Cookies Policy for the use of the DAR Lean Platform of DAR TECH Limited

At DAR TECH (DAR Lean Controller, more details in Privacy Policy:https://darlean.com/en/policy?region=eu), we believe in clear transparency between our users and the information they choose to share with us. To maintain that level of mutual trust and avoid any liability issues pertaining to user data collected and stored by us, here is a detailed set of information on the DAR Lean Cookie Policy.

1. What are Cookies?

   Cookies are a set of text and numbers that are stored in your browser memory in the form of a URL, to assist the browser in remembering user information that was previously used when the web page was last visited. Cookies can be accessed by the user’s computer or by the web server. A cookie itself does not contain any real information, since it is only a small text-string file. It is the browser that can read a cookie after it retrieves the cookie stored from the computer.

   There are two types of cookies. Session cookies are temporary and are deleted once the visited site is shut down. Persistent cookies are permanent and are stored in the browser’s subfolder. The server activates persistent cookies once the site that created them in the first place is re- visited.

2. Does DAR Lean use Cookies?

   At DAR Lean, we use cookies to help ensure our users have nothing short of the best possible experience visiting our website https://darlean.com/?region=eu and accessing our platform https://app.darlean.com/.

   The use of cookies enables us to first and foremost secure your visit to DAR Lean website and the platform. It is via the use of cookies that helps us distinguish if someone other than yourself is not attempting to access your DAR Lean account from another device. Usage of cookies enables our server to identify and grow conversant with the device that you normally use.

   Cookies also permit mutual exchange between our application and the users. You can share information and piles of data on the DAR Lean application, in turn, DAR Lean can share relevant ads with you.

3. What types of cookies does DAR Lean use?

   DAR Lean uses certain tracking technologies or tools that help us collect user cookies.

   Cookies can be used to collect information generated by a website and stored via an Internet user's browser. A cookie is a small file or text information (usually smaller than one Kbyte) placed by a website on the hard disk of a User’s computer or mobile device via the User's browser. A cookie allows the website to temporarily or permanently "remember" the User's actions or preferences. Most web browsers support cookies, but users can set their browsers to reject cookies. Users can also delete the cookies at any time. Many Users configure the cookie settings in their browsers to automatically delete cookies by default when the browser window is closed. Websites use cookies to identify users, remember their customers' preferences, and allow Users to complete tasks without having to re-enter information when they move to another page or revisit the website later.

   Cookies can also be used to collect information for targeted advertising and marketing based on online behaviour. For example, companies use software to track user behaviour and create personal profiles that allow them to show users advertisements tailored to their previous searches. There are different types of cookies. A classification can be made based on their lifetime:

   • Session Cookie: Session cookies are temporary cookies that are not permanently stored on the computer or mobile device used by the User. They are used as part of the login, authentication, and session management flows of the website. Certain session cookies are also used to understand, for example, if a User interacting with the website is a new visitor or a visitor returning as part of the same browsing session. These session cookies are erased when the User closes the browser, or after extended inactivity.
   • Persistent Cookie: Persistent cookies are those placed on the User’s computer or mobile device for a pre-determined length of time when a User visits a website. They are used on the website, for example, to understand (i.e. through Matomo services) what areas of the website are most popular, and how Users engage with them.

   Another classification can be made on the domain to which they belong:

   • First-Party Cookie: A First-Party Cookie is a Cookie stored on a User's device by the website they are currently visiting. These cookies are created and managed by the website's domain and are typically used to enhance user experience, remember preferences, and track User behavior on that specific site.
   • Third-Party Cookie: A Third-Party Cookie is a Cookie which is created and managed by a domain other than the one the user is currently visiting. These cookies are often used for cross-site tracking, advertising, and analytics purposes, enabling businesses to understand User behavior across multiple websites and deliver targeted ads based on those behaviors.

   If the web server that feeds the website stores cookies on the user's computer or mobile device, these are referred to as "HTTP header cookies". Furthermore, cookies can be stored by means of JavaScript code that is located or referenced on the page.

   Example: A website is offered in five different language versions. When you call up the website for the first time, you select the language version "English". A text file (a "persistent cookie") including the information that you want to use the website in the English language is now stored on your device. If you do not delete the cookies and call up the website again with the same browser, the website will know from the stored cookie that the website is to be displayed in English.

   More information on cookies can be found here: https://allaboutcookies.org/.

   Here is a list of all tracking technologies used on both the DAR Lean website and platform:

4. Web Tools including the Cookies set by these tools

   1. Userguiding.com

      Userguiding.com is an external service provided by Ynot Partners, Inc., 316 High Street, Palo Alto, CA 94301, USA. It is a tool that is used by DAR TECH to provide interactive onboarding processes, such as the Onboarding Checklist or the tutorial tour.

      DAR TECH transmits certain Master Data (e-mail, name of the company) as well as a unique ID and the pages of the DAR Lean Platform accessed by the User to this service for the purpose of providing the platform, in particular to present the available modules and to support onboarding.

      The legal basis for the transmission is the legitimate interest of DAR TECH (Art 6 (1) lit f GDPR), which is to be able to optimally display and present the available functionalities of the DAR Lean Platform to the User and to support the User in setting up his Workspace. Userguiding.com sets the following cookies:

      Domain	Cookie name	Cookie type	Category and purpose	Temporary/ Persistent	Storage duration
      app.darlean.com	__cf_b m	External	1st party cookie	Persistent	30 days
      app.darlean.com	wooTra cker	External	1st party cookie	Persistent	30 days

      The Service Provider makes its Privacy Policy available at the following location: https://Userguiding.com/privacy-policy/.

   2. Bitrix24.de

      Bitrix24.de is an external service provided by BITRIX24 LIMITED, Poseidonos, 1, LEDRA BUSINESS CENTRE, 'Egkomi 2406, Lefkosia, Cyprus.

      DAR TECH uses this service for the purpose of organizing communication with Users, thus to be able to answer User inquiries and provide support, as well as to enable proper presentation of the DAR Lean Platform and to optimize speed (for example by sideloading fonts). Among the data collected is the User name, the User phone number and the User e-mail-address.

      The legal basis is the legitimate interest of DAR TECH (Art 6 (1) lit f GDPR) to achieve the aforementioned purposes. Bitrix24.de sets the following cookie:

      Domain	Cookie name	Cookie type	Category and purpose	Temporary/ Persistent	Storage duration
      app.darlean.com	b24_sitebu tton_hello	Internal	Support and Marketing	Persistent	1 day

      The Service Provider makes its Privacy Policy available at the following location: https://www.bitrix24.de/gdpr/.

   3. Stripe

      Stripe is an external service offered and operated by Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

      Stripe is an online payment service provider. If the Contractual Partner makes a payment via the DAR Lean Platform, the relevant payment data (name, address, data on bank details), the IP address and data on the contract concluded with DAR TECH are transmitted to the payment service provider who subsequently stores the data.

      DAR TECH uses this service to perform the billing (processing regarding payment). The legal basis is the fulfilment of the contract (Art 6 (1) lit b GDPR) vis-à-vis the Contractual Partner; if cookies are used, additionally the prior consent of the Contractual Partner (Art 6 (1) lit a GDPR).

      The Service Provider makes its Privacy Policy available at the following location: https://stripe.com/de/privacy.

   4. Google Tag Manager

      Google Tag Manager is an external service offered and operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

      Google Tag Manager is a tag management system with which tracking codes and associated code fragments can be centrally integrated, managed and updated on the DAR Lean Platform. The service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

      The Google Tag Manager therefore serves as a mere system for passing through other tools, is hosted locally and does not transfer any personal data to Google. Information on processing in connection with these other tools can be found under the respective tools in this Privacy Statement.

      The service provider makes its privacy policy available at the following location: https://policies.google.com/technologies/partner-sites?hl=de&hl=de

   5. DialogFlow

      DialogFlow is an external service offered and operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

      DialogFlow is a natural language understanding platform used to design and integrate a conversational user interface into mobile apps, web applications, devices, bots, interactive voice response systems and related uses.

      DAR TECH uses DialogFlow to offer advice and to respond to Users’ requests by implementing the service into a chatbot solution. DialogFlow uses machine learning to understand inputs and respond accordingly. In general, DialogFlow does not request personal data from Users.

      Google Ireland Limited, Google LLC or Alphabet Inc. may anonymize the dialog created by the User and the DAR Lean Platform and subsequently use it to improve and train the DialogFlow product.

      The legal basis for processing is the consent given by the User in accordance with Art 6 (1) (a) GDPR and Art 49 (1) (a) GDPR. See in detail Section 10. Consent can be withdrawn at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

      Possible data recipients are:

      • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as Processor according to Art. 28 GDPR)
      • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
      • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

      The service provider makes its privacy policy available at the following location: https://cloud.google.com/dialogflow/docs/data-logging-terms?hl=en.

   6. jsDelivr

      jsDelivr is an external service offered and operated by ProspectOne sp. z.o.o., Królewska 65A/1, 30-081, Kraków, Poland.

      jsDelivr is a Content Delivery Network (CDN) for open-source files, such as common frontend libraries like ReactJS.

      DAR TECH uses this service to automatically keep certain libraries used for the DAR Lean Platform up to date by automatically including the latest distribution into it, to safeguard IT Security and to optimize the loading time of the DAR Lean Platform. When the User accesses the DAR Lean Platform, certain Connection Data to the aforementioned service provider is transmitted.

      The legal basis for processing is the legitimate interest of DAR TECH (Art 6 (1) lit f GDPR) to be able to fulfil the aforementioned purposes, especially to keep the DAR Lean Platform up to date and to avoid security flaws caused by outdated libraries.

      The service provider makes its privacy policy available at the following location: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

   7. Matomo

      Matomo is an open source web analytics application to track online visits to websites and display reports on these visits for analytics. DAR TECH uses this service to statistically analyze the User structure and subsequently optimize the DAR Lean Platform. DAR TECH collects the following personal data: User IP address, Optional User ID, Date and time of the request, Title of the page being viewed (Page Title), URL of the page being viewed (Page URL), URL of the page that was viewed prior to the current page (Referrer URL), Screen resolution being used, Time in local user’s timezone, Files that were clicked and downloaded (Download), Links to an outside domain that were clicked (Outlink), Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed), Location of the user: country, region, city, approximate latitude and longitude, Main Language of the browser being used, User Agent of the browser being used, Random unique Visitor ID, Time of the first visit for this user, Time of the previous visit for this user, Number of visits for this user.

      The legal basis for processing is the legitimate interest of DAR TECH pursuant to Art 6 (1) (f) GDPR to improve the DAR Lean Platform and to understand the user structure. If cookies are set, the legal basis for processing is consent given by the User in accordance with Art 6 (1) (a) GDPR. Consent can be withdrawn at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

      DAR TECH is hosting Matomo locally on own server infrastructure, thus personal data collected is not transferred to third parties. DAR TECH sets the following cookies:

      Domain	Cookie name	Cookie type	Category and purpose	Temporary/ Persistent	Storage duration
      app.darlean.com	app.darlean.com	_pk_id	Internal	Marketing and Performance Tracking	Persistent

   8. Facebook Single Sign-on

      Facebook Single Sign-on is an authentication (single sign-on) service operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (formerly Facebook, Inc).

      DAR TECH uses this service to allow users to log in to the platform using the Facebook login without having to create a specific user account (with individual email and password).

      The legal basis for processing is the explicit consent given by the User in accordance with Art 6 (1) (a) GDPR and Art 49 (1) (a) GDPR. See in Detail Section 10. Such explicit consent is given by the User clicking on the "Facebook" button on the login page of the DAR Lean Platform. Consent can be withdrawn at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

      The service provider makes its privacy policy available at the following location: https://www.facebook.com/privacy/policy/.

   9. Google Single Sign-On

      Google Single Sign-on is an authentication (single sign-on) service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

      DAR TECH uses this service to allow users to log in to the platform using the Facebook login without having to create a specific user account (with individual email and password).

      The legal basis for processing is the explicit consent given by the User in accordance with Art 6 (1) (a) GDPR and Art 49 (1) (a) GDPR. See in Detail Section 10. Such explicit consent is given by the User clicking on the "Google" button on the login page of the DAR Lean Platform. Consent can be withdrawn at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

      The service provider makes its privacy policy available at the following location: https://policies.google.com/privacy?hl=en.

5. Contact details of DAR TECH as Controller of DAR Lean

   For inquiries regarding data protection or the exercise of data subject rights, please contact exclusively:

   DAR TECH Limited
   Themistokli Dervi, 3, Julia House
   CY-1066 Nicosia
   Cyprus
   E-mail: info-eu@darlean.com

Valid from: 18.04.2023

DAR TECH reserves the right to change and/or amend this Cookies Policy from time to time.