The protection of your personal data is important to us. We process your data exclusively in
accordance with the legal regulations. In this Data Protection Declaration, we inform you about the
most important aspects of the data processing on our website.

Personally referred data are required for the registration in and the use of the Keyotag.my. The use
of the apps. created thereunder is usually possible without registering and revealing personally
referred data.

1. The employment of ‘cookies’, caching and web storage
The Keyotag web server transmits small text files (so-called ‘cookies’) to the web browser of its users
and these are saved (and stored) on the recipient computer or terminal equipment. The web server
of Keyotag also employs caches to facilitate the improvement of operations and uses web storage
space to hold raised information.
The ‘cookies’, caches’ and ‘web storage space’ are necessary for the use of the services of Keyotag
but these contain no personally referred data.
The ‘cookies’, which save and store registration data are erased from the ‘CMS’ when the user or
contractual party logs off (signs out). Users or contractual parties can erase the cookies, caches and
web storage at any time manually via the browser settings.

2. Anonymous data raising on the websites
The web server of this website automatically raises, saves and stores information on each received
enquiry in an event record log. This includes:

the host name of the accessing computer (the ‘IP’ address);
the date and time of the enquiry;
the name of the path of the requested document or file;
the transmitted data volume; and
the ‘http’ status code of the enquiry.
Keyotag however hereby reserves the right to raise other not personally referred data.

These data are automatically transmitted by the internet browser of the user or contractual party to
the Keyotag web server. Processing is anonymous. There is no amalgamation of such data with any
other data sources or any allocation made to personally referred data. The saved and stored data
are solely employed for statistical and security relevant evaluation purposes (e.g. the number of
website call-ups, or ascertainment of any attacks on the web server).

2.1 Data raising with Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre
Parkway Mountain View, CA 94043, USA; "Google"). The use includes the "Universal Analytics"
operating mode. This facilitates the assignment of data, sessions and interactions across several
devices to a pseudonymous user ID and thus the analysis of a user's activities across devices.

Google Analytics uses "cookies", which are text files placed on your computer, to allow the website
operator to analyze how users use the site. The information generated by the cookie about your use
of this website is usually transferred to a Google server in the USA and stored there. However, we
use IP anonymisation and Google will reduce your IP address within Member States of the European
Union or in other states party to the Agreement on the European Economic Area beforehand. Only
in exceptional cases will the full IP address be transmitted to a Google server in the USA and
shortened there. The IP address transmitted by your browser in the context of Google Analytics is
not merged with other Google data. On behalf of the operator of this website, Google will use this
information to evaluate your use of the website, to compile reports on website activity and to
provide the website operator with other services related to website and Internet use. Our legitimate
interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics
is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR. The data sent by us and linked to cookies, user-
identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 26 months. Data
whose retention period has been reached is automatically deleted once a month. For more
information on terms of use and data protection, please visit
https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however
please note that if you do this you may not be able to use the full functionality of this website. You
can also prevent Google from collecting the data generated by the cookie and relating to your use of
the website (including your IP address) and from processing this data by Google by downloading and
installing the Browser Add-on. Opt-out cookies prevent the future collection of your data when you
visit this website. To prevent Universal Analytics from collecting data across several devices, you
must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google
Analytics

3. The raising of personally referred data, exploitation and forms
In the raising of personally referred data, Keyotag observes the principles of data-reduction, data-
economy, data-transparency and data-security, i.e. personally referred data are for example only
raised, saved and stored to the requisite extent, on the occasion of the initial enquiry or contact.

The raising of personally referred data is only conducted after the prior consent of the user or
contractual party. The data of the user or contractual party will only be employed for the setting-up,
execution or termination of a contractual or quasi-contractual business relationship and then saved
and stored for the agreed purpose and extent. Users or contractual parties can withdraw their

consent at any time with effect for the future. After withdrawal, the relevant data will be erased,
unless Keyotag is statutorily required to keep the data.

When personally referred data are raised on our website or internet appearances (name, postal
address, email address, etc.), for example via contact forms, this is deemed to be voluntary. The
passing-on or sale of personally referred data to third parties is only conducted with the express
approval of the user or contractual party.

When users or contractual parties take advantage of the possibility of publishing commentaries and
similar participations concerning corresponding functions or forms, the associated data entered are
then saved and stored, and then published on the relevant website. Users and contractual parties
can contradict the saving and storing at any time and apply for the erasure of the entered data.
Users and contractual parties can then submit their contradiction to the operators of the websites
shown as Provider Identification in their disclaimers.

4. Access of third parties to raised data
The raising, processing and exploitation of data, is as a rule conducted by the uses of the ‘CMS’ –
Content Management System, the organizers, the creators of the apps. and Keyotag. When
personally referred data is raised by other providers, Keyotag will duly notify the users and
contractual parties.

Keyotag retains the services for the processing of some individual data, who only handle such data in
accordance with their mandate, not pass such on, and observe the existing data protection
legislation. The approval of the persons affected is obtained by Keyotag before the raising of such
data.

The foregoing also includes the sale of such data and other sundry exploitation. Exceptions are the
statutory requirements for reporting when Keyotag is required to processes personally referred data
and transmit such to state authorities.

Users and contractual parties should observe, that no complete protection exists from the
unauthorized interference of third parties during contacts via email messages as well as during the
transmission of data to the web server of Keyotag (e.g. when using forms).

5. When accessing the websites of QRCode Studio, which include the share-button function, data is
uploaded from the web server at ‘AddThis’, which provides the visual appearance view and the
function of the share-button function on the websites of Keyotag. At the same time, data is
transmitted from the browser of the user or contractual party to ‘AddThis’, and the cookies of

‘AddThis’ are received, saved and stored on the computer of the user or contractual party. The data
transmitted to ‘AddThis’ are also saved, stored and processed there.

You may refuse the data transmission by opting-out from AddThis under
http://www.youronlinechoices.com/opt-out-interface or directly on the AddThis website under
http://www.addthis.com/privacy/opt-out.

6. Social plug-ins of Facebook
These websites can also contain so-called social plug-ins of the social media network of www.
facebook.com (recognisable by the Facebook lettering or Facebook Logo). This includes for example
remarks such as ‘Like It‘ and the ‘Like Box’. These can be employed by the user or contractual party
among other things to recommend the various websites to others via social media networks on the
internet, or to show these to other users on the internet, that the user or contractual party ‘likes
these’. The plug-ins are a service provided by: Facebook, Inc., 1601 South California Avenue, Paolo
Alto, CA 94304, U.S.A. (hereinafter referred to as ‘Facebook’.

When accessing the websites of Keyotag, which includes such a plug-in, data is uploaded from the
web server at ‘Facebook’, which provides the visual appearance view and the function of the plug-
ins on the websites of Keyotag. At the same time, data is transmitted from the browser of the user
or contractual party to ‘Facebook’, and the cookies of ‘Facebook’ are received, saved and stored on
the computer of the user or contractual party. The data transmitted to ‘Facebook’ are also saved,
stored and processed there.

When the user or contractual party is a member of Facebook, and the user is already online with
Facebook, Facebook can allocate the data to the Facebook user account at the time as a visit is made
to the Keyotag websites containing such a plug-in. When the user or contractual party also accesses
the plug-in function (e.g. by clicking on the ‘Like It’ box), Facebook will save and store these and
allocate them to the Facebook user account. If the user or contractual party wishes to prevent the
allocation of the transmitted data to the Facebook user account, they should leave Facebook before
visiting the websites of Keyotag. Keyotag has no influence on the volume and content of the
transmitted data. Information on the raising and exploitation of the transmitted data by Facebook,
and on the user rights and settings possibilities of the user, can be viewed on the Facebook websites.

7. Social plug-ins of Google
These websites can also include so-called plug-ins of ‘Google’ (recognisable by the Google livery
colour shades of: red, blue, green, yellow or the Google Logo). The ‘+1’-button (‘Google Plus’,
recognisable by the ‘+1’ digit on the button) is also included, for example. These can be employed by
the user or contractual party to recommend the various websites within the services range of
Google to other users on the internet. These plug-ins are services provided by: Google, Inc., 1600
Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. (hereinafter referred to as ‘Google’.

When accessing the websites of Keyotag, which includes such a plug-in, data is uploaded from the
web server at ‘Google’, which provides the visual appearance view and the function of the plug-ins
on the websites of Keyotag. At the same time, data is transmitted from the browser of the user or
contractual party to ‘Google’, and the cookies of ‘Google’ are received, saved and stored on the
computer of the user or contractual party. The data transmitted to ‘Google’ are also saved, stored
and processed there.

When the user or contractual party is a member of Google, and the user is already online with
Google, Google can allocate the data to the Google user account at the same time as a visit made to
the QRCode Studio websites containing such a plug-in. When the user or contractual party also
accesses the plug-in function (e.g. by clicking on the ‘+1’ button), Google will save and store these
and allocate them to the Google user account. If the user or contractual party wishes to prevent the
allocation of the transmitted data to the Google user account, they should leave Google before
visiting the websites of Keyotag.

Information on the raising and exploitation of the transmitted data by Google, can be viewed on the
Google website. Special data protection statutory requirements on ‘GooglePlus’ and the ‘+1’ button
function, can be viewed on the ‘GooglePlus’ website.

Information on the raising and exploitation of the transmitted data by ‘AddThis’, can be viewed on
the AddThis website.

8. Social plug-ins of Twitter
These websites also contain service functions of Twitter, Inc., Suite 600, 795 Folsom Street, San
Francisco, CA 94107, U.S.A.. When the user or contractual party employs ‘Twitter’ and particularly
the function ‘Re-Tweet’, Twitter will connect the Twitter Account to the internet website visited by
the user or contractual party. This will be notified to other Twitter users, especially the ‘Follow Me’
subscribers. A data transmission is also made to Twitter. Keyotag is not informed by Twitter of the
content of the transmitted data and/or concerning the exploitation of the data. The following link
will provide more information on the matter: http://twitter.com/privacy
The user or contractual party can also change the relevant settings at:
http://twitter.com/account/settings.

9. Land maps from Google Maps™ map servicesThese websites all include so-called plug-ins in the
form of maps, satellite photography and route planning functions from ‘GoogleMaps™’. The user or
contractual party can use this function to plan routes. The maps are a service provided by Google,
Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. (hereinafter referred to as
‘Google’).

When accessing the websites of Keyotag, which includes such a map, data is uploaded from the web
server at ‘Google’, which provides the visual appearance view and the function of the map on the
websites of Keyotag. At the same time, data is transmitted from the browser of the user or
contractual party to ‘Google’, and saved and stored there.

Information on the raising and exploitation of the transmitted data by ‘Google’, can be viewed on
the Google website.

10. Linked third-party websites
This Data Protection Declaration is not applicable to the websites of other providers when we offer
connections to these by providing hyperlinks.

11. The exploitation of published contact data
Keyotag hereby gives notice, that it contradicts the exploitation of published data for commercial
purposes. This includes in particular the saving and storing of such in data-processing systems for
purposes of retail trading as well as their exploitation for general advertising purposes (e.g. the
unsolicited mailing of information material and advertising brochures by postal mail and email.).

12. Changes in this present Data Protection Declaration
Keyotag hereby reserves the right to adjust this Data Protection Declaration to new situations and
changed circumstances (of a statutory or actual nature). Keyotag will usually notify users and
contractual parties of any alterations in its Data Protection Declaration, three (3) weeks before
publication and validity. Users or contractual parties will then have the possibility of declaring their
contradiction to such via the general contact address, and thus to close their existing user account.
Any further use of the content by registered users without their approval to the altered Data
Protection Declaration will then no longer be possible.

13. Entitlement to information
Under the GDPR, users or contractual parties have a free-of-charge right to information on their
saved and stored personally referred data, to include a right to their correction, deactivation in
whole or in part or the erasure of such data. The right of erasure of data is not included under the
statute law for invoicing-, accounting- or fiscal – purposes and/or data where the associated
business purpose has not yet been completed. All data raised for agreement for a certain purpose,
are erased when the agreement comes to an end.
Please contact the person authorized to handle enquiries as indicated in the Provider Identification
in the Disclaimer to this website, on queries concerning the raising, dissemination or exploitation of
personally referred data, as well as for information on-, correction of-, deactivation- or erasure of
–the data.

14. Contact
In case of questions you can reach us under the contact data found in our legal notice.