Privacy Policy — Apeiron Defense Technologies UG (haftungsbeschränkt) i. Gr.

🇬🇧 English (non-binding translation)

> This English version is provided for convenience only. In the event of any > discrepancy, the German version above is legally binding.

Last updated: [PLACEHOLDER – publication date]

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data-protection provisions is:

Apeiron Defense Technologies UG (haftungsbeschränkt) i. Gr. Jahn-Joshua Cremer Königskamp 32 52428 Jülich Germany Phone: +49 2461 59360 Email: jahnjoshuacremer@gmail.com

> A Data Protection Officer is not mandatorily required by law [PLACEHOLDER – verify > whether a designation obligation arises under Art. 37 GDPR; add contact details if > applicable].

2. General / Definitions

Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, email address, IP address). We process personal data exclusively in accordance with the GDPR, the German Federal Data Protection Act (BDSG), and the TDDDG (formerly TTDSG).

3. Legal bases for processing (Art. 6 GDPR)

Where we process personal data, we rely on the following legal bases:

• Art. 6(1)(a) GDPR – consent (e.g. for analytics cookies);
• Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures;
• Art. 6(1)(c) GDPR – compliance with legal obligations;
• Art. 6(1)(f) GDPR – legitimate interests (e.g. technical operation, IT

security, server log files).

For storing information on, or accessing information in, your terminal equipment (cookies/local storage), § 25 TDDDG (formerly § 25 TTDSG) additionally applies.

4. Hosting

This website is operated on servers located in Germany (hosting via phi-hosting.de / Plesk platform). All data processing connected with operating the website takes place exclusively on servers within the European Union. No third-country transfer occurs through hosting. A data processing agreement pursuant to Art. 28 GDPR is concluded with the hosting provider [PLACEHOLDER – conclude/ confirm DPA with phi-hosting.de]. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, efficient provision of our online offering).

5. Server log files

When our website is accessed, the web server automatically stores information in server log files: anonymised/truncated IP address, date and time of the request, requested URL/file name, HTTP status code and volume of data transferred, referrer URL, and user agent (browser type and operating system). This data is technically necessary to deliver our website and ensure its stability and security; it is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Log files are deleted after 7 days, unless longer retention is required in individual cases to investigate security-relevant incidents.

6. Cookies & consent (§ 25 TDDDG / § 25 TTDSG)

Our website uses cookies or comparable technologies. Strictly necessary cookies required to operate the website and store your cookie choice are set without consent (§ 25(2) TDDDG; Art. 6(1)(f) GDPR). All non-essential cookies (e.g. statistics/ analytics or marketing) are set exclusively with your active, prior consent via our cookie banner (§ 25(1) TDDDG; Art. 6(1)(a) GDPR). No non-essential cookies are set and no scripts are loaded before consent.

You can withdraw or adjust your consent at any time with effect for the future via the permanently available "Cookie settings" link (in the footer / in this privacy policy). Withdrawing consent is as easy as giving it.

7. Web analytics (optional — only if actually used)

> [PLACEHOLDER – Keep this section only if an analytics tool is actually deployed; > otherwise remove entirely.]

If you have consented, we use [PLACEHOLDER – e.g. Google Analytics 4 / self-hosted Matomo] for statistical evaluation of website use, exclusively on the basis of your active consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). Without consent, no analytics data is collected or transmitted. Processed data / retention / any third-country transfer and its legal basis: [PLACEHOLDER]. You may withdraw consent at any time via cookie settings.

> Recommended: For a defence company, a self-hosted, cookieless/anonymised > analytics solution (e.g. Matomo) or no tracking at all is recommended on privacy > and security grounds.

8. Contact (email / contact form)

If you contact us by email or via a contact form [PLACEHOLDER – mention only if a form exists], your details (e.g. name, email address, message content) are processed to handle your enquiry and for possible follow-up questions. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding). Data is deleted once no longer required and no statutory retention obligations apply.

> ⚠️ Important security notice (defence context): > Please do not submit any classified, confidential, security-sensitive, or > export-controlled information (within the meaning of the AWG/AWV, EU Dual-Use > Regulation (EU) 2021/821, or comparable rules) via our web forms, email, or any > other unencrypted or non-approved channel. To transmit sensitive information, > please first arrange a secure, approved communication channel.

9. Newsletter (optional)

> [PLACEHOLDER – Keep only if a newsletter is offered; otherwise remove.]

If you subscribe to our newsletter, we process your email address on the basis of your consent (Art. 6(1)(a) GDPR) using the double-opt-in procedure. You can unsubscribe at any time via the link in every email or by contacting us.

10. Recipients / processors

Your data is only disclosed to third parties where legally permitted or where you have consented. Processors (e.g. hosting providers) are carefully selected and contractually bound pursuant to Art. 28 GDPR. [PLACEHOLDER – list of processors/ service providers, if applicable].

11. Retention period

We store personal data only as long as necessary for the respective purposes or as required by statutory retention periods (e.g. 6 or 10 years under § 257 HGB, § 147 AO). After the purpose ceases or the periods expire, the data is deleted.

12. Your rights as a data subject (Art. 15–21 GDPR)

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection to processing (Art. 21, in particular against processing based on Art. 6(1)(f)), and withdrawal of consent with effect for the future (Art. 7(3)). An informal message to jahnjoshuacremer@gmail.com is sufficient.

13. Right to lodge a complaint with a supervisory authority

Without prejudice to other remedies, you have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR). The authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW) Kavalleriestraße 2–4, 40213 Düsseldorf, Germany https://www.ldi.nrw.de

You may also contact the supervisory authority of your habitual residence or place of work.

14. Data security (SSL/TLS encryption)

For security reasons and to protect the transmission of sensitive content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the "https://" in your browser's address bar.

15. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The current version applies to your next visit.

Stand / Last updated: [PLACEHOLDER – Datum / date]