Data protection

1 Table of Contents

2 Preamble

The protection of your personal data is really important to Tantum AG (hereinafter “Tantum”). Therefore, only the data that is absolutely necessary is collected. Tantum manages the data collected with due care and processing only takes place on the basis of the legal provisions of the European General Data Protection Regulation (hereinafter GDPR) and the data protection regulations applicable in Liechtenstein. Below you will be informed in detail, among other things, which of your personal data is collected by Tantum, for what purposes it is used, with whom it is shared and what control and information rights you have.
This data protection declaration applies to all services offered by Tantum in relation to the website tantumpay.com, the Tantum app, mobile applications, application programming interfaces (API) or other services (in short: “Services”). A detailed description of Tantum's services can be found in the general terms and conditions at www.tantumpay.com/agb.
Tantum AG, Landstrasse 114, 9495 Triesen, Principality of Liechtenstein is responsible for processing personal data as part of Tantum’s services within the meaning of the GDPR.

Tantum's data protection officer is CLL Compliance Labs AG, based in 9490 Vaduz, Dr. Grass-Strasse 12. The data protection officer can be reached either by post at the above address or by email at office@cll.li.

Tantum reserves the right to adapt the declaration if necessary. In the event of such adjustments, you should check whether you agree to the changes.

This data protection declaration also applies to persons who do not have a contractual relationship but whose data is processed for other reasons (e.g. persons who write to us or contact us in another way; visitors to our websites; recipients of information and marketing communications; contact persons of our suppliers; Customers and other business partners; participants in competitions, sweepstakes and customer events; visitors to our premises).

Tantum's Services are not intended for minors (i.e., those under 18 years of age), and we do not knowingly collect personal information from minors. If you are under 18 years of age or the age of majority in your jurisdiction, you are not authorized to apply for, register for, or use the Tantum Services.

It is imperative that the personal information we hold about you is accurate and up to date at all times. Failure to do so will impact our ability to provide you with our services. Please let us know if your personal information changes during your relationship with us. For your right to correct the processed data, we refer to Section 3b of the data protection declaration.

Our Services may contain links to third-party websites, plug-ins and applications. If you click on these links or activate these connections, third parties may collect or share information about you. We have no control over these third party websites and are not responsible for their privacy notices, statements or policies.

3 Scope of processing personal data

3.1 Personal Data

Personal data is any information through which a natural person can be identified, directly or indirectly. This includes, for example, name, address, email address, telephone number, date of birth, age, gender, tax identification number. Sensitive data (a particularly protected category of data), such as health data or data in connection with criminal proceedings, are also included.
The company collects, processes and uses your personal data exclusively in accordance with the requirements of Articles 5 and 6 GDPR (contract, legal obligation, legitimate interest or consent of the data subject).
Only such personal data is collected that is necessary for the implementation and processing of our services or that was voluntarily provided by you.

Data processed by Tantum:
• Inventory data (e.g. names, addresses, dates of birth, nationality, user name, password, marital status, title, gender)
• Contact details (e.g. email, telephone numbers, billing address)
• Content data (e.g. text entries, photographs, videos)
• Usage data (e.g. websites visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)
• Technical data (Internet service provider, browser type, browser fingerprint, time zone settings, location, operating system, hardware model, unique device identifier, mobile network information)
• Documents to establish customer identity (passport copy, image data, confirmation of residence)
• Identification data (reference pointer data)
• Payment details (account details, transaction details, payment details)
• Financial information (including information about your assets and information about your financial situation, professional information, information about your tax residence), data from third parties (e.g. providers of certification services, authorities, credit agencies, publicly accessible databases or registers such as the commercial register), which Tantum transmitted lawfully;
• Identification features that are assigned to you (e.g. customer number)
• Risk information that Tantum collects or generates as part of risk management, such as customer data in the context of combating money laundering and terrorist financing (including periodic audit results), customer risk profiles, screening alerts (transaction screening, name screening), tax data;
• Details of our mutual business relationship and the products and services you use, as well as data relating to the fulfillment of our contractual obligations;

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data is derived from your personal data but is not considered personal data within the meaning of the General Data Protection Regulation as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a particular feature of the Site and/or Platform. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we will treat the combined data as Personal Data, which will be used in accordance with this Privacy Policy.

3.2 Sources of Personal Data

We process personal data that we receive from you when contacting you or establishing a contractual relationship or as part of pre-contractual measures (Article 13 GDPR). If the data is not collected from you but from other sources, you will also be informed within a reasonable period of time in accordance with Article 14 GDPR.

3.3 Processing of personal data

The company is subject to professional confidentiality and secrecy obligations that can be derived from data protection law, contract law or professional secrecy. When processing personal data, the company is bound by these obligations. The processing of our users' personal data is limited to the data required to provide a functional website and our content and services. The processing of personal data is therefore carried out (i) to fulfill the contract, (ii) to comply with our legal or regulatory obligations, (iii) to pursue our legitimate interests and (iv) to carry out obligations in the public interest (e.g. to prevent or detect criminal offenses ). Only such personal data is collected that is actually necessary for the implementation and processing of our tasks and services or that you have provided to us voluntarily.

As a rule, personal data is processed on the basis of a contractual relationship, i.e. to establish, manage and implement the contractual relationship. In addition, data processing takes place for the purpose of maintaining and maintaining customer relationships and for self-promotion purposes. In addition, data is processed to comply with our ongoing regulatory and compliance obligations (e.g. conducting audits regarding compliance with legal or regulatory requirements, compliance with anti-money laundering and anti-fraud regulations). Data is also processed for the purpose of protecting the law (e.g. to enforce claims in court or out of court and before authorities at home and abroad or to defend us against claims).

In certain cases, particularly where AML/KYC data is involved, we may even need to exercise our prerogative to terminate our contract with you and therefore withdraw the availability of our services to you, or we may have to if we are still in the application phase, refuse to enter into a business relationship with you. However, we will notify you if this occurs at that time.

3.4 Sensitive Personal Data

Personal data, which are by their nature particularly sensitive to fundamental rights and freedoms, deserve special protection as their processing may give rise to significant risks to fundamental rights and freedoms. If we receive sensitive personal data about you, we will only process that data where there is a legitimate reason and purpose for doing so in accordance with Article 9(2) of the GDPR and in all circumstances in accordance with and in compliance with our legal obligations Protective measures.
We collect and process AML/KYC data to comply with legal and regulatory obligations, where applicable, to carry out our AML and KYC checks and other due diligence checks relating to you, to verify your identity or claimed identity and to identify and/or verify the origin of assets and the economic background of the total assets, if applicable, to carry out a risk assessment of the potential customer relationship, to make an informed decision as to whether we wish to enter into a customer relationship with you, and in the event of a positive to carry out initial and ongoing review and monitoring and to comply with any legal or regulatory obligations we may have and/or any judicial, administrative or executive orders imposed on us.
The processing of photographs is covered by the definition of “biometric data” if they are processed using specific technical means that enable the unique identification or authentication of a natural person. Such personal data should not be processed unless the processing is permitted in the specific cases set out in the GDPR (including consent of the data subject). As part of identification and verification, biometric data (facial scan) is processed as a result of obtaining your consent.

3.5 For identification:

As an identification service provider, PXL Vision AG (Mühlebachstrasse 164, 8008 Zurich) carries out the verification of your ID data as a processor. Your ID data is checked as part of a so-called white label solution, so that the service provider, PXL Vision AG, does not appear. PXL Vision AG treats all data in accordance with the Data Protection Regulation (GDPR) and the Data Protection Act (DSG).
PXL Vision only processes your personal data in Germany, the European Union and Switzerland. Personal data will only be processed outside the European Union (so-called third countries) or outside Switzerland if there is an “adequacy decision” of the European Commission (Art. 45 GDPR), “appropriate guarantees” (Art. 46 GDPR) or “ internal data protection regulations” (Art. 47 GDPR) are available at the recipient.
The data processing (comparing the ID photo and the person recorded during use as well as comparing this data with the existing user data) is carried out on the basis of a contract (Art. 6 Para. 1 lit. b GDPR).

4 Your rights (rights of those affected)

4.1 Right to information

You have the right to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, data transfer (if In the case of data transfer, disproportionate effort is not caused), the origin of your data, if it is not collected by us
as well as the existence of automated decision-making, including profiling. A request for information must be sent to the person responsible in writing together with proof of identity.

After receiving your request for information, you will be informed within the statutory period of 30 days whether your request for information can be complied with. The information can be refused, restricted or postponed if this is required by law or due to the overriding interest of a third party or the requested company.

The request for information can be combined with a request for correction or deletion of data.

4.2 Right to correction or deletion

You have the right to request in writing and free of charge that the data concerning you be corrected or deleted if it is incorrect or has been stored or processed unlawfully. A justified request for correction or deletion must be sent to the person responsible, accompanied by proof of identity.

Your request for correction or deletion will be processed within a reasonable period of time after receipt. The completion of your request for correction or deletion will subsequently be confirmed to you.

Deletion may be contrary to legal regulations under certain circumstances. In such a case, the company will only process your data to the extent necessary to fulfill legal obligations.

4.3 Right to object or withdraw

You have the right to object in writing to the processing of your data in whole or in part or to revoke your consent to data processing. An objection or revocation must be sent in writing to the person responsible together with proof of identification.

Receipt of your objection or revocation will be confirmed to you and the data concerned will subsequently be deleted.

Compliance with an objection or revocation may, under certain circumstances, be contrary to legal regulations. In such a case, the company will only process your data to the extent necessary to fulfill its legal obligations.

4.4 Right to block

You have the right to block data concerning you from being passed on to third parties. An application for blocking must be submitted in writing to the person responsible, accompanied by proof of identity.

Receipt of your request for blocking will be confirmed and your request will be processed within a reasonable period of time.

Under certain circumstances, legal regulations may conflict with a blocking. In such a case, the company will only pass on your data to third parties to the extent necessary to fulfill its legal obligations.

4.5 Right to complain

If you believe that our processing of your personal data contradicts the applicable data protection regulations, you have the right to lodge a complaint with the responsible Liechtenstein supervisory authority. You can also contact another supervisory authority in an EU or EEA member state, for example at your place of residence or work or at the place of the alleged violation.
The contact details of the data protection office responsible in Liechtenstein are as follows: Liechtenstein Data Protection Office
Staedtle 38
PO Box 684 LI-9490 Vaduz
+423 236 60 90
info.dss@llv.li

5 Collection of general data and information

We carry out our own web analyzes on our website and services. Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:
• Information about the browser type and version used
• Operating system used
• Device type
• Referral URL (the previously visited website)
• Host name of the accessing computer (IP address)
• The identification number of your device (UDID)
• Date and time of the server request
• Amount of data transferred
• Notification of successful retrieval

We store this information for a maximum period of six months. The storage takes place for reasons of data security in order to ensure the stability and operational security of our system. The data is used internally for forensic investigations in the event of hack attacks or for other security-relevant analyses. In this way, we guarantee the security of your data on our systems and ensure that, in suspected cases, countermeasures are quickly taken to protect your data. Otherwise, the aforementioned visitor and usage data will not be evaluated. Likewise, this data will not be merged with others.

The legal basis for the lawfulness of data processing is Art. 6 Para. 1 lit. b GDPR, since Tantum requires the automatically collected data in the course of the pre-contractual legal relationship with a view to the effective provision of the website, as well as Art. 6 Para. 1 lit. f GDPR , as storage serves Tantum's legitimate interest in ensuring the stability and security of the website.

5.1 Google Analytics

We use Google Analytics to analyze the use of the website www.tantumpay.com. The data obtained from this is used to optimize our website and advertising measures.
If you have given your consent, Google Analytics, a web analysis service provided by Google LLC, will be used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, we have concluded an order processing agreement with Google. Google Analytics is a tracking tool that is used to analyze traffic on our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you take on our website. Google Analytics uses cookies that enable your use of our websites to be analyzed. The information collected by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.
According to Chapter 5 of the GDPR, the transfer of personal data to a third country outside the EU or EEA requires certain guarantees to ensure that the data in these countries receives protection equivalent to that of the EU/EEA area. Data transfer to the USA is ensured by the EU Commission's decision (2023/4745) of July 10, 2023 regarding the so-called EU-US Data Privacy Framework (DPF).
This enables the transfer of data to US companies or organizations that have a valid DPF certification. Google LLC is one of the DPF-certified companies (https://www.dataprivacyframework.gov/s/participant-search).
We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.

During your website visit, the following data, among others, is recorded:
• Pages viewed
• Achieving “website goals” (e.g. contact requests)
• Your behavior on the pages (e.g. length of stay, clicks, scrolling behavior)
• Your approximate location (country and city)
• Your IP address (in shortened form so that a clear assignment is not possible)
• Technical information such as browser, internet provider, device and screen resolution
• Source of origin of your visit (i.e. which website or advertising medium you came to us from)
Personal data such as name, address or contact details are never transferred to Google Analytics.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
If you do not agree to the collection, you can prevent Google from processing the data by not giving your consent to the setting of the cookie or by downloading and installing the browser add-on to deactivate Google Analytics.
The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there. In addition to consent, we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in analyzing the behavior of website visitors and thus improving our offering technically and economically. Google Analytics is only used if consent has been given.
Further information about the terms of use of Google Analytics and data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/de/.

5.2 Use of Google Remarketing

If you have given your consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR, Google Analytics Remarketing, an advertising analysis tool, will be used on this website. Visitors to the website are included in lists through which these potential customers can be contacted again. To retarget visitors to a website or other content, personalized advertising campaigns (usually display ads) are created to reach visitors who are already familiar with a brand or certain products and therefore have a much higher willingness to purchase. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For more information on data processing and transmission as well as anonymization, see “Google Analytics” above.
The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 lit.a GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings and changing your selection there. In addition to consent, we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in analyzing the behavior of website visitors and thus improving our offering technically and economically.
This option is limited to a maximum of 18 months.

Further information can be found in Google's privacy policy

5.3 Matomo

For web-based solutions and within the mobile applications for iOS and Android operated by Tantum, we use the open source software “Matomo” to analyze and statistically evaluate the use of the services. We therefore collect personal data via Matomo and pass it on to the provider. A corresponding contract for order data processing in accordance with Art. 28 GDPR has been concluded.
With “Matomo” no data is transmitted to servers that are outside of Tantum’s own AWS structure. The collected data will not be passed on to third parties.
Cookies are used to analyze the use of the website. The information about usage obtained through the cookies is transferred to the server and summarized in pseudonymous usage profiles. Your IP address is anonymized so that we have no technical way of identifying you as a registered user. An assignment to individual users is therefore not possible.
We would like to further improve the website and adapt it even more to the needs of users.

The data is processed on the basis of Article 6 Paragraph 1 Letter a GDPR. You can withdraw your consent at any time by deleting cookies in your browser or changing your privacy settings.
If you agree to web analysis using Matomo, the following data will be stored:
• Location
• Country
• Language
• Device
• Device type
• Device model
• Device brand
• Screen resolution
• Software
• Operating system
• Browsers
• Miscellaneous
• Transaction code
• Time stamp

Further information can be found at https://matomo.org/privacy/.

6 Data Security

When visiting our website, we use the common SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page is transmitted encrypted by the closed display of the key or lock symbol in the address bar of your browser. In addition, we use other appropriate technical and organizational security measures (e.g. encryption, access restrictions, access restrictions and reviews, confidentiality agreement, employee training) to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

7 cookies

We use cookies on our website to obtain information about the use of our website and thus to make our offering user-friendly. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookies remain stored until you delete them. This allows us to recognize your browser the next time you visit. If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and allows you to allow them in individual cases. However, we would like to point out that deactivation will mean that you will not be able to use all functions of our website.

When using the company's website, access data (e.g. log files, IP address, date and time of access, name of the file accessed, access status, top level domain, web browser used, operating system used) is stored. The company uses this data for statistical purposes as well as for technical evaluations, to optimize the server infrastructure, to determine access frequencies and finally to be able to draw conclusions to improve user-friendliness and functionalities

The following cookie types and functions are distinguished:
• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
• Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users, which are used to measure reach or for marketing purposes, can also be stored in such a cookie.
• First-party cookies: First-party cookies are set by the company itself.
• Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
• Statistics, marketing and personalization cookies: Cookies are also generally used as part of reach measurement and when the interests of a user or their behavior (e.g. viewing certain content, using functions, etc.) on individual websites in one User profile can be saved.
Such profiles are used, for example, to show users content that corresponds to their potential interests. This process is also referred to as “tracking”, ie tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our data protection declaration or when obtaining consent.
Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you agree to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in operating our offering and improving it) or if the use of cookies is necessary to fulfill our contractual obligations.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies ( collectively referred to as “opt-out”). You can first declare your objection using your browser settings, for example by deactivating the use of cookies (which may also limit the functionality of our online offering).

Processing of cookie data based on consent: Before we process or have data processed as part of the use of cookies, we ask users for their consent, which can be revoked at any time. Before consent has been given, cookies may be used that are necessary for the operation of our online offering. Their use is based on our interest and the interest of the users in the expected functionality of our online offering.

• Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Data subjects: users (e.g. visitors to a website, users of online services).
• Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 lit. f. GDPR).

8 Use of social media plugins

No social media plugins are currently used on this website.

9 Integration of third-party software, scripts and frameworks

We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the user and can process it for the purpose of transmitting the software to the user's browser as well as for security purposes and to evaluate and optimize their offer.
• Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos). ).
• Data subjects: users (e.g. visitors to the website, users of online services), communication partners.
• Purposes of processing: user-friendliness, contact requests and communication, direct marketing (e.g. via email or post), tracking (e.g. interest/behavioral profiling, use of cookies), interest-based and behavioral marketing, profiling (creating user profiles), contractual services and service.
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
The following third-party software, scripts or frameworks are used:
We use WordPress plugins: Contact Form 7 is a WordPress plugin (https://de.wordpress.org/plugins/) and can manage numerous contact forms and flexibly customize the form and email content with simple markup. The form allows Ajax supported submission, CAPTCHA, Akismet spam filtering and so on. Further information about WordPress can be found at https://de.wordpress.org/plugins/contact-form-7/. The data protection declaration can be found at https://de.wordpress.org/about/privacy/.

• Below are other WordPress plugins we use:
• Auto Delete Applications – Add-on for WP Job Openings
• Avada Builder
• Avada Core
• Contact Form 7
• Docs Viewer Add-On for WP Job Openings
• Duplicator
• Elegant Elements for Fusion Builder
• FileBird Pro
• GDPR Cookie Consent
• LiteSpeed Cache
• Loco Translate
• Matomo Analytics – Ethical Statistics. Sustainable insights.
• Really Simple SSL
• Redirection
• Simple Floating Menu
• TranslatePress – Multilingual
• Weglot Translate
• WP job openings
• WPForms Lite
• Yoast SEO
• Yoast SEO Premium

Viewport Meta: The size of the display available on mobile devices is generally referred to as a viewport (German: viewing window, viewing opening). This can be, for example, the display of a smartphone, tablet or phablet. However, the term viewport has a more specific meaning as a meta element in HTML5 and is an important part of mobile optimization. It is used to make optimal use of the size of the display by scaling the content to be displayed. The Viewport meta element ensures that the content is displayed correctly and, above all, completely and legibly. This is done by adjusting the width and length of a website so that a mobile browser can optimally display that page. The ability to zoom into a website can also be defined with the viewport element. Mozilla Corporation, Attn: Legal Notices – Privacy, 331 E. Evelyn Ave, Mountain View, CA 94041, Email: compliance@mozilla.com, https://developer.mozilla.org/de/ ; or https://developer.mozilla.org/de/docs/Mozilla/Mobile/Viewport_meta_tag. The data protection declaration can be found at https://www.mozilla.org/de/privacy/websites/.

The person responsible has integrated components of Microsoft Office 365. Office 365 is the cloud-based version of the Office application package from Microsoft Corporation.
This includes well-known programs such as Outlook (personal data that is processed when using Outlook is used to carry out electronic communication that is necessary to fulfill work obligations), Word, Excel, PowerPoint, Access and Publisher, as well as cloud storage -OneDrive service. Another Microsoft Office 365 service is Microsoft TEAMS. This service enables multiple users to work together on files and documents at the same time.
The prerequisite for using Microsoft TEAMS is that all users are registered in the same domain and therefore belong to the same organization. Linking Microsoft TEAMS with Microsoft Sharepoint makes it possible to share the content developed in Microsoft TEAMS with external users and thus address a broader audience. This requires active approval by the Office365 user.
The operating company of Microsoft Office 365 is Microsoft Corporation, 1 Microsoft Way, Redmont, WA 98052, USA. Microsoft processes Customer Data, Professional Services Data and Personal Data only as follows: (a) to provide the Products and Services to Customer in accordance with Customer's documented instructions, and (b) for Microsoft's business activities related to the provision of the products and services to the customer. Customer reserves all right, title and ownership in and to Customer Data and Professional Services Data.
Microsoft acquires no rights to the Customer Data or Professional Services Data, except for the rights that Customer grants to Microsoft. The applicable data protection regulations of Microsoft Office 365 are available at https://www.microsoft.com/de-de/trustcenter/privacy/we-set-and-adhere-to-stringent-standards.

10 Use of contact details

The use of contact details published as part of the imprint obligation to send unsolicited advertising and information materials is hereby objected to. We expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, such as spam emails.

11 Hosting and email delivery

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services, which we use for the purpose of operating this website.

12 Transfer of personal data to third parties

Personal data may be disclosed to third parties who act on behalf of Tantum to process the personal data in accordance with their underlying purpose, for example the fulfillment of the services offered, evaluation of user behavior on the website or technical support. These third parties are contractually obliged by Tantum, through agreements provided for by law, to use personal data only for the agreed purpose or not to disclose your personal data to other parties without authorization, unless this is required by law. If you would like further information about Tantum's processors, please feel free to contact us at the address given in Section 1. If other categories of recipients of personal data arise as part of future data collection, Tantum will inform you of this at the time this information is collected for this purpose.

When we provide you with services, we share personal information with people involved in the transaction (e.g. banks).

We would also like to inform you that the company may obtain information about you from third parties as part of its business activities and to fulfill legal due diligence obligations.

Personal data may in particular be passed on to the following third parties:

12.1 External Third Parties.

Suppliers and external agencies that we engage to process information on our and/or your behalf, including to provide you with the information and/or materials you have requested.

Our subsidiaries, partners and agents as necessary to facilitate your relationship with us.

The Liechtenstein Tax Administration, the Data Protection Authority, supervisory authorities, law enforcement authorities and other authorities that may require reporting of processing activities or request information from us under applicable law and in certain circumstances.

Professional advisors such as consultants, bankers, professional liability insurers, brokers and auditors.

Other organizations when the exchange of information is intended to protect against fraud or reduce credit risk.

Debt collection agencies that support us in collecting debts.

Third parties to whom we may sell, transfer or merge parts of our business or assets (successors). Alternatively, we may seek to acquire or merge with other companies. If our business changes, the new owners may use your personal information in the same way and for the same purposes as set out in this policy.

Disclosure of personal data may be necessary in the following circumstances:
if we are required to disclose or share your personal information in order to comply with a legal obligation, judgment or order of a court or authority, or if we believe that your actions are inconsistent with our terms and conditions or policies, or to protect the rights, property and safety of TANTUM or others, or in connection with or during negotiations of any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company; or where we have your consent or at your direction.

We may also share aggregated or de-identified information that cannot be used to identify you.

The company only transfers your personal data to countries that the EU Commission has certified as having an adequate level of data protection. If the company transfers your personal data to countries that do not have an adequate level of data protection, the company will take measures to ensure the protection of your data by agreeing to the standard contractual clauses (2010/87/EC[2 ] and/or 2004/915/EC[3]).

The data collected as part of the identification and verification process is processed by PXL Vision AG (Rautistrasse 33, 8047 Zurich) to further develop your complex analysis algorithms (development purposes / Art. 13 Para. 4 GDPR).

For this type of data processing, separate consent is required in accordance with Art. 9 Para. 2 GDPR. This consent can be revoked at any time by sending an email to privacy@pxl-vision.com. The revocation does not affect the lawfulness of the processing that has taken place up to that point. PXL Vision AG carries out the further development of your complex analysis algorithms on its own responsibility, specifies the means and purpose of the processing itself and is therefore classified as the person responsible for this type of data processing within the meaning of the General Data Protection Regulation (GDPR). As part of the onboarding process, separate consent is obtained by Tantum on behalf of PXL Vision AG. PLX Vision AG therefore enters into a direct business relationship for this type of data processing with the customer and there is no order processing in which Tantum acts as the controller.
The data protection declaration can be found at https://www.pxl-vision.com/de/privacy-policy-analytics. Data protection inquiries can be sent by email to privacy@pxl-vision.com.

13 Protection of personal data

The company takes appropriate technical and organizational measures both with regard to data processing and data storage as well as with regard to its website to protect all data from loss, unauthorized access or misuse.

Regardless of the measures taken to protect data, you must be aware that data transmission over the Internet - this applies to both websites and email services - is uncontrolled and cross-border. Even if the sender and recipient are in the same country, cross-border data transfer may occur. The company cannot therefore guarantee the confidential treatment of data transmitted via the Internet. If you disclose personal information over the Internet, you must be aware that third parties may access, read, modify, falsify, monitor, destroy or misuse the information. Data transmission can also be delayed. In addition, the data can be lost during transmission. Furthermore, third parties could draw conclusions about existing business relationships. Therefore, the company cannot assume any responsibility for the security of your data during transmission over the Internet and declines any liability for direct or indirect damage.

14 Storage and retention of personal data

The company's systems required for data processing are located in Liechtenstein and Germany. The data you transmit will be stored in accordance with the statutory deletion and retention periods and will remain stored for as long as this is operationally necessary or required by law. You can find a list of the most important deletion and retention periods under the following link from the data protection office: https://www.datenschutzstelle.li/application/files/4415/3719/5024/Rechtliche_Loesch-
_and_retention periods.pdf

In the case of contracts, we store the data at least for the duration of the contractual relationship. It should be noted that our business relationship is a long-term obligation.

We also store personal data if we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend against claims, for archiving purposes, to ensure IT security or if limitation periods for contractual or non-contractual claims are running. For example, a limitation period of ten years often applies, and in some cases also of five years or one year.

We also keep your personal data for as long as it is subject to a legal retention obligation (e.g. fulfillment of commercial and tax retention obligations or fulfillment of retention obligations of 10 years in accordance with money laundering legislation).

After the specified deadlines have expired, we will delete or anonymize your personal data.

A main focus of Tantum AG is to ensure a high level of protection for minors. In order to counteract attempts at misuse by using the same telephone number again, it remains stored in the internal core system. Access is handled restrictively and limited to two people.

15 newsletters

You have the option of subscribing to our newsletter via the Tantum website. For this we need your email address and your declaration that you agree to receive the newsletter.
You can cancel your newsletter subscription at any time.

16 Automated decision making and profiling

If the identification and biometric data are successfully compared, an automatic decision is made about the user's identity with the documents they have scanned. This decision is not based on the user's personal characteristics, such as age, gender, interests, knowledge, etc., but solely on the algorithmic comparison of the image files and the comparison of the identification data. Profiling does not take place.

We partially process your data automatically in order to evaluate certain personal aspects (profiling). Due to legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and crimes that endanger assets. Data evaluations are also carried out (including in payment transactions). These measures also serve to protect you.

17 Contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us in order to process the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

The data entered into the contact form is therefore processed exclusively on the basis of your consent. You can revoke this consent at any time. All you need to do is send us an informal message by email (the contact details are provided in this declaration). The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The comments are saved based on your consent. You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

18 Data collection from job applicants

By submitting your application documents, you agree that personal data will be processed for the purpose of our personnel selection. This data includes name, title, address, telephone number, date of birth, education, professional experience, salary expectations as well as those data and images that are included in the cover letter,

contained in the CV, motivation letter, certificates or other documents sent to us.

Your data will not be passed on to third parties without your consent. There is also no automated decision-making according to Art. 22 GDPR. Data processing is carried out on the basis of the legal provisions of Article 6 Paragraph 1 Letter a (consent) and Letter b (necessary to fulfill the contract) of the GDPR. If there is no employment, we will delete your data within 6 months in order to be documented for any legal proceedings. At your request, we will delete the data immediately if the application process does not lead to employment.

19 file downloads

We do not require you to provide any personal information so that you can download files from our website.

20 contact

If you contact us by e-mail or other electronic message, your details will only be saved to process the request and possible related questions and will only be used in the context of the request. The legal basis for processing your request is Article 6 Paragraph 1 Sentence 1 Letter b GDPR. We will delete your email address after completing your request.

If you have any questions about data protection and data processing, please contact the person responsible or the data protection officer in writing.