In connection with your mandate of Rüger I Abel Patentanwälte PartGmbB, we would like to draw your attention to the following information in accordance with the EU Data Protection Regulation (hereinafter "GDPR"):

1. Name and contact details of the responsible data protection officer

This privacy policy applies to data processing by the controller:

Rüger Abel Patent Attorneys PartGmbB

(hereinafter: Rüger | Abel)

Webergasse 3

73728 Esslingen am Neckar

Germany

Email: mail@ruger-ip.com

Phone:  49 (0)711 / 49 01 06-0

Fax:  49 (0)711 / 35 99 03

Rüger Abel Patent- und Rechtsanwälte is a partnership with limited professional liability, registered under Rüger Abel Patentanwälte PartGmbB in the partnership register of the Stuttgart District Court, PR 720 870. The registered partners are Dr.-Ing. Thomas Abel and Mr. Peter Abel, M.Sc. The company data protection officer of Rüger | Abel can be contacted at the above address, attention of the data protection officer, or at datenschutz@ruger-ip.com.

2. Collection and storage of personal data and the nature and purpose of their use

For support within the framework of a mandate, we collect the following information

• Title, first name, last name, one or more valid email addresses, address, telephone number (landline and/or mobile and fax number if applicable), information necessary for the assertion and defense of your rights within the scope of the mandate, e.g. for the registration, acquisition, defense or enforcement of protective rights.

We process the above data for the following purposes:

• to identify you as our client, to provide you with appropriate legal advice and representation, to correspond with you, to issue invoices, to process any liability claims that may arise and to assert any claims against you, and for other administrative purposes.

The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letters b) and f) of GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

The personal data collected by us for the mandate will be stored until the expiry of the statutory retention periods for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and then deleted, unless we are obliged to store the data for a longer period in accordance with Art. 6 Para. 1 Clause 1 Letter c) of GDPR due to retention and documentation obligations under tax and commercial law (from the German Commercial Code, the German Criminal Code or the German Fiscal Code).

3. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

Your personal data will be passed on to third parties to the extent that this is necessary in accordance with Art. 6 Paragraph 1 Clause 1 Letter b for the processing of client relationships with you. This includes in particular the transfer to patent and/or trademark offices as well as courts and other public authorities, opposing parties and their representatives (in particular their lawyers) for the purposes of correspondence and to assert and defend your rights. The data passed on may only be used by third parties for the purposes stated. For the registration, acquisition and enforcement of property rights or other claims abroad, we also pass on your personal data required for this purpose to the relevant authorities and courts as well as to patent attorneys and lawyers.

Attorney-client privilege remains unaffected. If the data is subject to attorney-client privilege, it will only be passed on to third parties in consultation with you.

As part of our internal law firm organisation, we use service providers who may also have access to personal data in the course of their work. These include:

• Tax consultants from Rüger I Abel; external accountants from Rüger I Abel for accounting purposes; IT service providers to support our IT systems; patent attorneys and lawyers subject to professional secrecy, whom we may involve as freelancers in the context of client processing.

The service providers may only process the data for the purposes stated. The service providers are obliged to maintain the strictest confidentiality either by law or due to contractual agreements. They have been informed that breaches of confidentiality may also result in criminal consequences for the service providers.

4. Rights of data subjects

You have the right:

• to revoke your consent at any time, once given, in accordance with Art. 7 Paragraph 3 GDPR. This means that we may no longer continue the data processing based on this consent in the future, to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the category of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details; in accordance with Art. 16 GDPR, to immediately request the rectification of incorrect or incomplete personal data stored by us; in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse to erase it and we have the no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR; to receive your personal data that you have provided to us in a structured, common and machine-readable format in accordance with Art. 20 GDPR or to request that it be transmitted to another controller; and to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our office headquarters for this purpose.

5. Rights of data subjects

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you would like to exercise your right of withdrawal or objection, simply send an email to mail@ruger-ip.com

6. Data security

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

7. Current status and changes to this privacy policy

We may update this privacy policy from time to time. This privacy policy is currently valid and is dated November 2023.