Privacy Policy

Privacy Policy Version dated 01/08/2026 With the following information, we would like to provide you with an overview of how we process your personal data and your rights under the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) and the German Federal Data Protection Act (“BDSG”). This Privacy Policy applies to personal data of individuals with whom we enter into contractual or business relationships, as well as to executive bodies, managing directors, key account managers, or other employees of our contractual or business partners whose data we process within the context of existing or prospective contractual and business relationships. This includes, among others, existing or potential suppliers, service providers, customers, consultants, cooperation partners, or other partner companies. 1. Controller and Data Protection Officer The controller responsible for the data processing described in this Privacy Policy within the meaning of the GDPR is: Ticket Vision LLC Saburtalo District - Didi Digomi settlement Micro District III, Building 8 0131 Tbilisi City Phone: +49 177 285 29 63 Email: [email protected] You can contact our internal Data Protection Officer at: Serdal Dincer Didi Digomi settlement Micro District III, Building 8 0131 Tbilisi City Phone: +49 177 285 29 63 Email: [email protected] 2. Sources and Types of Personal Data We primarily process personal data that the data subjects themselves provide to us within the scope of contractual and business relationships or that we receive from the respective contractual and business partners (e.g., from your employees with whom we are already in contact), for example in the context of handling an inquiry or an order. In addition, we process personal data obtained from publicly accessible sources (such as commercial registers, the press, or the internet) or received from third parties (e.g., credit agencies or business partners). We will specifically inform you if personal data is collected from third-party sources. Relevant personal data includes, in particular, personal details (such as name, address, bank details, billing address, tax number/VAT ID) and other contact details (such as phone number and email address). Furthermore, this may also include contract or order data (e.g., sales data, volumes, planned quantities), data arising from the fulfillment of our contractual obligations, information regarding your financial situation (e.g., creditworthiness data), information about your person (e.g., business interests, profession, industry, position, tasks, and authorizations), as well as other data comparable to the aforementioned categories. The scope of the data processed for an individual varies depending on the role in which the person interacts with us, such as their position within the business relationship. 3. Purposes of Processing and Legal Bases We process personal data for the following purposes and on the basis of the following legal grounds: 3.1 Consent In individual cases, we process data because you have expressly consented to it (Art. 6 para. 1 lit. a GDPR), for example for receiving advertising via electronic mail and/or telephone. 3.2 Contract Performance and Pre-Contractual Measures Data processing is carried out for the performance of contracts concluded with you or your employer, or for carrying out pre-contractual measures (Art. 6 para. 1 lit. b GDPR). This includes, in particular: • Purchase and supply contracts (e.g., processing purchase and sales inquiries, authenticating contractual partners, preparing and signing contractual documents, executing purchases and sales, invoicing and processing payments) • Service and work contracts as well as other contractual relationships (e.g., processing and reviewing offers and inquiries, authenticating contractual partners, preparing and signing contractual documents, processing payments, sending informational letters) 3.3 Legal Obligations Further data processing is carried out due to legal obligations (Art. 6 para. 1 lit. c GDPR), for example to comply with tax laws and other legal control and reporting obligations, inspections by tax authorities or other authorities, and compliance with statutory retention periods. 3.4 Legitimate Interests We also process your data to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR), in particular for the following purposes: • Maintaining optimal contact and relationships, including with employees of our business partners • Ensuring the availability and security of our software solutions • Optimizing our business processes, such as maintaining a supplier or prospect database, including within the framework of customer relationship management (CRM) • Centralization or outsourcing of corporate functions • Reducing default risks in our business processes by consulting credit agencies (e.g., Creditreform, Bürgel) and determining score values (profiling), which help us assess the probability of contractual partners fulfilling their payment obligations based on recognized mathematical-statistical procedures • Assertion and defense of legal claims • Market research purposes 4. Recipients of Personal Data Under certain circumstances, your personal data may be disclosed for the purposes stated above; specifically: 4.1 Legal Enforcement and Protection If necessary for investigating or prosecuting unlawful or abusive incidents, personal data may be forwarded to our legal advisors, law enforcement authorities, and, where applicable, injured third parties. This will only occur if there are concrete indications of unlawful or abusive conduct. Disclosure may also take place if this serves to enforce contractual provisions between us and our contractual or business partners. 4.2 Legal Disclosure Obligations We are also legally obliged to provide information to certain public authorities upon request. These include, in particular, law enforcement authorities, authorities prosecuting administrative offenses subject to fines, and tax authorities. 4.3 Affiliated Companies If necessary for processing your inquiry or for concluding or executing a contractual or business relationship with you, as well as in the case of centralized or outsourced corporate functions, your data may be shared with affiliated companies for the fulfillment of the purposes mentioned above. 4.4 External Service Providers Occasionally, we rely on contractually bound third-party companies, cooperation partners, or external service providers located outside the EU or EEA for the fulfillment of the purposes described in this Privacy Policy or for providing our services, such as IT service providers, business consultants, and financial institutions. In such cases, information is disclosed to these companies or individuals to enable further processing. Where recipients are located outside the EU or EEA, we ensure an adequate level of data protection, for example by concluding appropriate contracts with the data recipient. 4.5 Corporate Changes As part of the further development of our business, the structure of our company may change, for example through changes in legal form, the establishment, acquisition, or sale of subsidiaries, business units, or components. In such transactions, customer information may be transferred together with the part of the company to be transferred. Whenever personal data is disclosed to third parties within the scope described above, we ensure that this is done in accordance with this Privacy Policy and applicable data protection laws. 5. Duration of Processing We process your personal data for the duration of your employment with one of our business partners, but no longer than until the final termination of the respective business relationship between us and your employer. Transaction-related information (e.g., concerning a specific contract or order relationship) will be deleted after completion of the respective transaction, such as fulfillment of a supply contract, within three years after the end of the respective calendar year, unless longer statutory retention obligations apply (e.g., six- or ten-year retention periods pursuant to Section 257 of the German Commercial Code). In such cases, the affected data will be blocked from any further processing. 6. Rights of Data Subjects 6.1 Your Rights You have the right to obtain information at any time about the personal data stored about you. Subject to the applicable legal requirements, you also have the following rights: • Right to Rectification: You have the right to request correction of inaccurate personal data concerning you. • Right to Erasure: You may request deletion of your personal data, for example if your data is no longer necessary for the purposes for which it was collected or otherwise processed. • Right to Restriction of Processing: You have the right to request restriction of the processing of your personal data. In such a case, the data will be blocked from further processing. This right exists in particular if the accuracy of the personal data is disputed between you and us. • Right to Data Portability: If we process your personal data for the performance of a contract with you or based on your consent, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, provided that you supplied the data to us. • Right to Withdraw Consent: If you have granted consent to the processing of your personal data, you may withdraw this consent at any time. Withdrawal does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. Furthermore, you may object to data processing for reasons arising from your particular situation. However, this only applies where we process data on the basis of legitimate interests. If you can present such a reason and we cannot demonstrate compelling legitimate grounds for the continued processing, we will no longer process the data for the respective purpose. 6.2 Contact If you would like information about the data stored about you, wish to exercise your other rights, or have questions about data protection, you may contact us using the contact details provided above. 6.3 Right to Lodge a Complaint You also have the right to lodge a complaint at any time with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates data protection regulations. 7. Status and Amendments to this Privacy Policy The continued development of our company may also affect how we handle personal data. We therefore reserve the right to amend this Privacy Policy in the future within the framework of applicable data protection laws and, where necessary, adapt it to changed data processing circumstances. We will inform you separately of any significant substantive changes.