1. Introduction and Scope

DastN GmbH ("DastN", "we", "us") takes the protection of personal data very seriously. This Privacy

Policy explains how we process personal data in accordance with Regulation (EU) 2016/679 (General

Data Protection Regulation – GDPR), the German Federal Data Protection Act (BDSG), and the German

Telecommunications and Telemedia Data Protection Act (TTDSG).

This Privacy Policy applies to all processing of personal data carried out by DastN in connection with:

• the use of our website (www.dastn.com),

• the use of our ERP- and portal-based systems (including Odoo-based platforms),

• international relocation and immigration services,

• recruitment and candidate placement services,

• digital transformation, IT, ERP, and advisory services,

• marketing, referral, affiliate, and business development activities,

• all communications with interested parties, clients, candidates, partners, and other stakeholders.

All interested parties initially interact with DastN through digital channels, in particular via our website and

ERP systems. This Privacy Policy therefore covers all entry points into our services.

2. Data Controller

The data controller within the meaning of Article 4(7) GDPR is:

DastN GmbH

Kurfürstendamm 194

10707 Berlin, Germany

Commercial Register: HRB 230821 B (Amtsgericht Charlottenburg)

Email: info@dastn.com

Phone: +49 30 700 159 547

3. Data Protection Contact Point

DastN has not appointed a formal Data Protection Officer within the meaning of Article 37 GDPR.

However, we have designated an internal contact point for data protection matters.

For all questions regarding this Privacy Policy or the exercise of your rights, please contact:

Data Protection Contact – DastN GmbH

Email: privacy@dastn.com

We regularly review whether the appointment of a Data Protection Officer becomes mandatory due to the

nature, scope, or scale of our processing activities.

4. Categories of Data Subjects

We process personal data relating to the following categories of data subjects:

1. Website visitors and users of online services

2. Prospective clients and business contacts

3. Clients and corporate customers (and their representatives)

4. Job applicants and candidates

5. Relocation candidates and their family members or dependants

6. Employees and former employees

7. Contractors, consultants, and external service providers

8. Affiliates, referrers, agents, and influencers

9. Users of ERP portals and digital platforms

10. Representatives and staff of partner organizations and employer clients

An individual may fall into more than one category simultaneously (e.g. a candidate who is also a website user or an affiliate).

5. Categories of Personal Data

Depending on the context, we may process the following categories of personal data:

• Identification data (name, date of birth, nationality)

• Contact data (email address, telephone number, address)

• Professional and employment data (CVs, qualifications, work history)

• Immigration and relocation data (passport copies, residence permits, visa information, work

permits)

• Family-related data (information on spouses, children, or dependants where required for

relocation)

• Contractual and commercial data

• Communication data (emails, messages, call notes)

• Usage and technical data (IP address, log files, device information)

• Marketing and interaction data

• Portal and account data

6. Sources of Personal Data

Personal data is collected:

• directly from you,

• via our website and digital portals,

• through ERP systems (including Odoo),

• via email communication (including where documents are submitted by users and uploaded by our staff on their behalf),

• from employer clients, partners, or authorized third parties,

• from public or professional sources where legally permitted.

7. Purposes of Processing and Legal Bases

We process personal data for the following purposes and on the following legal bases:

7.1 Contract Performance and Pre-contractual Measures

Processing necessary to provide relocation, recruitment, consulting, IT, and ERP services.

Legal basis: Article 6(1)(b) GDPR.

7.2 Communication and Relationship Management

Responding to inquiries, managing business relationships, and providing support.

Legal basis: Article 6(1)(b) and Article 6(1)(f) GDPR.

7.3 Recruitment and Relocation Services

Evaluation of candidates, placement with employer clients, immigration processing, and coordination with

authorities and partners.

Legal basis: Article 6(1)(b) GDPR; where required, Article 6(1)(a) GDPR (consent).

7.4 Processing of Special Categories of Data

Where immigration, relocation, or legal requirements necessitate the processing of sensitive or highly

confidential data, appropriate safeguards are applied.

Legal basis: Article 9(2)(a), (b), or (f) GDPR, in conjunction with Article 6 GDPR.

7.5 Marketing, Analytics, and Business Development

Marketing communications, lead management, analytics, and service improvement.

Legal basis: Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interests).

7.6 Legal Obligations

Compliance with statutory obligations under German and EU law.

Legal basis: Article 6(1)(c) GDPR.

7.7 Security and Fraud Prevention

Ensuring IT security and preventing misuse.

Legal basis: Article 6(1)(f) GDPR.

8. Profiling and Automated Processing

We may use automated tools for organizational, analytical, or marketing purposes (e.g. lead

categorization or campaign evaluation). These activities do not produce legal effects or similarly

significant effects on data subjects.

No decisions producing legal effects are made solely on automated processing within the meaning of

Article 22 GDPR.

9. ERP Systems and Role-Based Access

We use ERP and portal systems (including Odoo-based solutions) to manage services and interactions.

Access is role-based and limited to authorized users. Personal data may be uploaded directly by users

or, where necessary, by authorized staff acting on behalf of users.

10. Data Sharing and Recipients

We do not sell personal data. Data may be shared with:

• processors acting on our instructions (Article 28 GDPR),

• employer clients and partners involved in recruitment or relocation,

• public authorities where legally required,

• professional advisors and service providers.

11. International Data Transfers

Where personal data is transferred outside the EU/EEA, appropriate safeguards pursuant to Articles 44–46 GDPR are applied, including Standard Contractual Clauses.

12. Data Retention

Personal data is retained only as long as necessary for the respective purposes or statutory retention obligations. Thereafter, data is deleted or anonymized.

13. Data Security

We implement appropriate technical and organizational measures pursuant to Article 32 GDPR to protect personal data.

14. Cookies and Tracking

Our website uses cookies and similar technologies. Non-essential cookies are used only with consent in accordance with TTDSG and GDPR. Detailed information is provided via our cookie consent tool.

15. Data Subject Rights

Data subjects have the rights set out in Articles 12–22 GDPR, including access, rectification, erasure, restriction, data portability, and objection.

16. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or place of work.

17. Changes to this Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The current version is always available on our website.