The controller responsible for data processing on this website is:

Keen Aspect GmbH
Bahnhofstr. 35a
79206 Breisach am Rhein
Germany

Email: hello@keenaspect.com
Privacy matters: privacy@keenaspect.com

District Court: Amtsgericht Freiburg im Breisgau
Commercial Register: HRB 733513
VAT No.: DE456882267
Managing Director: Özden Seiler

2.1 Scope of Processing

We process personal data only to the extent necessary to provide a functional website and our services.

Processing generally occurs only with your consent, except where processing is permitted by law and prior

consent cannot be obtained for practical reasons.

2.2 Legal Basis for Processing

We process personal data based on the following legal grounds under the General Data Protection Regulation

(GDPR):

Art. 6(1)(a) GDPR - with your consent

Art. 6(1)(b) GDPR - for contract performance or pre-contractual measures

Art. 6(1)(c) GDPR - to comply with legal obligations

Art. 6(1)(f) GDPR - based on legitimate interests (where your interests do not override)

2.3 Data Deletion and Retention

Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Storage beyond this

period occurs only if required by EU or national law. Data is also deleted when legally prescribed retentionperiods expire, unless continued storage is necessary for contract conclusion or fulfillment.

3.1 What Data is Collected

When you visit our website, our hosting provider automatically collects and stores the following information in

server log files:

• Browser type and version
• Operating system
• Internet service provider
• IP address (anonymized after 7 days)
• Date and time of access
• Referrer URL (website from which you accessed our site)
• Pages accessed on our website

This data is not combined with other data sources and is not used to identify individuals.

3.2 Legal Basis and Purpose

Legal basis: Art. 6(1)(f) GDPR - our legitimate interest in:

Ensuring website functionality and delivery

Optimizing the website

Ensuring IT security and system stability

Providing evidence in case of cyberattacks

The temporary storage of IP addresses is necessary to deliver the website to your device.

Storage duration: Log files are automatically deleted after 7 days. IP addresses are anonymized after this

period, making it impossible to identify the accessing user.

3.3 Right to Object

Collection of this data is essential for website operation. You cannot object to this processing without making

the website inaccessible to you.

Our website is hosted by:

Figma, Inc.

760 Market Street, Floor 5

San Francisco, CA 94102

USA

Figma processes data on our behalf as a data processor under a data processing agreement in accordance with

Art. 28 GDPR. This includes the data mentioned in Section 3 (server log files).

4.1 Data Transfer to the USA

Personal data may be transferred to and processed in the USA. This transfer is based on:

• Standard Contractual Clauses approved by the EU Commission (Art. 46(2)(c) GDPR)
• Figma's participation in the EU-U.S. Data Privacy Framework
• Additional technical and organizational security measures

You have the right to obtain a copy of the standard contractual clauses by contacting privacy@keenaspect.com.

4.2 Purpose of Processing

Figma processes data solely to provide hosting services, including:

• Website delivery and performance
• Server maintenance and security
• Technical support and troubleshooting

Legal basis: Art. 6(1)(f) GDPR - legitimate interest in reliable and secure website hosting

5.1 What are Cookies

Cookies are small text files stored on your device by your web browser. They enable certain website functions

and help recognize your browser on subsequent visits.

5.2 Types of Cookies We Use

We use only technically necessary cookies that are essential for basic website functionality. These cookies:

• Do not collect or store personal information
• Are required for the website to function properly
• Are automatically deleted when you close your browser (session cookies)

Legal basis: Art. 6(1)(f) GDPR - legitimate interest in providing a functional website

5.3 Managing Cookies

You can configure your browser to:

• Reject all cookies
• Accept only certain cookies
• Notify you when cookies are set
• Automatically delete cookies when closing the browser

Please note that disabling cookies may limit website functionality. Instructions for managing cookies in

common browsers:

• Chrome: Settings > Privacy and security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Cookies and site permissions

6.1 Description of Processing

You can contact us via the provided email addresses. When you do, we store:

• Your email address
• Your name (if provided)
• Content of your message
• Date and time of communication
• Any attachments you send

6.2 Legal Basis and Purpose

Legal basis:

• Art. 6(1)(f) GDPR - legitimate interest in responding to inquiries
• Art. 6(1)(b) GDPR - if your inquiry relates to a contract or pre-contractual measures

Purpose: Processing data is necessary to handle your inquiry and respond appropriately.6.3 Storage Duration

Your data is stored until:

• Your inquiry is fully resolved, and
• No legal retention obligations apply (e.g., commercial or tax law may require retention for up to 10 years)

For general inquiries without legal retention requirements, data is typically deleted within 3 years after the

conversation ends.

6.4 Right to Object and Deletion

You can request deletion of your data at any time by emailing privacy@keenaspect.com. In such cases, we can

no longer continue the conversation. Data subject to legal retention obligations will be blocked from further

processing and deleted once the retention period expires.

We implement appropriate technical and organizational security measures to protect your data against:

Accidental or intentional manipulation

Loss or destruction

Unauthorized access by third parties

Our security measures include:

SSL/TLS encryption for all data transmitted between your browser and our servers

Regular security updates and patches

Access controls and authentication systems

Regular security audits

Employee training on data protection

Our security measures are continuously reviewed and improved in line with technological developments.

8.1 Right to Information (Art. 15 GDPR)

You can request confirmation of whether we process your personal data and, if so, request information about:The purposes of processing

The categories of data processed

The recipients or categories of recipients

The planned storage duration

Your rights (rectification, erasure, restriction, objection)

Your right to lodge a complaint with a supervisory authority

The source of data (if not collected from you)

The existence of automated decision-making, including profiling

8.2 Right to Rectification (Art. 16 GDPR)

You can request immediate correction of inaccurate personal data and completion of incomplete data.

8.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data if:

The data is no longer necessary for the purposes for which it was collected

You withdraw consent and there is no other legal basis for processing

You object to processing and there are no overriding legitimate grounds

The data was processed unlawfully

Erasure is required to comply with a legal obligation

Exceptions: The right to erasure does not apply if processing is necessary for:

Compliance with legal obligations

Establishment, exercise, or defense of legal claims

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request restriction of processing if:

You contest the accuracy of the data (during verification)

Processing is unlawful and you oppose erasure

We no longer need the data, but you need it for legal claims

You have objected to processing (pending verification of legitimate grounds)

8.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format

and to transmit this data to another controller, provided:

Processing is based on consent or contract performance

Processing is carried out by automated means

8.6 Right to Object (Art. 21 GDPR)

General right to object: You can object to processing based on Art. 6(1)(f) GDPR (legitimate interests) on

grounds relating to your particular situation. We will cease processing unless we demonstrate compelling

legitimate grounds that override your interests, rights, and freedoms.

Direct marketing: You can object at any time to processing for direct marketing purposes. After your objection,

we will no longer process your data for such purposes.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

If processing is based on your consent, you can withdraw consent at any time. Withdrawal does not affect the

lawfulness of processing prior to withdrawal.

8.8 Automated Decision-Making and Profiling (Art. 22 GDPR)

We do not use automated decision-making or profiling that produces legal effects or similarly significantly

affects you.

8.9 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority, particularly in the Member

State of your habitual residence, place of work, or place of alleged infringement.

Competent supervisory authority for our company:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Postfach 10 29 32

70025 Stuttgart

Germany

Phone: +49 711 615541-0

Email: poststelle@lfdi.bwl.de

Website: https://www.baden-wuerttemberg.datenschutz.de

To exercise your rights, contact: privacy@keenaspect.com

We do not sell, trade, or transfer your personal data to third parties, except:

Our hosting provider Figma, Inc. (as described in Section 4), who processes data on our behalf

When required by law or to comply with legal obligations

To protect our rights, property, or safety, or that of others

We do not use:

Web analytics tools (e.g., Google Analytics)

Social media plugins or integration

Advertising or marketing cookies

Third-party tracking technologies

Profiling or automated decision-making

Our website is not directed to individuals under the age of 16. We do not knowingly collect personal data from

children. If we become aware that we have collected data from a child without parental consent, we will delete

it immediately.

We reserve the right to update this privacy policy to reflect:

Changes in our data processing practices

Changes in applicable law

Technical or organizational developments

Changes that require your consent will only be implemented after obtaining such consent.

For questions, concerns, or requests regarding data protection and this privacy policy, please contact:

Keen Aspect GmbH

Data Protection

Bahnhofstr. 35a

79206 Breisach am Rhein

Germany

Email: privacy@keenaspect.com

We will respond to your inquiry within one month of receipt. In complex cases, we may extend this period by

two additional months and will inform you of such extension.