I. General information

1. Introduction

With the following data protection information, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent during your visit to our website www.kshuayualutech.com.

2. Responsible

The responsible part for data processing on this website pursuant to Art. 4 (7) of the General Data Protection Regulation (hereinafter referred to as DSGVO) is:

KS HUAYU AluTech GmbH
Hafen street 25
74172 Neckarsulm / Germany
Tel./Phone +49 7132 33–0
E-Mail-Address: kshuayu@de.rheinmetall.com

3. Data Protection Officer

The contact details of the KS HUAYU AluTech GmbH data protection officer are:

KS HUAYU AluTech GmbH
Data Protection Officer
Hafen street 25
74172 Neckarsulm / Germany
E-Mail-Address: DSB-RhAG@rheinmetall.com

II. Data processing on our website

In principle, you can visit our website without disclosing your identity. If you use certain functions/areas of our website, it may be necessary to provide or collect personal data depending on the circumstances. The details of the respective data processing are described below.

1. Hosting of the website / logging of website visits

In order to provide our website securely and efficiently, we use the services of the web hosting provider Alibaba Cloud Computing Ltd (No.12, Changtang Technology and Economic Area, Xihu District Hangzhou, Zhejiang, 310000 China), from whose servers (or servers managed by it) the website is accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services from Alibaba.

When you visit our website, we ourselves or Alibaba collect data on each access to the server (so-called server log files). The data collected includes:

• IP address
• Date and time of your visit
• The browser you are using incl. version
• The operating system you use, including version
• Which resources (e.g. sub-page, contact form) you call up on our website (is logged in the form of the so-called URL).
We process these server log files on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO for the following purposes:
• Ensuring the security and stability of the website (e.g. avoiding server overloads due to abusive attacks, so-called DDoS attacks).
• Ensuring a smooth connection of the website,
• Ensuring a comfortable use of our website,
• Evaluation of system security and stability

We reserve the right to check these server log files retrospectively if we become aware of specific indications of unlawful use. The data will be stored for 6 months.

2. Contact us

If you contact us (e.g. by e-mail, telephone), the details or data provided will be processed insofar as this is necessary to process or respond to the contact enquiry and any measures requested.

Data processing for the purpose of contacting us is based on our legitimate interest according to Art. 6 (1) lit. f DSGVO to appropriately process and respond to your enquiry. This legitimate interest also includes any necessary forwarding of your enquiry to affiliated companies. If you submit an enquiry in the context of a contractual or pre-contractual relationship with us, this enquiry is processed on the basis of Art. 6 (1) lit. b DSGVO to fulfil our contractual obligations or to respond to (pre-)contractual enquiries.

Your contact request (including the transmitted data) will be deleted no later than 7 days after completion, unless there are legal retention periods or other legitimate reasons for further retention (e.g. assertion, exercise or defence of legal claims). In the latter cases, your data will be deleted after expiry of the applicable statutory retention period (e.g. from commercial or tax law) or after the other legitimate reasons for processing no longer apply (the legal basis for further retention for these legitimate reasons is usually Art. 6 para. 1 lit. f DSGVO).

3. General information on the deletion of your data

The data we process will generally be deleted in accordance with the legal requirements as soon as it is no longer necessary to achieve the purpose of processing, the purpose of processing is fulfilled or no longer applies or you revoke any consent you may have given. In addition, we will delete your data if you request a corresponding deletion in accordance with Art. 17 DSGVO or - in the case of processing based on a balancing of interests in accordance with Art. 6 (1) lit. f DSGVO - if you object to this processing in accordance with Art. 21 DSGVO (further information on your rights can be found in Chapter IV. of this data protection information).

However, the deletion of your data may be precluded by legal retention periods or other justified reasons for retention on our part. Data that we are legally obliged to retain will be deleted once these retention periods have expired. Data that we continue to retain on the basis of opposing legitimate retention reasons (e.g. for the assertion, exercise or defence of legal claims pursuant to Article 17 (3) (e) DSGVO or Article 21 (1) DSGVO) will be deleted once these legitimate retention reasons no longer apply.

If the data is not deleted because it is required for other legally permissible purposes, its processing is limited to these purposes. This means that the data will be blocked and not processed for purposes other than these (e.g. defence against legal claims).

More detailed information on the specific storage or deletion of your data can be found in the individual sections of Chapter II "Data processing on our website" of this data protection information.

4. Links

Links to the following additional online or social media presences of the Rheinmetall Group are integrated on our website (see corresponding symbols in the footer/lower section of the website):

• LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:6390601566075777024 Clicking on the respective symbol or link will take you to the corresponding external online or social media platform. The data protection information stored there applies to the respective presence. Clicking on the respective symbol/link does not result in any data being transmitted by us to the external operators of the platforms.

III. Technical and organisational measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, considering the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

SSL encryption (https): In order to protect your transmitted data as best as possible, this website uses a so-called SSL encryption. You can recognise such encrypted connections by the prefix "https://" in the page link in the address line of your browser. Unencrypted pages are marked with "http://". Thanks to SSL encryption, all data that you transmit to this website - for example when making enquiries or logging in - cannot be read by third parties without further ado.

IV. Your right

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR.

Right to information (Art. 15 DSGVO): In accordance with the legal requirements, you have the right to request information about whether and to what extent we process your personal data.

Right to rectification (Art. 16 DSGVO): In accordance with the legal requirements, you have the right to request the completion or correction of incomplete or incorrect data concerning you.

Right to erasure (Art. 17 DSGVO): In accordance with the legal requirements, you have the right to demand that your personal data be deleted without delay. Note: The immediate deletion of your data may be precluded by statutory retention obligations or other justified reasons for retention.

Right to restriction of processing (Art. 18 DSGVO): In accordance with the legal requirements, you have the right to request a restriction of the processing of your personal data.

Right to data portability (Art. 20 DSGVO): In accordance with the legal requirements, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and - if technically feasible - to request that it be transferred to another controller.

Right to object (Art. 21 DSGVO): In accordance with the legal requirements, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, provided that the data processing is carried out to safeguard legitimate interests (cf. Art. 6(1)(e) or (f) DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to such processing for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Right of withdrawal of consent (Art. 7 para. 3 DSGVO): You have the right to revoke given consent at any time without giving reasons with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

To exercise your rights, please contact:

Rheinmetall AG
Rheinmetall Platz 1
40476 Düsseldorf
E-Mail-Adresse: info@rheinmetall.com

Right to lodge a complaint with a supervisory authority (Art. 77 (1) GDPR): In accordance with the law, you have the right to lodge a complaint with a data protection supervisory authority of your choice, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

V. Others

Modification and updating of the data information

We reserve the right to adapt this data protection information if changes in the legal situation or the data processing carried out by us make this necessary.

The currently displayed data protection information always applies to your visit. We will inform you if any changes require your cooperation (e.g. renewed consent) or other individual notification.

If we provide addresses and contact information of other companies and organisations in this data protection information, please note that the addresses may change over time. The terms used herein are not gender-specific.

Die vorliegend verwendeten Begriffe sind nicht geschlechtsspezifisch.

Status of this data protection information: 31 May 2022