Data protection

1. General Information
    
   1. Objective and Responsibility
       

      1. This privacy policy informs you about the nature, scope and purpose of the processing of personal data in relation to our online offer and the associated websites, functions and content (hereinafter collectively referred to as "online offer" or "website"). Details on these processing activities can be found in section 2.

      2. Details of data processing for the purpose of carrying out our business processes are described in section 3.

      3. Prime Lithium AG (Friesenweg 28, 22763 Hamburg) - hereinafter referred to as "we" or "us" - is the provider of the online offer and responsible for data protection.

      4. Our online service is hosted by dogado GmbH (Ankerstraße 3b, 06108 Halle/Saale). The server location is Germany.

      5. Our data protection officer is: Sven Meyzis - IT.DS Beratung (phone: 0049 40-21091514 / e-mail: s.meyzis(at)itdsb.de).

      6. The term ‘user’ encompasses all customers, interested people, employees and visitors of our online service.

   2. Legal Bases
      
      In general, we collect and process personal data based on the following legal grounds:

      1. Consent in accordance with article 6 paragraph 1 lit. a General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.

      2. Necessity for the performance of a contract or in order to take steps prior to entering into a contract according to article 6 paragraph 1 lit. b GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.

      3. Processing to fulfil a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR, meaning that e.g. the processing of data is required by law or other provisions. 

      4. Processing for the purposes of legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

      The specific legal bases for the individual processing operations are listed in the following sections.

   3. Data Subject Rights

      1. You have the following rights with regards to the processing of your data through us:

      2. The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.

      3. Right of access in accordance with article 15 GDPR 

      4. Right to rectification in accordance with article 16 GDPR 

      5. Right to erasure (‘right to be forgotten’) in accordance with article 17 GDPR

      6. Right to restriction of processing in accordance with article 18 GDPR

      7. Right to data portability in accordance with article 20 GDPR

      8. Right to objection in accordance with article 21 GDPR
         
         Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.

      Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

   4. Data Erasure and Duration of Storage
       
      The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.
       
   5. Security of Processing
       

      1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.

      2. These security measures include in particular the encrypted transfer of data between your browser and our server.

   6. Transfer of Data to Third Parties, Subcontractors and Third Party Providers
       

      1. A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.

      2. If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.

      3. If we use content, tools or other means from other companies (hereinafter collectively referred to as ‘third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.

2. Concrete Data Processing
    
   1. Collection of information for the use of the online offer
       
      1. When using the online offer, information is automatically transmitted to us by the user's browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. 
          

      2. The processing of this information is based on legitimate interests pursuant to Article 6 (1) (f) GDPR (e.g. optimization of the online offer) and to ensure the security of the processing pursuant to Article 5 (1) (f) GDPR (e.g. for the defense and reconnaissance of cyberattacks).

      3. The information is automatically deleted latest 4 weeks after the end of the connection - i.e. use of the online offer - unless otherwise required by retention periods.

      4. The collection of data and the storage of data in log files is absolutely necessary for the provision of the online offer. Therefore, there is no deletion, objection or correction option on the part of the user.

   2. Contact form and contact by email
       

      1. When contacting us (via online form or e-mail), the data provided by the user will be processed exclusively for the purpose of processing the enquiry and handling it.

      2. Any other use of the data will only take place on the basis of the user's consent.

      3. The user's data is stored in our customer relationship management system ("CRM system") or a comparable software/database. The statutory retention periods for business letters apply.

   3. Links to other websites
       

      1. While using some of our services, you will be automatically redirected to other websites.

      2. Please note that this privacy policy does not apply there. The privacy policy of the linked website may differ considerably from this one.

3. Processing for the purpose of carrying out our business processes
    
   1. Job applications
      For reasons of better readability, the simultaneous use of masculine, feminine and diverse language forms is avoided in the following explanations. All references to persons apply to all genders: m/f/d.
       
      1. Direct applications
          
         1. We offer you the opportunity to apply to us (e.g. by email or post). Below, we provide information about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions, and that your data will be treated as strictly confidential.
             

         2. Scope and purpose of data collection
            When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 BDSG (initiation of an employment relationship), Art. 6 (1) lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 (1) lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

         3. If your application is successful, the data you submit will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of Section 26 BDSG and Art. 6 (1) lit. b GDPR.

         4. Data retention period
            If we are unable to offer you a position, you reject a job offer or withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period at the latest (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

         5. Longer storage may also take place if you have given your consent (Art. 6 (1) (a) GDPR) or if legal storage obligations prevent deletion.

      2. Inclusion in the applicant pool
          

         1. If we do not offer you a position, we may include you in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so that we can contact you if a suitable vacancy arises.

         2. Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 (1) (a) GDPR). Consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided that there are no legal reasons for retention.

         3. The data from the applicant pool will be irrevocably deleted no later than 12 months after consent has been given.

      3. Applicant management software
          

         1. The data transmitted as part of your application in the online application process is transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel management and applicant management software (https://www.personio.de/impressum/).

         2. In this context, Personio is our processor in accordance with Art. 28 GDPR. The basis for the processing is a contract for order processing between us as the responsible body and Personio.

         3. Details on data protection at Personio can be found at: www.personio.de/datenschutzerklaerung/.

   2. Existing customer advertising
       

      1. Insofar as you have already made use of services from us against payment, we may inform you from time to time by e-mail or letter about similar services from us (in particular new offers), unless you have objected to this.

      2. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in direct advertising (recital 47 GDPR). You can object to the use of your e-mail address and postal address for advertising purposes at any time without additional costs with effect for the future.

4. Cookies
    
   1. General Information
       

      1. We only use necessary cookies and similar technologies within the meaning of Section 25 (2) TDDDG (Law on Data Protection and Privacy Protection in Telecommunications and Digital Services); in this respect, there are no options for objection.

   2. Cookie overview, objection
       
      1. An up-to-date overview of the cookies and similar technologies used on this website can be found in the Consent Management Platform (see section 2.2).
          
      2. We only use necessary cookies and similar technologies within the meaning of Section 25 (2) TDDDG (Law on Data Protection and Privacy Protection in Telecommunications and Digital Services); in this respect, there are no options for objection.
          
5. Changes to the Data Privacy Policy
    
   1. We reserve the right to change this Data Privacy Policy with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.
       
   2. If users' consents are required or if elements of the Data Privacy Policy contain provisions in regards to the contractual relationship with the users, the changes will only be made with the consent of the users.
       
   3. Users are requested to keep themselves informed about the content of this Data Privacy Policy on a regular basis.

Version: August 2025