PRIVACY POLICY

PFEIFFER Chemie-Armaturenbau GmbH Classification: Public

We are pleased that you take an interest in our company and our web pages. We take the protection of your per- sonal data and privacy very seriously. The following sections contain information on how we handle your data. Controller: PFEIFFER CHEMIE-ARMATURENBAU GMBH Hooghe Weg 41 47906 Kempen, Phone: +49 2152 2005-0 Fax: +49 2152 1580 E-mail: [email protected] The contact details of our data protection officer are as follows: Mr. Markus Strauss tacticx Consulting GmbH Walbecker Straße 53 47608 , Germany E-mail: [email protected] If you use one of the sites offered by PFEIFFER CHEMIE-ARMATURENBAU GMBH, such as our web pages, we process your personal data. We treat your data with strict confidentiality and use them only for the purposes communicated upon collection of the data. Data processing is based on the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations.

1 Deployment of web pages Our systems record a number of general data, including personal data, every time you visit our web pages. The following data are saved in our server log files:

▪ IP address (possibly in a shorted, anonymized form) ▪ Date and time of request (time stamp) ▪ Request details and target address (protocol version, HTTP method, referrer, UserAgent string) ▪ Name of requested files and transmitted amount of data (requested URL including Query string, size in bytes) ▪ Message whether query was successful (HTTP status code) ▪ Web page that sent the request ▪ Browser type or app used ▪ Operating system and its user interface ▪ Browser language and version

PFEIFFER Chemie-Armaturenbau GmbH · Hooghe Weg 41 · 47906 Kempen, Germany Commerzbank AG Kempen: Account 2208890 · Bank code 320 400 24 Phone: +49 2152 2005-0 · Fax: +49 2152 1580 IBAN DE74320400240220889000 BIC (Swift code) COBADEFFXXX E-mail: [email protected] · Internet: www.pfeiffer-armaturen.com Volksbank eG Kempen-Grefrath: Account 501401013 · Bank code 320 614 14 IBAN DE38320614140501401013 Chief Executive Officer: Dipl.-Ing. Marcus Miertz BIC (Swift code) GENODED1KMP Authorized officers: Ursula Choroba-Kokot, Dipl.-Ing. Bernd Jenner Registered office: Kempen · Court of registration: HRB no. 9000 Deutsche Bank AG Kempen: Account 2172500 · Bank code 320 700 80 VAT ID: DE 11 999 7658 · German tax no.: 115/5734/0256 IBAN DE23320700800217250000 BIC (Swift code) DEUTDEDD320

PRIVACY POLICY

We draw no conclusions on you as a person when processing these data. We perform neither personalized anal- yses nor data assessments for profiling.

The processing of personal data is governed by Article 6(1) lit. f) GDPR. Data processing is mandatory to techni- cally provide the web pages and ensure the stability and security of our systems. This also constitutes our legiti- mate interest. It is impossible to use our web pages without such data processing, which means that you have no opportunity to object. Your data will be deleted once you leave our web pages and terminate your current session. Your IP address will be deleted no later than seven days after the end of your web page visit.

2 Contacting us There are different ways of getting into contact with us.

2.1 Scope of data processing 2.1.1 Contact forms Our website includes contact forms to get in touch with us. We save your personal data transmitted to us through the form. Which data we process becomes evident from the respective input form. In the forms, only those fields are marked as mandatory that are absolutely necessary to use the associated offer. 2.1.2 Other ways of contacting us Our web pages include different ways for you to get into contact with us by e-mail, ground mail, phone or fax. In this case, we save the personal data transmitted to us as part of your inquiry, such as your e-mail address, address data, phone number or other personal data arising from your inquiry.

2.2 Legal basis If the personal data are transmitted as part of a general inquiry or e-mail, processing is governed by Article 6(1) lit. f) GDPR. If your inquiry is related to an agreement or if it is made prior to entering into a contract with us, pro- cessing is governed by Article 6 (1) lit. b GDPR. In all other cases, the processing of your personal data is gov- erned by Article 6(1) lit. f) GDPR. It is our legitimate interest to handle your inquiries.

2.3 Purpose of data processing The purpose of data processing is to handle your inquiry. The data are processed exclusively for this purpose. None of your data are forwarded to third parties in this context.

2.4 Retention period for your personal data Once your inquiry has been handled, we will mark your stored personal data to limit their processing in the future. Unless you have given your explicit consent to their further use, we will delete your personal data after the retention periods stipulated by the tax and trade legislation have expired.

Classification: Public Page 7 of 2

PRIVACY POLICY

There is no obligation for you to provide your personal data. Providing data is prescribed neither by law nor by a contract nor is it required to make a contract. However, not providing your data may prevent you from using our contact form or its full scope of functions or you may not be able to get into contact with us.

3 Job application Our web pages provide information on job vacancies.

3.1 Scope of data processing You can apply for a vacant job by getting into contact with us (refer to section 2). To participate in the application process, you are required to provide personal data in the documents you submit, such as your letter of application, CV, application photo, certificates or other qualification records. These data may be personal data, such as first name, last name, postal address, date of birth, contact data (phone number, e-mail address) or data related to your scholastic and/or vocational history (school certificates, employment references, data on vocational training, job placements, previous employers).

None of your personal data are forwarded to third parties.

3.2 Purpose of data processing We use the personal data you provide only for the purpose of selecting suitable job candidates. When handling ap- plications, we restrict ourselves to the data you enter directly. This may include data you entered on online busi- ness networks or employment websites. If we ask for your gender by requesting you to enter the form of address, we only do so because we want to address you properly.

3.3 Legal basis The processing of personal data is governed by Article 88(1) GDPR, §26 BDSG (German Federal Data Protection Act).

3.4 Retention period for your personal data We delete the collected personal data six months after your application has been rejected. You need to provide personal data to submit your application. We will be unable to process your application if you do not provide the data. We are active online in social networks and on social media platforms ("Social Media Channels). We regularly pub- lish and share contents, offers and product recommendations on our Social Media Channels.

Classification: Public Page 7 of 3

PRIVACY POLICY

4 Social media channels

4.1 Extent of processing During every interaction with our Social Media Channels, the social network operators automatically collect and save your personal data for market research and marketing purposes. It cannot be ruled out in this context that the collected data are also processed outside the European Union. Amongst other things, this may make it more diffi- cult to assert data object rights. Based on the collected data and using aliases, usage profiles are generated. They may be used, for example to show personalized ads inside and outside the social networks. For this purpose, cook- ies or similar technical features, which record your usage behavior, are saved on your device. We basically record all messages, contents and other information that you reveal to us while using our Social Me- dia Channels, for example when you post on our channels or send us a private message. If you have an account for the social networking site in question, we can additionally see your public information, such as your user name, information on your public user profile and contents you share publicly. The type, extent and purposes of processing your personal data in social networks are primarily defined by the net- work providers. Check the applicable provider's privacy policy for further information on your related rights and pos- sible settings to protect your privacy:

▪ Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://www.facebook.com/about/privacy/ ▪ Google/YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA): https://policies.google.com/privacy ▪ Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA): http://instagram.com/about/legal/privacy/ ▪ LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA): https://www.linkedin.com/legal/privacy-policy

4.2 Usage analytics (page insights) We operate a Facebook fan page ("Fan Page"). Within this context, Facebook provides us with "Page Insights". During every interaction with a Fan Page, Facebook records your usage behavior using cookies and similar tech- nical features. This includes anonymized statistics, which can give us insights into your interactions with our posts or other contents. They cannot be assigned to you personally. We have no access to the data that Facebook uses to generate the page insights ("Page Insights Data"). Page insights data are exclusively selected and processed by Facebook. Page Insights show us how you use our Fan Pages, what you are interested in on our Fan Pages and which topics and contents are particularly popular. This enables us to optimize our Fan Page activities, for example by respond- ing to our audience's interests and usage behavior when planning and selecting our contents.

Classification: Public Page 7 of 4

PRIVACY POLICY

We and Facebook share responsibility for the processing of your data related to Page Insights. As a result, we and Facebook have entered into an agreement as to which company fulfills which data protection obligations relating to the Page Insights Data. The agreement with Facebook can be viewed at: https://www.facebook.com/legal/terms/page_controller_adden- dum. A compilation of the essential contents of this agreement (including a list of Page Insights Data) can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.

4.3 Legal grounds and lawfulness of processing If a social network provider requests your consent to processing, processing is governed by Article 6(1) lit. a) GDPR. Otherwise, processing is governed by Article 6(1) lit. f) GDPR. We have a legitimate interest in optimizing the representation of our offers and in communicating effectively with our customers and interested parties.

Right of revocation You have the right to revoke your consent without providing reasons at any time to prevent the use of your data in the future. If you do not agree with the future transmission of your data while using our Social Media Chan- nels, you have the opportunity to object to the processing.

▪ Facebook: https://www.facebook.com/settings?tab=ads ▪ Google/YouTube: https://adssettings.google.com/authenticated ▪ ▪ Instagram: http://instagram.com/about/legal/privacy/ ▪ LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out If consent if revoked, you may no longer be capable of using the full scope of functions available on our web pages.

Right to object (Article 21 GDPR) You have the right to object to the processing of your personal data at any time with effect for the future, e.g. by e-mail to XXX. We no longer process your personal data unless we can demonstrate compelling legitimate grounds for the pro- cessing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. For the joint processing of your Page Insights Data with Facebook, we have agreed with Facebook that Face- book is primarily responsible for providing you with information on the processing of your Page Insights Data and for enabling you to assert the data protection rights (e.g. right to objection) that you have under the GDPR. For further information on your privacy rights relating to Page Insights and how to assert them directly towards Facebook go to https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights relating to processing activities under Facebook's and our joint responsibility towards us, e.g. by e-mail to XXX. In this case, we will forward your request to Facebook without undue delay.

Classification: Public Page 7 of 5

PRIVACY POLICY

4.4 Purpose of data processing Our online channels enable us to communicate effectively with our customers and interested parties and optimize the representation of our offers. There is no obligation for you to provide your personal data. Providing data is prescribed neither by law nor by a contract nor is it required to make a contract. However, not providing our data may prevent you from using our web pages or their full scope of functions.

5 Rights of the data subjects If we process your personal data, you are a data subject as defined in Article 4(1) GDPR and have the following rights towards us:

▪ Right of access (Article 15 GDPR) ▪ Right to rectification (Article 16 GDPR) ▪ Right to erasure (Article 17 GDPR) ▪ Right to restriction of processing (Article 18 GDPR) ▪ Notification obligation (Article 19 GDPR) ▪ Right to data portability (Article 20 GDPR) ▪ Right to object (Article 21 GDPR) ▪ Right to lodge a complaint with a supervisory authority (Article 77 GDPR) ▪ Right to withdraw your declaration of consent on privacy and data protection (Article 7(3) GDPR) You have the right to revoke your consent at any time. e.g. by e-mail to datenschutzbeauftragter@pfeiffer-arma- turen.com. The withdrawal of consent does not affect the lawfulness of data processing based on consent granted before the withdrawal. Right to object (Article 21 GDPR) Pursuant to Article 21 GDPR, you have the right to object, on grounds relating to your particular sit- uation, at any time to processing of personal data concerning yourself which is based on Article 6(1) lit. e) or f) GDPR, including profiling based on those provisions.

We no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establish- ment, exercise or defense of legal claims.

If you want to exercise a right, please contact our data protection officer at [email protected]. Note that we may request additional information from you under certain conditions to verify your identity. For exam- ple, we may ensure that information is not revealed to unauthorized persons when exercising the right of access. No automated decision-making takes place on our web pages.

Classification: Public Page 7 of 6

PRIVACY POLICY

6 Security We have implemented technical and organizational security measures to protect your personal data against acci- dental or intentional manipulation, loss, destruction or access by unauthorized persons. We continuously improve our security measures in line with technological development.

7 Responsibility for external contents Our web pages contain links to websites and web pages by external providers. We have no influence on whether other providers comply with the applicable laws and regulations on data protection and privacy, nor do we check their compliance. If you consider linked external sites or pages to be in violation of the applicable laws or if you con- sider them to be otherwise inappropriate, we kindly ask you to tell us that. We will verify your notification and re- move the external link, if necessary. We are not responsible for the contents and accessibility of linked external websites or pages.

8 Validity of the privacy policy It may be necessary to revise this privacy policy to further develop our website or implement new features. As a result, we reserve the right to change this privacy policy at any time with effect for the future. The version as amended and accessible at the time you visited our web pages is valid.

Last revision: September 2020

Classification: Public Page 7 of 7