
• In the case of illegal data processing you can request the restriction of data use in accordance with Article 18 of the GDPR rather than data erasure according to Article 17 (1d) of the GDPR.
• If you need your personalized data for the assertion, exercise or defense of legal claims, but your personalized data are otherwise no longer required, you can request that we restrict processing to the above mentioned purpose of legal proceedings.
• If you entered an objection to data processing in accordance with Article 21(1) of the GDPR and it has not yet been decided whether our interests in processing override your interests, you can request that your data not be used for other purposes for the duration of the review and insofar be restricted.

5. Right to Data Portability (Article 20 of the GDPR)

Subject to the following provisions, you have the right to receive the data pertaining to you in a commonly used, machine-readable format. The right to data portability includes the right to transmission of the data to another controller; upon request we will thus – insofar as it is technically possible – transmit data directly to a controller you specify or will specify in the future. The right to data portability applies only for the data provided by you and assumes that the data are processed on the basis of consent or for performance of a contract, and is executed using automated methods. The right to data portability in accordance with Article 20 of the GDPR does not affect the right to data erasure in accordance with Article 17 of the GDPR. The data are transmitted only if the rights and freedoms of other persons cannot be compromised through the data transmission.

6. Right to Object (Article 21 of the GDPR)

In the case of processing of personalized data in order to fulfill a task carried out in the public interest (Article 6[1e] of the GDPR) or for the purpose of pursuing legitimate interests (Article 6[1f] of the GDPR), you can object prospectively to the processing of personalized data pertaining to you at any time. In the case of an objection we have to refrain from any further processing of your data for the above mentioned reasons, unless

• there are compelling and legitimate reasons for processing which override your interests, rights and freedoms, or
• the processing is required for the assertion, exercise or defense of legal claims.

You can object prospectively to the use of your data for the purpose of direct advertising at any time; this is also true for any profiling associated with the direct advertising. In the case of an objection we have to refrain from any further processing of your data for the purpose of direct advertising.

7. Legal Protections / Right to Petition a Supervisory Authority

In the case of complaints, you can contact a supervisory authority of the EU or the member states at any time. The supervisory authority named in (II) is responsible for our company.