Privacy Notice

1 Introduction

Schaknat Elektronik GmbH respects your privacy. This notice explains what personal data we collect, how and why we use it, the legal bases we rely on, how long we keep it, with whom we share it, how we transfer it internationally, and the rights and choices available to you. This notice applies to schaknat.de, schaknat.app, our online shop, the Schaknat App and the Schaknat Dongle, customer support, marketing and analytics activities, and programs operated with authorized distributors and installation partners. This notice is informational and does not create contractual rights beyond what applicable law requires.

2 Controller and contact

The controller is Schaknat Elektronik GmbH, Carl‑Benz‑Straße 12, 68649 Groß‑Rohrheim, Germany. For privacy inquiries, please use the contact form. Contact phone is +49 800 3441114. Contact email is info@schaknat.app. Supervisory authority contact details are available from the competent authority at your place of residence or at the company’s seat in Germany.

3 Scope and audience

This notice covers website visitors, account holders, customers, prospective customers, business contacts at distributors or installers, app users, and dongle users. It applies worldwide and is designed to satisfy the EU and UK data protection regimes and to provide the disclosures required by certain non‑European laws, including United States state privacy laws.

4 Key definitions

Personal data means any information relating to an identified or identifiable person. Processing means any operation performed on personal data. Controller means the entity that determines purposes and means of processing. Processor means a service provider acting on the controller’s instructions. Cookies and SDKs are technologies that store or access information on a device. Consent management platform means the tool through which you grant, deny, or withdraw consent for non‑essential technologies. Sale, sharing, and targeted advertising are terms defined in certain United States state privacy laws and may apply to the use of advertising identifiers for cross‑context behavioral advertising.

5 Categories of data we collect

We collect account and order data such as names, contact details, shipping and billing addresses, company information, order history, and tax or invoice data. We collect payment status data from payment providers; full payment credentials are processed by those providers. We collect device and usage data such as IP address, timestamps, pages or screens viewed, referrers, app events, approximate location at city or region level, and crash or error logs. We collect marketing and advertising identifiers when you consent, including identifiers used by Google, Meta, LinkedIn, TikTok, Microsoft Advertising and similar services. We collect support and communications data from emails, calls, chat messages and files you send. We collect app and dongle telemetry necessary to provide secure flashing and diagnostics, including license and activation checks, ECU and firmware package identifiers, checksums, non‑content diagnostic logs and timestamps; users cannot edit or author calibration files inside the App. Where you request local availability, installation or calibration services, we collect and share necessary contact and order details with authorized distributors or installation partners.

6 Sources of data

We obtain data directly from you when you browse, register, place an order, contact support, or use the App or Dongle. We obtain data automatically through our websites, app and devices, including through cookies and SDKs according to your consent choices. We obtain data from payment providers and logistics providers as needed to fulfill orders. We obtain aggregated insights from social media platforms about interactions with our official pages.

7 Purposes of processing and legal bases under GDPR and UK GDPR

We process data to provide services and fulfill contracts, including account creation, order processing, shipping, flashing approved software, diagnostics, warranty or service logistics and customer support. The legal basis is performance of a contract. We process data to operate, secure and improve our websites, app and infrastructure, including logging, fraud prevention, uptime, error diagnosis and content delivery. The legal basis is our legitimate interests. We process data to comply with legal obligations, including tax and accounting rules, consumer protection, product safety and regulatory inquiries. The legal basis is legal obligation. We process data for marketing, analytics and personalization only where you have given consent where consent is required. The legal basis is consent. We process data for business development and relationship management with distributors and installers. The legal basis is our legitimate interests. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

8 Cookies, SDKs and your choices

Non‑essential cookies and SDKs for analytics and advertising operate only with your prior consent where required. Essential technologies necessary to provide a service you request may operate without consent. You can open the cookie settings at any time via the site footer to grant or withdraw consent. If you decline non‑essential cookies or SDKs, you can still use our websites, though certain features may be limited.

9 Analytics and advertising technologies

We may use Google Analytics to measure usage and improve our services. We may use Google Ads, Meta technologies for Facebook and Instagram, LinkedIn Insight Tag, TikTok Pixel, Microsoft Advertising and comparable services to measure conversions and display advertising. These tools rely on identifiers and may enable interest‑based advertising across websites and apps when you consent. You can change your preferences in the cookie settings. Email marketing is sent in accordance with applicable law and your choices, and you can unsubscribe at any time.

10 Ecommerce, hosting and infrastructure

Our online shop is hosted by a recognized ecommerce platform provider. Data necessary to host the store, provide security and support checkout is processed by that provider on our instructions. Payments are processed by your selected payment provider. The payment provider receives your payment details and shares only the minimum information we need to complete your order. We use a content delivery and security service to protect our websites and reduce latency. That service may process IP addresses and other technical data necessary to deliver content and defend against denial of service or similar attacks.

11 The Schaknat App and Dongle

When you sign in to the App or connect the Dongle, we process data required to provide secure flashing, verification and diagnostics. This includes license or activation checks, ECU and firmware package identifiers, checksum or verification data, non‑content diagnostic logs, timestamps and device identifiers. Users cannot modify or create calibration files inside the App. Changes to engine control software can affect regulated parameters; it is your responsibility to ensure that the use of approved packages complies with applicable law and, where required, to obtain inspections, tests or certifications before public‑road operation.

12 Social media pages

When you visit our pages on platforms such as Facebook, Instagram or LinkedIn, the platform may provide us with aggregated page insights about visits and interactions. The platform’s privacy policy applies to your use of that platform. Requests regarding platform data will be handled in accordance with the platform’s procedures.

13 Children’s data

Our services are not directed to children. We do not knowingly collect data from children below the age thresholds set by applicable law. If you believe a child provided data to us, please contact us and we will delete it.

14 Retention

We keep personal data only as long as necessary for the purposes described. Account and order data is retained for the customer relationship and for statutory retention periods. Support records are retained for the lifecycle of the case. Marketing data is retained until consent is withdrawn or the data becomes inactive under our retention rules. Logs and security data are retained for operational periods that are proportionate to security and compliance needs. Where law requires longer retention or where data is needed to establish, exercise or defend legal claims, we retain only what is necessary for that purpose.

15 Sharing of data

We share personal data with service providers that host our shop, deliver content, provide analytics or advertising based on your consent, process payments, provide communications and customer support, ship products and handle repairs or returns. We share data with professional advisers where necessary. We share data with authorized distributors and installation partners where you request local availability, installation or calibration services. We disclose data to public authorities when legally required and in connection with corporate transactions where permitted by law.

16 International transfers

We operate globally and use service providers that may process data outside your country. Where required, we use lawful transfer tools such as adequacy decisions, standard contractual clauses, and for the United Kingdom the international data transfer addendum or equivalent instruments, together with risk assessments and appropriate safeguards. Additional information on transfers is available on request.

17 Your rights under EU and UK law

You have the right to request access to your personal data, rectification of inaccurate data, erasure where the law permits, restriction of processing, data portability and to object to processing based on our legitimate interests. You have the right to withdraw consent at any time where we rely on consent. You have the right to lodge a complaint with a supervisory authority. We will respond within the time limits set by law.

18 Your rights under United States state laws

Depending on your state of residence, you may have the rights to know and access, correct, delete, and opt out of sale, sharing and targeted advertising. We recognize legally required opt out preference signals where applicable, including recognized browser signals for sale or sharing. To exercise rights, use the Your Privacy Choices link in the site footer or contact us. We do not discriminate against individuals for exercising rights.

19 Your rights under other laws

If you are located in Canada, Brazil, Switzerland, Singapore, Australia or New Zealand, you may have access and correction rights and, in some jurisdictions, deletion and portability rights. You may also have a right to complain to your national or provincial privacy regulator. Contact us to exercise these rights and we will explain the process that applies in your jurisdiction.

20 Exercising your rights and verification

To exercise any right, contact us using the details in Section 2 or use the links provided in the site footer. We may request information to verify your identity and your relationship with us before acting on a request. If we decline a request as permitted by law, we will explain why and how you can appeal where an appeal right exists.

21 Marketing preferences and choices

You can unsubscribe from marketing emails by using the unsubscribe link in the message. You can control analytics and advertising technologies via the cookie settings at any time. If you are a United States resident, use the Your Privacy Choices link in the site footer to opt out of sale, sharing or targeted advertising where applicable. If you use a supported browser signal, we will treat that signal as an opt out where required by law.

22 Security

We implement technical and organizational measures designed to protect personal data, including encryption in transit where appropriate, access controls, role‑based permissions, network safeguards and vendor due diligence. No online service can be guaranteed to be secure, and we maintain incident response procedures and will notify authorities and individuals where the law requires notification.

23 Processors and accountability

We maintain records of processing activities, apply data minimization and purpose limitation, and enter into data processing agreements with processors. For processing that is likely to result in a high risk, we conduct data protection impact assessments where required. Staff with access to personal data receive training appropriate to their role.

24 Automated decision making

We do not make decisions solely by automated means that produce legal effects or similarly significant effects about you without human involvement. If this changes, we will provide the required information and options before such processing begins.

25 Links and embedded content

Our services may link to third‑party sites or embed third‑party content such as videos or fonts. Your interactions with those services are governed by their privacy policies and by your consent choices in the cookie settings.

26 Changes to this notice

We may update this notice to reflect legal, technical or operational changes. The effective date at the top of this page shows when it was last revised. Material changes will be communicated in a manner appropriate to their significance.

27 Regional disclosures for California residents

This section serves as a notice at collection and as additional disclosures for California residents. We collect identifiers such as name, email, phone, IP address and device identifiers. We collect customer records such as postal addresses and purchase history. We collect commercial information such as products purchased or considered. We collect internet or network activity information such as interactions with our websites or app. We collect approximate geolocation at city or region level derived from IP address. We collect inferences created by us or by our advertising partners when you have consented to relevant technologies. We collect payment status information from payment providers but do not collect full payment credentials. We collect professional information for business contacts at distributors and installers. We use this information for the purposes described in Sections 7 to 11. We disclose this information to the categories of recipients described in Section 15 for business purposes. We do not sell personal information for money. When you consent to advertising technologies, certain activities may be considered sharing or targeted advertising under California law. You can opt out at any time by using the Your Privacy Choices link in the site footer and we will also honor recognized browser signals as required. Sensitive personal information is not used to infer characteristics and is not processed for additional purposes that would require a limitation right. Retention is described in Section 14.

28 Contact information for privacy requests

Contact form is preferred and is available on our websites. Contact phone is +49 800 3441114. Contact email is info@schaknat.app. If you are located in the European Union or the United Kingdom, you also have the right to contact your supervisory authority. If we appoint a data protection officer or a United Kingdom representative, we will publish the contact details in this section.

29 Version and effective date

Version is PN‑Schaknat‑Global‑v1‑2025‑10‑18. Effective date is 18 October 2025.