PRIVACY POLICY

1. SCOPE

The following data protection declaration applies to the use of the website www.traiga.green and the services offered through it. This website is an offer of Taiga GmbH, Ritterstraße 12-14, 10969 Berlin, Germany as the controller within the meaning of Art. 4 of the EU General Data Protection Regulation (“GDPR”). You can reach our data protection officer at ppgad@pucrs.br or our postal address with the addition "the data protection officer". The protection of your personal data is very important to us. It is important to us to inform you about which personal data we collect, how it is used and what rights you have with regard to the personal data stored about you. This privacy policy applies to personal data that we collect or use, e.g. when you visit our website, contact our customer service or when you interact with Taiga GmbH as a business customer, supplier or business partner. This includes, without limitation, all personal data of any kind collected online and offline.    2. WHAT DO WE USE YOUR DATA FOR? To optimize our websites, e.g. content or navigation. To process your orders, service requests, e.g. product or application-related questions. We only pass on your personal data to third parties if this is necessary to process a specific request from you, for example by forwarding your product request to one of our authorized dealers in your area or if we are legally, officially or judicially obliged to pass on the data. We process your data in particular for the following purposes:

• Sending information about Taiga products and services as well as their use and sources of supply
• Answering questions about our products and services
• troubleshooting product issues
• Help us improve our websites, e.g. content or navigation
• order and order processing

When you interact with Taiga GmbH as a prospective customer, business customer, supplier or business partner, we also ask for your personal data for the following purposes in particular:

• Sending security-related, personalized messages regarding our products and services
• customer relationship management
• Conducting satisfaction surveys on Taiga GmbH products and services

2.1 COMMUNICATION AND CONVERSATION CONTENT If you communicate with us or other users by telephone, post, via social media services, contact forms or in any other way about products (e.g. product reviews) and other topics, we record the content of your messages. If necessary, we will forward your messages to the department responsible for your request, such as partner companies or manufacturers. In the event of a possible forwarding to another company (e.g. if you send us feedback to the manufacturer of a product), you naturally have the option of informing us that your data should only be used by Taiga GmbH. In this case, we will not forward your request to the responsible department or will only forward it without your personal details if your request can be processed in this way. If you send us messages for other users via the functions provided for this purpose (e.g. product reviews), we can publish these within our services. Taiga GmbH also uses the services of social networks such as Facebook, Instagram or Twitter to communicate with customers and users. We use these popular platforms to offer you additional contact and information options in addition to our own communication channels. Please note, however, that we have no influence on the terms of use of the social networks and the services they offer, and only limited influence on their data processing. We therefore ask you to carefully check which personal data you share with us via the social networks. We have no influence on the behavior of the operators of the social networks, other users, or third parties who may work with the operators of the social networks or also use their services. 2.2       RECORDING OF TELEPHONE CONVERSATIONS Telephone conversations, for example with our Hotline, are only recorded with your consent for the purposes covered by your consent (e.g. quality assurance, training purposes). Consent to the recording of calls is of course voluntary. You can revoke your consent at any time with effect for the future, for example by asking the employee on the phone to stop the recording. 3. GENERAL CONTACT ENQUIRIES, CONTRACT EXECUTION Depending on whether you interact with Taiga GmbH as an interested party, user, end user, customer, business customer, supplier or business partner and how you do this, we collect different personal data. This information is provided voluntarily by you and used by us only for the intended purposes. This includes name, company, email address, telephone number, gender, date of birth, information about the products and areas of application you use. If you provide us with personal data by telephone, email, post or via our website (in particular name, first name, email address, address), this is generally done on a voluntary basis. This data is used to process the contractual relationship, to process your inquiries or orders and for our own market or opinion research and advertising. Any further use, in particular the transfer of data to third parties for advertising, market or opinion research purposes, only takes place with prior consent and can always be revoked. We delete the data collected in this context once storage is no longer required or restrict processing if there are statutory retention periods. The legal basis is Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. 4. AUTOMATED DATA COLLECTION AND PROCESSING THROUGH THE BROWSER As with any website, our server automatically and temporarily collects information in the server log files that are transmitted by the browser, unless you have deactivated this. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis Art. 6 Para. 1 lit f) GDPR):

• IP address of enquiring computer
• client's file request
• The http response code

• The website from which you visit us (referrer URL, the previously visited page)
• The date and time of the server request
• Browser type and version
• page accessed
• Minutes

• Status code
• User Agent (browser type and version)
• domain accessed
• This data is retained for 90 days.
• Operating system used by the requesting computer

A personal evaluation of the server log files does not take place. This data cannot be assigned to specific persons by the provider at any time. This data is not merged with other data sources. 5. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES AND SHIPPING SERVICE PROVIDERS We will only pass on your personal data to third parties if:

• You have given us your consent to do so and we use external service providers as data processors and have concluded an agreement on order data processing in accordance with Art. 28 GDPR. The data will be passed on if this is necessary to process a specific request or order from you, for example by forwarding your product request to one of our authorized dealers in your area or by forwarding your order data to logistics and fulfillment service providers for the purpose of shipping and order processing. Our external partners have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and are regularly monitored.
• We are legally, officially or judicially obliged to disclose the information.

If the goods are delivered by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will pass on your email address to DHL in accordance with Art. 6 Paragraph 1 Letter a of GDPR before the goods are delivered for the purpose of coordinating a delivery date or to notify you of the delivery, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 Paragraph 1 Letter b of GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible. Consent can be revoked at any time with future effect to the person responsible named above or to the transport service provider DHL. 6. PAYMENT SERVICE PROVIDER      We offer you the usual payment methods in online trading - in particular advance payment, credit card, PayPal or invoice. We collect the payment data you provide to process the payment. Registered users can store the payment data in their personal customer account. We receive further payment data from external payment service providers and credit agencies with whom we work together to process payments and check creditworthiness. We only pass on data to our payment service providers that is necessary for payment processing. Payment data includes, for example:

• Preferred payment method
• Billing addresses
• IBAN and BIC or account number and bank code
• Credit card details
• creditworthiness data

6.1 PayPal When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered

• If you choose to pay by invoice or installment payment via PayPal, we will pass your payment details on to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The data will be passed on in accordance with Art. 6 Paragraph 1 Letter b of GDPR and only to the extent that this is necessary for the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase by invoice” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values ​​(so-called score values). Insofar as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, among other things, but not exclusively, address data. For further information on data protection, including on the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/ privacy-full You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual payment.

6.2       RatePay If you have chosen the RatePay invoice or RatePay SEPA direct debit or RatePay installment purchase payment service as a payment option, you will be asked to provide your personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number and, in the case of SEPA direct debit, the specified bank account details) during the ordering process. In order to protect our legitimate interest in determining the solvency of our customers, we will forward this data to RatePay GmbH, Franklinstraße 6-1, 28 Berlin (“RatePay”) for the purpose of a credit check in accordance with Art. 29 (10587) (f) GDPR. RatePay checks on the basis of the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you have selected can be granted with regard to payment and/or default risks. In addition to RatePay's internal criteria pursuant to Art. 6 (1) (f) GDPR, identity and creditworthiness information from the following credit agencies may also be included in the decision-making process when reviewing the application:

• Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss, Tel.: +49 (0)2131-109-501, Fax: -557
• Infoscore Consumer Data GmbH (arvato), Rheinstraße 99, D-76532 Baden-Baden, Tel.: +49 (0)7221-5040-1000, Fax: -1001
• CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Tel.: +49 (0)40-89803-0, Fax: -419
• SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Tel.: +49 (0)611-9278-0, Fax: -109
• CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Tel.: +49 (0)89 508073-0, Fax: – 31

The credit report may contain probability values ​​(so-called score values). If score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, among other things, but not exclusively, address data. You can find further information about RatePay's data protection provisions at the following Internet address: http://www.ratepay.com/zusaetzliche-geschaeftsbedingungen-und-datenschutzhinweis/ You can object to this processing of your data at any time by sending a message to the person responsible for data processing or to RatePay. However, RatePay may still be entitled to process your personal data if this is necessary for the contractual payment processing. 6.3       Stripe Credit card, direct debit, transfer transactions can be made via the payment service provider Stripe in addition to Paypal. The processing of the data is subject to the Stripe privacy policy and will be passed on in accordance with Art. 6 para. 1 lit. b GDPR. You can find these at https://stripe.com/de/privacy 6.4       AmazonPay If you select the payment method “Amazon Pay”, payment processing will be carried out via the payment service provider Amazon Payments Europe sca, 38 Avenue JF Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we will pass on the information you provided during the ordering process, together with the information about your order, in accordance with Art. 6 Paragraph 1 Letter b of GDPR. Your data will be passed on exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent that it is necessary for this purpose. You can find further information about Amazon Payments’ data protection provisions at the following Internet address: https://pay.amazon.com/de/help/201751600 7. REGISTRATION ON OUR WEBSITE The data subject has the option of registering on the controller's website by providing personal data. to open a customer account. When you open a customer account, we collect your personal data to the extent specified therein. The purpose of data processing is to improve your shopping experience and simplify order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted. Which personal data is transmitted to the person responsible for processing is determined from the respective input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes, in particular for the purposes of order and order processing and customer service. The controller may arrange for the data to be passed on to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal use attributable to the controller. By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) to the data subject, the date and time of the registration are also stored. This data is stored in order to prevent misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, the storage of this data is necessary to protect the person responsible for processing. As a general rule, this data will not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purpose of criminal prosecution. The registration of the data subject with the voluntary provision of personal data serves the purpose of enabling the controller to offer the data subject content or services that, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have them completely deleted from the data records of the controller. The controller shall provide any data subject with information, upon request, at any time as to what personal data concerning the data subject are stored. Furthermore, the controller shall correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention periods. The entire staff of the controller are available to the data subject as contact persons in this context. SUBSCRIPTION AND DELIVERY OF OUR NEWSLETTER On the website www.taiga.green, users are given the opportunity to subscribe to our company's newsletter. The input mask used for this purpose determines which personal data is transmitted to the controller when ordering the newsletter. Taiga GmbH regularly informs its customers and business partners about company offers by means of a newsletter. Our company's newsletter can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a data subject for the first time for newsletter delivery using the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address as the data subject has authorized receipt of the newsletter. When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves to legally protect the person responsible for processing. The personal data collected as part of a newsletter registration will only be used to send our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes to the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be canceled by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the purpose of sending the newsletter can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in every newsletter. Furthermore, it is possible to unsubscribe from the newsletter at any time directly on the website of the controller or to inform the controller of this in another way. 8.1 newsletter via SendinBlue Newsletter delivery via SendinBlue GmbH, SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, Telephone: +49 (0)30 / 311 995 10, E-Mail: ppgad@pucrs.br GmbH Our e-mail newsletters are sent via the technical service provider Sendinblue GmbH, to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 Paragraph 1 Letter f of GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter to receive the newsletter (e.g. e-mail address) is stored on servers in the EU. Sendinblue GmbH uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter. We have concluded a data processing agreement with Sendinblue in which we oblige Sendinblue to protect our customers' data and not to pass it on to third parties. You can view Sendinblue's privacy policy here: https://de.sendinblue.com/legal/privacypolicy/ and https://de.sendinblue.com/datenschutz-uebersicht/ 8.2 Newsletter tracking The Taiga GmbH newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails sent in HTML format to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Using the embedded tracking pixel, Taiga GmbH can see whether and when an email was opened by a data subject and which links in the email were accessed by the data subject. Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given via the double opt-in procedure. After revocation, this personal data is deleted by the controller. Taiga GmbH automatically regards unsubscribing from the newsletter as a revocation. 9. DATA COLLECTION WHEN WRITING A COMMENT When you comment on an article or post, we only collect your personal data (name, email address, comment text) to the extent you have provided it. The processing serves the purpose of enabling commenting and displaying comments. By submitting the comment, you consent to the processing of the transmitted data. The processing is carried out on the basis of Art. 6 Paragraph 1 Letter a of GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your personal data will then be deleted. 9.1.      submission of purchase ratings With your consent, we enable you to submit purchase reviews following your orders. To do this, we will send you an e-mail with a link to the e-mail address stored in your customer account, via which you can directly submit an anonymous review of the product you purchased. The legal basis for the data processing mentioned above is your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent to this data processing at any time with effect for the future. For example, an e-mail to the contact details mentioned under Section 2 is sufficient. If external processors are used to enable the submission of purchase reviews, they are contractually obliged in accordance with Article 28 GDPR. If you revoke your consent to receive purchase review e-mails, your e-mail address will be blocked from receiving these e-mails. Your data will then be deleted from the corresponding e-mail lists after six months. 9.2       Contacting us for a review reminder Your own rating reminder (not sent by a customer rating system) We use your email address as a one-time reminder to submit a rating of your order for the rating system we use, provided that you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time by sending a message to the person responsible for data processing. 10. USE OF PERSONAL DATA FOR SENDING ADVERTISING We use your personal data (name, address), which we received as part of the sale of a product or service, to send you postal advertising, unless you have objected to this use. The provision of this data is necessary for the conclusion of the contract. Failure to provide this data means that no contract can be concluded. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your address data at any time by notifying us.  The contact details for the exercise of the contradiction can be found in the imprint. 10.1.    Using the e-mail address for sending direct mail We use your e-mail address, which we obtained in connection with the sale of a good or service, for the electronic transmission of advertising for own goods or services, which are similar to those, which you already acquired with us, as far as this Use did not contradict. The provision of the e-mail address is required for the conclusion of the contract. Non-provisioning means that no contract can be concluded. The processing takes place on the basis of Art. 6 para. 1 lit. f DSGVO from our predominant legitimate interest in direct mail. You may object to this use of your e-mail address at any time by notifying us. The contact details for the exercise of the contradiction can be found in the imprint. You can also use the dedicated link in the promotional e-mail. There are no other costs than the transmission costs according to the basic tariffs.   11. MARKETING 11.1   Cookies We may save information on your computer in the form of so-called cookies. Cookies are identification characters (files) that are saved on the hard drive of the requesting computer. They contain information about the user. The use of a cookie has no connection whatsoever with the personal information you provide on the website. The following types of cookies, the scope and functionality of which are explained below, are used on this website: Transient cookies: Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These save a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser. Persistent cookies: Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Paragraph 1 Letter b GDPR either to execute the contract or in accordance with Art. 6 Paragraph 1 Letter f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. We may work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies will also be saved on your hard drive when you visit our website (third-party cookies). If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case in the paragraphs below. Please note that you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links: Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Chrome: https://support.google.com/chrome/answer/ 95647?hl=de&hlrm=en Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac Opera: https://help.opera.com/en/latest/web-preferences/#cookies Please note that if you do not accept cookies, the functionality of our website may be limited 11.2     Safety We take appropriate measures to protect your personal data from loss, falsification, manipulation and unauthorized access by third parties. We treat your data in accordance with the requirements of the data protection laws applicable in the Federal Republic of Germany and observe the limits set by data protection in competition law. The validity of this data protection declaration is limited to our company. This data protection declaration does not apply to websites that can be reached via links on our website. 11.3     Statistical analysis (Google (Universal) Analytics) Google Universal Analytics with demographic characteristics This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called cookies, which are text files saved on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your shortened IP address) is usually transferred to a Google server and saved there; this may also involve transmission to Google LLC servers in the USA. This website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which anonymizes the IP address by shortening it and prevents it from being directly linked to a person. This extension will result in your IP address being shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google LLC server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de As an alternative to the browser plug-in or within browsers on mobile devices, please click the following link to set an opt-out cookie that will prevent the Google Analytics collection within this site in the future (this opt-out cookie only works In this browser and only for this domain, delete your cookies in this browser, you have to click this link again):  Disable Google Analytics In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list This website also uses the Google Signals service as an extension of Google Analytics. With Google Signals, we can have Google create cross-device reports (so-called "cross device tracking"). If you have activated "personalized ads" in your Google account settings and you have linked your internet-enabled devices to your Google account, Google can analyze user behavior across devices and create database models based on this. This takes into account the registrations and device types of all site visitors who were logged into a Google account and made a conversion. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the associated conversion took place. We do not receive any personal data from Google, only statistics created on the basis of Google Signals. The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, which predominates in the context of the balancing of interests. You can object to the data processing by observing the aforementioned objection options. In addition, you have the option to deactivate your settings for “personalized ads” in your Google account. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de You can find further information about Google Signals here: https://support.google.com/analytics/answer/7532985?hl=de As far as is legally required, we have obtained your consent to your data being processed as described above in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with future effect. To exercise the withdrawal of your consent, please refer to the option for exercising an objection as detailed above. 11.4 Facebook Pixel for creating custom audiences with advanced data matching Our online offering uses the so-called “Facebook Pixel” of the social network Facebook in extended data matching mode, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”). Based on their express consent, when a user clicks on an advertisement displayed on Facebook and placed by us, an addition is added to the URL of our linked page by Facebook Pixel. This URL parameter is then written into the user’s browser via a cookie, which our linked page itself sets. In addition, this cookie records specific customer data such as the email address that we collect on our website linked to the Facebook ad during processes such as purchases, account registrations or registrations (extended data matching). The cookie is then read by Facebook Pixel and enables the data, including the specific customer data, to be forwarded to Facebook. With the help of the Facebook pixel with extended data matching, Facebook is able to precisely determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel with extended data matching to only display the Facebook ads we place to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel with extended data matching, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. In this way, we can further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”). Compared to the standard version of Facebook Pixel, the enhanced data matching function helps us to better measure the effectiveness of our advertising campaigns by recording more associated conversions. All transmitted data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and outside of Facebook. These processing operations only take place if explicit consent is given in accordance with Art. 6 Paragraph 1 Letter a of GDPR. Consent to the use of the Facebook pixel may only be given by users who are older than 13 years. If you are younger, we ask you to ask your legal guardians for permission. The information generated by Facebook is usually transferred to a Facebook server and stored there; this may also involve transmission to the servers of Facebook Inc. in the USA. Facebook Inc., based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. You can revoke your consent at any time by deactivating Facebook pixel tracking. For this purpose, you can set an opt-out cookie by clicking on the link below, which deactivates Facebook pixel tracking: deactivate Facebook pixel This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click on the link above again. 11.5 Instagram Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland We provide information on our company page and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company page (e.g. comments, posts, likes, etc.), you may thereby make personal data (e.g. real name or photo of your user profile) public. However, since we generally or largely have no influence on the processing of your personal data by the Instagram companies jointly responsible for the Ambiente Direct GmbH company page, we cannot make any binding statements about the purpose and scope of the processing of your data. Our company page on social networks is used for communication and information exchange with (potential) customers. In particular, we use the company page for: The publications via the company page can contain the following content:

• information about products

• information about services
• Giveaways
• Advertising
• customer contact

Every user is free to publish personal data through activities. The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. The data generated by the company's presence is not stored in our own systems. Instagram has submitted to and certified itself under the Privacy Shield Agreement concluded between the European Union and the USA. Instagram is therefore committed to complying with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active You can object to the processing of your personal data that we collect as part of your use of our Instagram company presence at any time and assert your rights as a data subject as set out under IV. of this data protection declaration. To do so, send us an informal email to ppgad@pucrs.br. You can find further information about the processing of your personal data by Instagram and the corresponding objection options here: Instagram: https://help.instagram.com/519522125107875 11.6     Google AdWords conversion tracking This website uses the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites using advertising materials (so-called Google Adwords). We can use the advertising campaign data to determine how successful the individual advertising measures are. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred. The cookie for conversion tracking is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can block this use by deactivating the Google Conversion Tracking cookie in your Internet browser under the keyword “User Settings”. You will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising in accordance with Art. 6 (1) (f) GDPR. When using Google Ads, personal data may also be transferred to the servers of Google LLC in the USA. In the event that personal data is transferred to Google LLC based in the USA, Google LLC has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list You can find more information about Google's data protection regulations at the following Internet address: http://www.google.de/policies/privacy/ You can permanently deactivate cookie cookies by blocking them by setting your browser software accordingly or by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads /plugin?hl=de Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies. To the extent legally required, we have obtained your consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option for objecting described above. 11.7 Bing Ads (Microsoft Corporation) This website uses the conversion tracking technology “Bing Ads” from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads will place a cookie on your computer if you have accessed our website via a Microsoft Bing ad. Cookies are small text files that are stored on your computer system. These cookies expire after 180 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Microsoft and we can recognize that the user clicked on the ad and was redirected to this page (conversion page). If personal data is processed in this context, this is done in accordance with Art. 6 Para. 1 lit. f GDPR due to our legitimate interest in effective marketing. The information obtained using the conversion cookie is used to create conversion statistics, i.e. to record how many users reach a conversion page after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users. Microsoft Corporation, based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. If you do not want to participate in tracking, you can object by easily deactivating the Bing Ads conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics. Alternatively, you can use the deactivation page for consumers from the EU http://www.youronlinechoices.com/uk/your-ad-choices/ Check whether Microsoft advertising cookies are set in your browser and deactivate them. You can find more information about Microsoft Bing Ads' privacy policy at the following Internet address: https://privacy.microsoft.com/de-de/privacystatement To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option to object described above. Criteo (Criteo SA) On this website, information about the surfing behavior of website visitors is collected, stored and evaluated in pseudonymized form using technology from Criteo SA, 32 Rue Blanche, 75009 Paris, France (“Criteo”) with the help of “cookie” text files on the basis of our legitimate interest in displaying personalized advertising in accordance with Art. 6 (1) (f) GDPR. Criteo uses an algorithm to analyze surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). Under no circumstances can the data collected be used to personally identify the visitor to this website. It will not be used for any other purpose or passed on to third parties. To object to the collection of data and the creation of pseudonymized user profiles in the future, you can obtain the following so-called opt-out cookie: Criteo opt-out (http://www.criteo.com/de/privacy/) For more information about Criteo’s technology, please see the Criteo privacy policy: http://www.criteo.com/de/privacy/ Google AdWords Remarketing Our website uses the functions of Google Ads Remarketing, with which we advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Paragraph 1 Letter f of GDPR. Any further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads that you view on the web. If you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, Google will temporarily link your personal data with Google Analytics data to create target groups. When using Google Ads Remarketing, personal data may also be transferred to Google LLC servers in the USA. You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available under the following link:https://www.google.com/settings/ads/onweb Alternatively, you can register with the Digital Advertising Alliance at www.aboutads.info about the setting of cookies and make settings for this. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted. In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list Further information and the privacy policy regarding advertising and Google can be viewed here: https://www.google.com/policies/technologies/ads/ As far as is legally required, we have obtained your consent to your data being processed as described above in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with future effect. To exercise the withdrawal of your consent, please refer to the option for exercising an objection as detailed above. 11.8      Google reCAPTCHA On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an entry has been made by a natural person or has been misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of our legitimate interest in determining individual responsibility on the Internet and preventing misuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the USA. In the event that personal data is transmitted to Google LLC based in the USA, Google LLC has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/ 11.9 Google Customer Reviews (formerly Google Certified Retailer Program) We work with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to obtain customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to take part in an email survey from Google. If you give your consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchasing experience on our website. The rating you submit will then be summarized with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. Using Google Customer Reviews may also result in personal data being transferred to Google LLC servers in the USA. You can revoke your consent at any time by sending a message to the person responsible for data processing or to Google. In the event that personal data is transferred to Google LLC, based in the USA, Google LLC has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list Further information on Google's data protection in connection with the Google Customer Reviews program can be found at the following link: https://support.google.com/merchants/answer/7188525?hl=de You can read more information about the data protection of Google Seller Ratings at this link: https://support.google.com/google-ads/answer/2375474 11.10 Google Maps We use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on our website. Google Maps is a web service for displaying interactive (land) maps in order to visually display geographical information. Using this service will show you our location and make it easier to get there. When you access the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there. This may also result in data being transmitted to Google LLC servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account already exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of Google's legitimate interest in displaying personalized advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. has certified itself for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by disabling the JavaScript application in your browser. Google Maps and thus the map display on this website cannot then be used. You can find Google's terms of use at www.google.de/intl/de/policies/terms/regional.html see, the additional terms of use for Google Maps can be found at www.google.com/intl/de_US/help/terms_maps.html You can find detailed information on data protection in connection with the use of Google Maps on the Google website ("Google Privacy Policy"): www.google.de/intl/de/policies/privacy/ 11.11 Google Web Fonts This website uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. This may also result in personal data being transferred to the servers of Google LLC. in the USA. In this way, Google becomes aware that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 Letter f of GDPR. If your browser does not support web fonts, a standard font from your computer will be used. In the event that personal data is transferred to Google LLC., based in the USA, Google LLC. certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/ 11.12 Trusted Shops Trustbadge The Trusted Shops Trustbadge is integrated into this website to display our Trusted Shops seal of approval and to offer Trusted Shops membership to buyers after an order. This serves to protect our legitimate interests in the optimal marketing of our offer, which prevail within the framework of a balancing of interests, Art. 6 Paragraph 1 Letter f of GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site. Other personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies. 12. DURATION OF STORAGE The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and - if applicable - also by the respective statutory retention period (e.g. retention periods under commercial and tax law). When personal data is processed on the basis of an express consent in accordance with Art. 6 Para. 1 lit. a GDPR, this data is stored until the data subject revokes his or her consent. If statutory retention periods exist for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 Para. 1 lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided that it is no longer required to fulfill or initiate a contract and/or we have no legitimate interest in continuing to store the data. When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. When processing personal data for the purposes of direct marketing on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (2) GDPR. Unless the other information in this declaration on specific processing situations indicates otherwise, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed. 13. SELF-CERTIFICATION ACCORDING TO ART. 30 PARAGRAPH 1 LIT. E DSA

The seller has undertaken to offer only products and services that comply with the applicable provisions of Union law (self-certification pursuant to Art. 30 para. 1 lit. e DSA).

14. YOUR RIGHTS You have the following rights vis-à-vis us with regard to your personal data:

• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• Right to object to processing,

• Right to data portability.

Please fill out the contact form or send an email to ppgad@pucrs.brYou also have the right to complain to a data protection supervisory authority about our processing of your personal data. 15. CHANGE TO THE PRIVACY POLICY We reserve the right to adapt and change this privacy policy. We will publish changes to the privacy policy on this page. Previous versions of our privacy policy will continue to be available on this page so that you can understand the changes made. CONTACT OF THE DATA PROTECTION OFFICER ppgad@pucrs.br © 2023, Taiga GmbH, Ritterstraße 12-14, 10969 Berlin