We respect your privacy and are committed to protecting your data. In particular, we would like to inform you with this privacy policy about the purposes for which we process the personal data you provide with your application documents, how this data is collected and processed and to what extent it is passed on to third parties. We also explain what rights you have in relation to this data and provide you with useful contact details if you have any questions or concerns.

You can apply for vacancies or send us an unsolicited application in two ways:

1) By e-mail to our recruitment team.

The exact address of your contact person from our recruitment team can be found in the respective job advertisement.

2) Via our career portal on the website https://career5.successfactors.eu/careers, (hereinafter referred to as "career portal") is provided by beeline GmbH (hereinafter referred to as "we", "our" or "us").

In the case of telephone applications, applicants are requested to use one of the methods described above.

Your information provided by e-mail or in the career portal is initially received and processed by beeline GmbH, Grünstraße 1, 51063 Cologne, irrespective of which beeline company has published the job advertisement. This is where the central recruitment team works for all affiliated companies worldwide.

beeline GmbH is jointly responsible for data processing with the specific beeline company (see attachment) for whose position you have applied, whereby the tasks are distributed as follows:

beeline GmbH

- Participation in the recruitment strategy and objectives of the beeline companies

- Receipt and storage of applications in SuccessFactors

- Pre-selection and, if necessary, forwarding of applications to responsible persons

- Selection, operation and maintenance of the career portal and, if applicable, other tools, including the conclusion of corresponding (order processing) contracts, also for the beeline companies

- Fulfillment of information obligations

- Implementation of the extinguishing concept

beeline group

- Processing of forwarded applications in accordance with the respective requirements

- Fulfillment of information obligations

- Conducting job interviews

- Decision on hiring/rejection

- In the event of recruitment: forwarding the data to the HR department

Both

- Determination of the purpose of data processing

- Determination of the categories of personal data

- Guaranteeing the rights of data subjects

- Documentation and implementation of technical and organizational measures (TOM)

- Risk assessment and (if necessary) implementation of data protection impact assessments (DPIA), as well as coordination with the supervisory authorities,

- Documentation of the record of processing activities

- Assessment and communication in the event of data breaches.

The purpose of data processing in recruiting is to fill vacancies at all responsible parties through coordinated application management.

The personal data that you provide in the career portal or otherwise during an application process will generally only be processed for the purpose of assessing your suitability, expertise and profile in relation to the job advertisement in question or - in the case of unsolicited applications or talent pool eligibility - in relation to unspecified and/or future job advertisements and to involve you in application procedures, including e.g. job interviews.

If an application procedure leads to recruitment, the company responsible will process your data for the purpose of drawing up the contract and include it in your personnel file.

If you have consented to this, we will use your e-mail address to inform you about new vacancies or news about career opportunities. We also use your contact details to invite you to take part in a voluntary, anonymous online experience survey once your application process is complete, with the aim of understanding areas for improvement in the application process and enhancing the quality of the experience for future applicants.

Your application as a process (but not your documents) is also included anonymously in statistics and evaluations that enable us to determine the use of the portal, the popularity of job descriptions, etc.

If you choose the route via our career profile, it is necessary to provide at least your first and last name, your e-mail address and your country of residence in order to create an applicant profile. You can also voluntarily provide further job-related information to complete your applicant profile in the career portal.

Regardless of whether you apply via the career portal or by other means: To enable us to involve you in application procedures, you will need to submit standard and informative application documents to tell us about your personality profile and qualifications. This regularly includes your contact details as well as, for example, information about yourself, your skills and your career in your cover letter, CV, references and in job interviews.

In the course of the application process, further personal data may be collected from you personally, from generally accessible sources or from former employers and trainers for information purposes.

If necessary, your information from the application process may also contain so-called special categories of personal data within the meaning of Art. 9 GDPR, such as information about your health, marital status, which may provide information about your sex life or sexual orientation, or your ethnic background. We would ask you to only transmit such data if it is absolutely necessary.

We also use your e-mail address to inform you about new vacancies or news about career opportunities if and as long as you have activated the corresponding notification functions in the career portal and thus consented to receiving them.

We also use your name and e-mail address to invite you to take part in a one-off voluntary and anonymously processed online experience survey following your application.

In principle, the processing of your application data is necessary in order to be able to decide on the establishment of an employment relationship. The legal basis for this is Art. 88 GDPR in conjunction with Art. 6 para. 1 lit. b) GDPR.

The processing of your personal data as part of the application via the application portal is based on Art. 6 (1) lit. a GDPR. This legal basis enables the processing of personal data if the data subject has given their consent to the processing of their personal data for one or more specific purposes.

As part of the application via the application portal, you will be asked to submit a corresponding declaration of consent that you agree to the processing of your personal data in accordance with the descriptions in this privacy policy.

You can revoke your declaration of consent at any time with effect for the future. However, further processing of your application is no longer possible in this case.

If you activate the application modes Consideration for all open positions worldwide or Consideration for all open positions worldwide by selection, we assume that you thereby consent to the transfer of your personal data to other companies of the beeline Group, including those in third countries. You can deactivate these application modes at any time.

If you have activated the job notification or career news functions, we assume that you consent to the sending of job notifications or news about career opportunities to the e-mail address you provided when creating the applicant profile. You can deactivate these notifications at any time.

If an application procedure leads to employment, we will include your application documents in your personnel file on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

The processing of your name and e-mail for the purpose of inviting you to participate in a voluntary, anonymous experience survey after completion of your application process is based on our legitimate interest (Art. 6 para. 2 lit. f GDPR) in using the technology and usability of a market-leading platform to obtain aggregated information for business development. You can object to the processing of your contact data for the purposes of surveys at any time by sending an email to learninganddevelopment@beeline-group.com.

The application documents you provide will be evaluated by the responsible departments in the company or by other companies in the beeline Group, as described above.

Depending on which application mode you choose, different employees of the beeline group of companies will have access to your data:

- If you apply by e-mail to the e-mail address of your contact person from the job advertisement: Your data will be used to fill the positions for which you have applied. In this case, only the beeline employees involved in the selection process for these positions will have access to your data. If necessary, further consideration for positions worldwide will be coordinated with you.

- Request indicated in the career portal for "consideration for all vacancies worldwide": Your data will be passed on within the beeline group of companies worldwide to fill vacancies. All employees of the beeline group of companies who are generally entrusted with the task of filling vacancies or would like to fill a vacancy will have access to your data.

- Request indicated in the career portal for "consideration for all vacancies within the country of my place of residence": Your data will be passed on to fill vacancies at beeline companies within your country of residence. All beeline employees in the respective country who are generally entrusted with the task of filling vacancies or would like to fill a vacancy will be given access to your data.

- Request indicated in the career portal for "consideration for positions for which I have expressly applied": Your data will only be used to fill the positions for which you have applied. In this case, only the beeline employees involved in the selection process for these positions will have access to your data.

Your personal data is also processed by our own service providers (e.g. IT service providers, e.g. SAP for SuccessFactors and the Qualtrics survey tool or Microsoft for our email service). We have contractually obligated these service providers as so-called processors to process data strictly in accordance with our specifications and instructions and to provide comprehensive technical and organizational protection for this data.

Third country transfers:

While your data will be stored on servers located in the European Union, please note that your personal data may be transferred to employees located in a country with a lower level of data protection, namely if your application concerns a beeline company that is not located in the European Union ("EU") or the European Economic Area ("EEA"). In addition, our service providers may transfer selected data to affiliated companies or service providers in third countries.

In these cases, beeline ensures that an adequate level of protection for your data is guaranteed, e.g. by concluding specific agreements with these parties. beeline applies the EU standard contractual clauses to such transfers as far as possible.

If the application was made via the career portal, we will delete your data (if you do not register or update your applicant profile) 6 months after the last update or submission of an application. Something else only applies if you have specifically and voluntarily consented to a longer storage period.

If the application procedure does not lead to your recruitment, we will delete and destroy all your applicant data as soon as a period of six months has elapsed after the final rejection by you or by our company.

We will also delete your personal data that we process as part of the invitation to experience surveys as well as the individual survey results after 6 months at the latest.

If you revoke your consent to the processing of your personal data or object to it with regard to experience surveys, your data will be deleted immediately; an anonymized data set (without your application documents or your survey result), which does not allow any conclusions to be drawn about you, will remain for statistical purposes.

If your application is successful, we will also store your data in our systems for the purposes of the employment relationship.

Insofar as we process your personal data, you are entitled to various data protection claims against us. You have the right to

- to request information about the personal data stored about you and its origin, the purpose of processing and the recipients or categories of recipients of the data (Art. 15 GDPR, Section 34 BDSG),

- under certain conditions, to demand that we rectify, block or erase your personal data (Art. 16 - 18 GDPR, Section 35 BDSG),

- to request the transfer of your data to another controller (Art. 20 GDPR) and

- to lodge a complaint with us or the competent data protection authority about the data processing (Art. 77 GDPR). In our case, this is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.

- You also have the right to object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6 para. 1 sentence 1 f) GDPR). As we do not process your data for advertising purposes, this requires a reason arising from your particular situation. In the event of an objection, we will no longer process your personal data to which the objection relates from receipt during the subsequent review and will delete it after completion of the review - if the objection is justified (Section 36 BDSG, Art. 21 GDPR).

We will fulfill all rights to which you are entitled free of charge and without delay.

The controllers may designate a contact point to which data subjects can turn to assert their rights under the GDPR. To exercise your rights, simply send an email to DataProtectionOffice@beeline-group.com or, if you are based in Germany, to our external data protection officer at datenschutz.beeline@two-towers.eu or by post to

Two Towers Consulting GmbH & Co. KG
Hohenzollernring 51
50672 Cologne
Germany

Irrespective of this agreement, you can always assert your rights against any of the controllers.

The responsible parties shall inform each other immediately of any claims asserted by data subjects and provide each other with all information necessary for processing.

- You can revoke your consent to data processing (Art. 6 para. 1 sentence 1 lit. a GDPR) at any time; we will then no longer process your personal data unless we are legally permitted to do so. Please send your revocation to jobs@beeline-group.com.

A justified objection and revocation have no influence on data processing operations that have already taken place.

We reserve the right to amend this privacy policy at any time so that it always complies with current legal requirements or to reflect changes to the application process or similar. The new privacy policy will then apply when you visit the applicant portal again or submit a new application.


Status: February 2024

In this Privacy Policy, "beeline", "we", "us" and "our" means any legal entity with which you have a relationship.

This privacy policy applies to the following companies:

• beeline GmbH

• beeline Concessions GmbH

• beeline Concessions B.V.

• beeline Czech Republic s.r.o.

• beeline Concessions S.A.R.L.

• beeline Concessions GmbH

• beeline Log. Ltd.

• beeline Log. Immob. Ltd.

• UB Holding GmbH

• UB Real Estate GmbH

• beeline Hungary Kft.

• beeline Ireland Accessories Limited

• beeline Italy S.r.l.

• beeline Concessions B.V.

• beeline Poland Sp.zo.o.

• Direkte Linie Concessions - Sociedade Unipessoal Lda.

• beeline Slovakia s.r.o.

• beeline Concessions SLU

• beeline Concessions Switzerland GmbH

• beeline UK Accessories Ltd.

• beeline Canada Accessories Inc.

US Holding

• beeline USA Inc.

• beeline Import and Services LLC

• beeline Logistics LLC

China

• beeline Services Qingdao Co. Ltd.

Our business customers and suppliers include existing or potential suppliers, service providers or consultants as well as existing or potential partner customers, cooperation partners or other partner companies.

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under the General Data Protection Regulation (Regulation (EU) 2016/679 - "GDPR") as well as the Federal Data Protection Act ("BDSG") and any local data protection laws.

This Privacy Policy applies to personal data of persons with whom we enter into contractual or business relationships, as well as of contact persons, managing directors, key account managers or other employees of our contractual or business partners, which we process in the context of existing or prospective contractual and business relationships. Personal data of ostensibly uninvolved parties, such as shareholders or beneficial owners of our business partners or employees of our business partners named in the context of whistleblowing, may also be affected by data processing by us.

The processing of purely company-related data (e.g. beeline GmbH, Grünstraße 1, Cologne) is not subject to the GDPR and is therefore not covered by this privacy policy.

You can reach our central data protection team at:

Address: beeline GmbH, Data Protection - Legal/Compliance, Grünstraße 1, 51063 Cologne, Germany

E-Mail: DataProtectionOffice@beeline-group.com.

We have also appointed an external data protection officer for beeline GmbH and beeline Concessions GmbH.

For concerns regarding beeline GmbH and beeline Concessions GmbH, please contact us at datenschutz.beeline@two-towers.eu.

We primarily process personal data that the data subjects provide to us themselves in the context of contractual and business relationships or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact), for example in the context of processing an inquiry or an order.

We also process personal data that we collect from publicly accessible sources (e.g. commercial register, press, internet) or receive from third parties (e.g. auditors). We will make separate reference to the collection of personal data from third-party sources.

Relevant personal data are in particular

• Personal details, e.g. surname, first name, address,

• Personal data, e.g. profession, position, tasks and powers, nationality;

• business contact details, e.g. address, telephone number, e-mail address;

• Contract initiation data, including product, performance and quality assessments

• Contract or order data, e.g. sales data, time sheets,

• Billing data, including bank details, tax number/USt ID;

• Data from the fulfillment of our and your contractual obligations;

• Data in connection with the prevention of criminal offenses, such as fraud, cybercrime or money laundering, and whistleblowing, including behavioral data, if applicable

• Information about your financial situation (e.g. creditworthiness data);

• If applicable, log-in data for tools used by you in cooperation with beeline;

• other data comparable with the above categories.

The scope of the data processed for a person varies depending on the role in which the person appears to us (e.g. the person is a supplier or an employed contact person or a beneficial owner of a contractual partner).

We process personal data for the following purposes on the basis of the following legal bases:

In individual cases, we process data because you have expressly consented to this (Art. 6 para. 1 lit. a GDPR), for example to receive advertising by electronic mail and/or telephone;

Data processing is generally carried out for the performance of contracts concluded with you or your employment company or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR); this includes in particular:

• Purchase and supply contracts, e.g. processing of purchase and sales inquiries, authentication of contractual partners, preparation and signing of contractual documents, execution of purchases and sales, integration into internal operational management, e.g. through access to our intranet or other platforms used by beeline, communication, also in the context of video conferences using appropriate tools, invoicing and processing of purchase price payments;

• Service and work contracts as well as other contractual relationships, e.g. processing and viewing of corresponding offers and inquiries; authentication of contractual partners, preparation and signing of contractual documents, processing of payments; integration into internal operational management, e.g. device management or through access to our intranet or other platforms used by beeline, communication, also in the context of video conferences using appropriate tools, sending of information letters

Further data processing is carried out on the basis of legal requirements (Art. 6 para. 1 lit. c GDPR), in particular to fulfill and comply with

• tax and other statutory control and reporting obligations, as well as for audits by tax or other authorities;

• statutory retention periods;

• legal obligations with regard to product quality and risk management, including the obligation to inspect and audit;

• legal obligations with regard to delivery and storage, e.g. customs regulations and maintaining an inventory management system;

• Residence matters;

• legal obligations in connection with various compliance areas, e.g. data protection, combating fraud and money laundering, whistleblowing, supply chain diligence;

• COVID measures and other statutory health protection requirements;

We also process your data to protect our legitimate interests (Art. 6 para. 1 lit. f GDPR), namely for the following purposes:

• optimal contact support/relationship, also with regard to the employees of our business partners;

• Optimization of our business processes, e.g. through internal reporting, keeping lists of suppliers or interested parties, also as part of customer relationship management;

• Internal Group controlling processes;

• Centralization or outsourcing of corporate functions;

• Reducing the risk of criminal offences as part of visitor management or through other organizational or technical measures suitable for this purpose;

• Reduction of default risks in our business processes by consulting credit agencies (such as Creditreform, Bürgel) and determining score values (profiling), which help us to assess the probability of contractual partners meeting their payment obligations in accordance with the contract on the basis of a recognized mathematical-statistical procedure;

• Assertion and defense of legal claims;

• Market research purposes.

Under certain circumstances (in addition to the cases already mentioned above), your personal data may be passed on for the above-mentioned purposes; in detail:

• Personal data is transmitted to other companies in our group of companies. The exchange between different companies of the beeline Group takes place on the basis of corresponding contracts and, if necessary, additional technical or organizational security precautions. Essential internal procedures take place centrally at beeline in Germany and are located at beeline GmbH.

• Information required for the processing of existing contracts is passed on to customers and suppliers.

• Information is passed on to contractually affiliated external service providers, e.g. logistics companies, IT service providers and providers of digital tools that we use as part of the execution of the contract, economic, tax and other consultants, financial institutions, or transmitted directly by you to enable them to continue processing.

• If it is necessary to investigate or prosecute unlawful or abusive incidents or to enforce contractual provisions between us and our contractual and business partners, personal data will be forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties.

• We are also legally obliged to provide reports, notifications or information to certain public authorities. These are primarily tax authorities, customs and law enforcement authorities, authorities that prosecute administrative offenses subject to fines.

• In the event of reorganizations or business restructurings, including financial restructurings, bankruptcies, M&A transactions, mergers, acquisitions, spin-offs, joint ventures, assignments, sale or disposal of companies or parts of companies, etc., personal data may be disclosed to the buyer, the seller, law firms and other consulting firms, liquidators, banks and other financial institutions, rating agencies and similar organizations. We will always carefully consider the necessity of such transfers and take measures (e.g. anonymization, pseudonymization or aggregation procedures) to reduce the amount of personal data in such cases to what is strictly necessary.

• In order to enable the digital signing of documents, such as contract documents, and to simplify processes within the organization, beeline uses the online application "DocuSign" (DocuSign, Inc. 221 Main Street, Suite 1550San Francisco, CA 94105) where the legal formal requirements permit, i.e. where no "wet ink" signature is required.

For the digital signing process via "DocuSign", your e-mail address and your (qualified) digital signature are required and processed via "DocuSign". The e-mail address is used to send the form and to make it easier to obtain the necessary documents.

If a document is to be signed via DocuSign, it is uploaded to the platform by the initiator. If the initiator specifies a person as the signatory, this person receives a notification email with further instructions from DocuSign.

Additional recipients can be specified who are to receive the signed documents by e-mail and in digital form after the signature process has been completed.

If you use DocuSign's Qualified Electronic Signature (QES) procedure, you will be asked to identify yourself so that your individual Qualified Electronic Signature can be generated by DocuSign. For this purpose, you will be asked to prove your identity by holding your identification documents (this can be a passport or ID card) up to the camera. Please note that DocuSign is responsible for processing your data for this part of the entire process. Please also note that, depending on the location, DocuSign may involve other partners who support DocuSign in the identification process.

DocuSign may process your personal data within the framework of an intra-group agreement or an agreement with a third party and in third countries. DocuSign uses so-called Binding Corporate Rules to ensure the security of such transfers.

For further details and if subcontractors of DocuSign are involved, please refer to DocuSign's Privacy Notice: https://www.docusign.co.uk/en-gb/privacy/

In cooperation with service providers and other organizations, legal instruments are used to ensure that your personal data is processed lawfully and only stored for as long as necessary. These are, for example, order processing contracts in accordance with Art. 28 GDPR or agreements between joint controllers in accordance with Art. 26 GDPR.

As a rule, the servers on which your personal data is stored by us or one of our service providers are located in the EU. In the course of some processing activities, your personal data may be stored outside the EU or persons who carry out their activities in countries outside the EU may have access to your personal data. These countries may offer a lower level of data protection. If there is no adequacy decision for these countries pursuant to Art. 45 GDPR for these countries, legal instruments are used that also guarantee the confidentiality, integrity and availability of (your) personal data. This includes in particular the signing of the so-called EU standard data protection clauses in accordance with Art. 46 (2) c GDPR.

We will retain and process your personal data for as long as we have a legitimate interest, valid consent from you or a legal obligation to do so for a certain period of time as determined or specified by applicable law and our company's IT security and data protection policies.

If the respective requirements are met, you are entitled to the following rights:

• Right to information: You have the right to receive information about the personal data stored about you at any time.

• Right to rectification: You have the right to have incorrect personal data concerning you rectified.

• Right to erasure: You can also request the erasure of your personal data, for example if your data is no longer required for the purposes for which it was collected or otherwise processed.

• Right to restriction of processing: You also have the right to request the restriction of the processing of your personal data; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data is disputed between you and us.

• Right to data portability: If we process your personal data to fulfill a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, commonly used and machine-readable format, if and to the extent that you have provided us with the data.

• Right to withdraw consent: If you have given us your consent to process your personal data, you can withdraw this at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

• Right to object: You can object to data processing on grounds relating to your particular situation. However, this only applies in cases where we process data to fulfill a legitimate interest. If you can present such a reason and we cannot assert a compelling interest worthy of protection in further processing, we will no longer process this data for the respective purpose.

• You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations.

If you would like information about the personal data stored about you, wish to assert your other rights or have questions about data protection with us, you can contact us using the above-mentioned contact details.