Privacy Policy

We are very pleased with your interest in our company. Data protection is of particular importance to the management
of HADI TEHERANI CONSULTANTS GMBH. It is generally possible to use the websites of HADI TEHERANI CONSULTANTS GMBH
without providing any personal data. However, if a data subject wishes to use special services provided by our company through
our website, it may become necessary to process personal data. If processing personal data is necessary and there is no legal
basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address, or phone number of a data subject, is always carried
out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection
regulations applicable to HADI TEHERANI CONSULTANTS GMBH. With this privacy statement, our company aims to inform the
public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are
informed of their rights under this privacy statement.

HADI TEHERANI CONSULTANTS GMBH, as the data controller, has implemented numerous technical and organizational measures
to ensure the most comprehensive protection of personal data processed through this website. Nevertheless, internet-based data
transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, each data subject
is free to transmit personal data to us via alternative means, such as by phone.

1. Definitions

The privacy statement of HADI TEHERANI CONSULTANTS GMBH is based on the terms used by the European legislator when enacting
the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easily readable and understandable for the public,
as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy statement, we use the following terms, among others:

a) Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable
natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification
number, location data, an online identifier, or one or more specific features that express the physical, physiological, genetic, mental, economic,
cultural, or social identity of that natural person.

b) Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection,
recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination
or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing

Restriction of processing means marking stored personal data with the aim of limiting its processing in the future.

e) Profiling

Profiling means any type of automated processing of personal data consisting of using that personal data to evaluate certain personal
aspects relating to a natural person, particularly to analyze or predict aspects concerning job performance, economic situation, health,
personal preferences, interests, reliability, behavior, location, or movements of that natural person.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject
without the use of additional information, provided that this additional information is kept separately and subject to technical and organizational
measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Controller or Data Controller

The controller or data controller is the natural or legal person, authority, institution, or other entity that alone or jointly with others determines
the purposes and means of processing personal data. If the purposes and means of such processing are determined by Union law or the law
of the Member States, the controller or specific criteria for its designation may be provided for by Union law or the law of the Member States.

h) Processor

A processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, authority, institution, or other entity to whom personal data is disclosed, whether a third party or not.
Authorities that may receive personal data in the context of a particular investigation under Union law or the law of the Member States are
not considered recipients.

j) Third Party

A third party is a natural or legal person, authority, institution, or other entity other than the data subject, the controller, the processor,
and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.

k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, either by a statement or by a clear
affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them.

2. Name and Address of the Data Controller

The data controller in the sense of the General Data Protection Regulation, other applicable data protection laws in the Member States of the
European Union, and other data protection regulations is:

Jürgen Wilhelm

HADI TEHERANI CONSULTANTS GMBH

Elbberg 1

22767 Hamburg

Germany

Phone: +49 (0)40 24 84 22 00

Email: info@htc-hamburg.de

Website: http://htc-consultants.de

3. Cookies

The websites of HADI TEHERANI CONSULTANTS GMBH use cookies. Cookies are text files that are placed and stored on a computer system
via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of
a string of characters that enables Internet pages and servers to be assigned to the specific Internet browser in which the cookie is stored. This allows
the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies.
An Internet browser can be recognized and identified by the unique cookie ID.

By using cookies, HADI TEHERANI CONSULTANTS GMBH can provide users with more user-friendly services that would not be possible without the
setting of cookies.

Cookies allow us to optimize the information and offerings on our website according to the user’s preferences. As mentioned, cookies enable us to
recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website
that uses cookies does not need to enter their access data again each time they visit the site, as this is taken over by the website and the cookie
stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items a
customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the used Internet browser
and can thus permanently object to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an Internet browser or other
software programs. This is possible in all common Internet browsers. If the data subject disables the setting of cookies in the used Internet browser, not
all functions of our website may be fully usable.

4. Collection of General Data and Information

The website of HADI TEHERANI CONSULTANTS GMBH collects a series of general data and information each time the website is accessed by a data
subject or an automated system. This general data and information is stored in the server’s log files. The following data may be collected: (1) the types
and versions of the browser used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our
website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website,
(6) an Internet Protocol (IP) address, (7) the Internet Service Provider of the accessing system, and (8) other similar data and information used to avert danger
in the event of attacks on our information technology systems.

When using this general data and information, HADI TEHERANI CONSULTANTS GMBH does not draw any conclusions about the data subject. Rather,
this information is needed to (1) deliver the contents of our website correctly, (2) optimize the contents of our website and the advertising for these, (3)
ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities
with the necessary information for law enforcement in the event of a cyber attack. These anonymously collected data and information are evaluated by
HADI TEHERANI CONSULTANTS GMBH on the one hand statistically and further with the aim of increasing data protection and data security in our company,
ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all
personal data provided by a data subject.

5. Routine Erasure and Blocking of Personal Data

The data controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as required by
European directives and regulations or other applicable laws and regulations to which the data controller is subject.

If the storage purpose ceases to apply or a storage period prescribed by European directives and regulations or other applicable legislation expires, the
personal data is routinely and in accordance with legal regulations blocked or erased.

6. Rights of the Data Subject

a) Right to Confirmation

Every data subject has the right granted by the European legislator to request from the controller a confirmation as to whether their personal data is
being processed. If a data subject wishes to exercise this right to confirmation, they may contact any employee of the controller at any time.

b) Right to Access

Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain free of charge information
about their stored personal data and a copy of this information from the controller at any time. Furthermore, the European legislator has granted the
data subject the right to be informed about the following information:

• The purposes of the processing
• The categories of personal data being processed
• The recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or
  international organizations
• If possible, the planned duration for which the personal data will be stored, or if not possible, the criteria used to determine this duration
• The existence of the right to rectification or erasure of personal data or restriction of processing by the controller or the right to object to such
  processing
• The existence of the right to lodge a complaint with a supervisory authority
• If the personal data is not collected from the data subject: All available information about the source of the data
• The existence of automated decision-making, including profiling, according to Article 22(1) and (4) GDPR, and — at least in these cases —
  meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization.
If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, they may contact any employee of the controller at any time.

c) Right to Rectification

Every data subject affected by the processing of personal data has the right granted by the European legislator to request the immediate rectification
of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data,
taking into account the purposes of the processing, including by means of a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact any employee of the controller at any time.

d) Right to Erasure (Right to be Forgotten)

Every data subject affected by the processing of personal data has the right granted by the European legislator to request the erasure of personal
data concerning them without undue delay, if one of the following reasons applies and the processing is not necessary:

• The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws their consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR,
  and there is no other legal basis for the processing.
• The data subject objects to the processing according to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing,
  or the data subject objects to the processing according to Article 21(2) GDPR.
• The personal data has been unlawfully processed.
• Erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to

e) Right to Restriction of Processing

Every data subject has the right to request the restriction of processing from the data controller if one of the following conditions is met:

1. The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of
   the personal data.
2. The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of its use.
3. The data controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment,
   exercise, or defense of legal claims.
4. The data subject has objected to processing according to Article 21(1) of the GDPR, and it is not yet clear whether the legitimate grounds
   of the data controller override those of the data subject.

If any of the above conditions apply and a data subject wishes to request the restriction of personal data stored by HADI TEHERANI CONSULTANTS GMBH,
they may do so by contacting an employee of the data controller at any time. The employee of HADI TEHERANI CONSULTANTS GMBH will initiate the restriction
of processing.

f) Right to Data Portability

Every data subject has the right to receive their personal data, which they have provided to a data controller, in a structured, commonly used,
and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the original controller,
provided that the processing is based on consent under Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or a contract under Article 6(1)(b)
of the GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the controller.

Furthermore, the data subject has the right to obtain the direct transmission of personal data from one controller to another, where technically feasible
and provided that this does not adversely affect the rights and freedoms of other individuals.

To exercise the right to data portability, the data subject can contact an employee of HADI TEHERANI CONSULTANTS GMBH at any time.

g) Right to Object

Every data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data, which is based
on Article 6(1)(e) or (f) of the GDPR, at any time. This also applies to profiling based on these provisions.

HADI TEHERANI CONSULTANTS GMBH will no longer process personal data in the event of an objection, unless we can demonstrate compelling
legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for
the establishment, exercise, or defense of legal claims.

If HADI TEHERANI CONSULTANTS GMBH processes personal data for direct marketing purposes, the data subject has the right to object at any
time to the processing of their personal data for such marketing. This also applies to profiling related to such direct marketing. If the data subject
objects to processing for direct marketing purposes, HADI TEHERANI CONSULTANTS GMBH will cease processing the personal data for these purposes.

Additionally, the data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal
data carried out by HADI TEHERANI CONSULTANTS GMBH for scientific or historical research purposes or statistical purposes according to Article 89(1)
of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact any employee of HADI TEHERANI CONSULTANTS GMBH directly or any other employee.
The data subject is also free to exercise their right to object with regard to the use of information society services, notwithstanding Directive 2002/58/EC,
by automated means using technical specifications.

h) Automated Decisions in Individual Cases, Including Profiling

Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal
effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into or performance of a contract
between the data subject and the controller, or (2) is based on Union or Member State law to which the controller is subject, and which also provides
for suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into or performance of a contract between the data subject and the controller, or (2) is based on the data
subject’s explicit consent, HADI TEHERANI CONSULTANTS GMBH will implement appropriate measures to safeguard the data subject’s rights and
freedoms and legitimate interests, including at least the right to obtain human intervention from the controller, to express their point of view, and to
contest the decision.

If the data subject wishes to assert rights related to automated decisions, they can contact an employee of the data controller at any time.

i) Right to Withdraw Consent

Every data subject has the right to withdraw consent to the processing of their personal data at any time.

If the data subject wishes to exercise the right to withdraw consent, they can contact an employee of the data controller at any time.

7. Data Protection in Applications and the Application Process

The data controller collects and processes the personal data of applicants for the purpose of conducting the application process. This processing
may also occur electronically, especially if an applicant submits their application documents electronically, for example, by email or via a web form
on the website. If the data controller enters into an employment contract with an applicant, the transmitted data will be stored for the purpose of
managing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant, the
application documents will be automatically deleted two months after notification of the rejection decision, unless there are other legitimate
interests of the data controller that prevent deletion. A legitimate interest in this context could be, for example, a need to prove in a procedure
under the General Equal Treatment Act (AGG).

8. Data Protection Provisions Regarding the Use of Google Analytics (with Anonymization Function)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web
analytics service. Web analytics is the collection, collection, and analysis of data about the behavior of visitors to websites. A web analytics
service captures data such as from which website a data subject has accessed a website (known as referrer), which subpages of the website
were accessed, or how often and for what duration a subpage was viewed. Web analytics is mainly used to optimize a website and to analyze
the cost-benefit ratio of online advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the “_gat._anonymizeIp” addition for web analytics via Google Analytics. This addition shortens and anonymizes the IP
address of the data subject’s internet connection by Google when accessing our websites from a Member State of the European Union or another
signatory state to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the visitor flows on our website. Google uses the obtained data and information, among
other things, to evaluate the use of our website, to compile online reports showing the activities on our websites, and to provide further services related
to the use of our website.

Google Analytics sets a cookie on the data subject’s information technology system. What cookies are has already been explained above.
By setting the cookie, Google is enabled to analyze the use of our website. Every time a page of this website, which is operated by the data
controller and on which a Google Analytics component is integrated, is accessed, the internet browser on the data subject’s information technology
system is automatically prompted by the respective Google Analytics component to transmit data for the purpose of online analysis to Google.
As part of this technical procedure, Google gains knowledge of personal data, such as the IP address of the data subject, which Google uses,
among other things, to track the origin of visitors and clicks and subsequently to enable commission settlements.

Using the cookie, personal information, such as access time, the location from which access was made, and the frequency of visits to our
website by the data subject, is stored. Each visit to our websites results in this personal data, including the IP address of the data subject’s internet
connection, being transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America.
Google may share these personal data collected through the technical process with third parties.

The data subject can prevent the setting of cookies through our website, as explained above, at any time by setting the web browser used
accordingly and thereby permanently object to the setting of cookies. Such a setting of the web browser would also prevent Google from
setting a cookie on the data subject’s information technology system. Furthermore, a cookie already set by Google Analytics can be deleted at
any time through the web browser or other software programs.

In addition, the data subject has the option to object to and prevent the collection of data generated by Google Analytics related to their use
of this website and the processing of these data by Google.
To do this, the data subject must download and install a browser
add-on from the following link: https://tools.google.com/dlpage/gaoptout.
This browser add-on informs Google Analytics via JavaScript that no data and information on visits to
websites are to be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection.
If the data subject’s information technology system is deleted, formatted, or reinstalled

[/vc_column_text][/vc_column][/vc_row]