This Privacy Notice explains how I collect and process personal data in connection with: - this website; - business enquiries and communications; - B2B outreach and business development activities; - and the services offered under the name DealScaler. I am based in Germany and operate as an independent sole trader / self-employed individual. Where I process personal data relating to individuals in the United Kingdom, this Privacy Notice is intended to address applicable requirements under EU GDPR and, where relevant, UK GDPR and PECR.

Verantwortlicher für die Datenverarbeitung ist:

Vincent Lange trading as DealScaler Göbelstr. 15 30163 Hannover Germany Email: vincent@dealscaler.com Privacy contact: vincent@dealscaler.com

Depending on the context, I may process the following categories of personal data: Website and communication data - name - email address - phone number - company name - message content - booking or scheduling details - communication history Business and professional contact data - full name - business email address - business phone number - role or job title - employer or company - company website - LinkedIn or similar professional profile information - publicly available professional and business contact details Technical and usage data - IP address - browser type and version - device information - operating system - referring URLs - website access logs - date and time of access Outreach and CRM data - source of contact data - outreach history - reply status - unsubscribe or opt-out status - suppression / do-not-contact records - internal notes relevant to B2B relevance and communication status

Personal data may be collected: Directly from you For example when you: - contact me; - reply to an email; - book a call; - submit a form; - or otherwise communicate with me. From other sources For B2B business development and service-related purposes, personal data may also be obtained from: - company websites; - publicly available business and professional profiles; - LinkedIn and similar professional networking sources; - public directories; - referrals; - CRM and outreach systems; - data enrichment or business intelligence providers; - scheduling and communication platforms; - and other publicly or commercially available sources. Where personal data is obtained from a source other than the individual, the required privacy information is provided within the period required by applicable law and, where relevant, no later than the first communication.

Personal data is processed for the following purposes: a) Operating and securing the website Technical and usage data may be processed to operate, secure, and improve the website. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR / UK GDPR), namely secure and effective website operation. b) Handling enquiries and business communications If you contact me, your data may be processed in order to respond to your enquiry and manage further communication. Legal basis: - Art. 6(1)(b) GDPR / UK GDPR where processing is necessary for pre-contractual steps or the performance of a contract; - Legitimate interests (Art. 6(1)(f)) for efficient communication and administration. c) Providing services Personal data may be processed where necessary to provide B2B services, manage projects, perform agreements, and maintain business records. Legal basis: - Art. 6(1)(b) GDPR / UK GDPR; - Legitimate interests (Art. 6(1)(f)) where necessary for administration and service improvement. d) B2B outreach and business development Business contact data may be processed to identify relevant business contacts, assess professional relevance, and communicate in a proportionate B2B context about services offered under DealScaler. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR / UK GDPR), namely promoting and developing B2B services, maintaining commercial relationships, and contacting relevant professional business contacts in a proportionate and transparent manner. Where UK PECR applies, outreach practices are intended to reflect the distinction between corporate subscribers and individual subscribers / sole traders where relevant. e) Maintaining suppression / opt-out / do-not-contact records If a person objects to direct marketing or opts out, limited data may be retained in order to ensure that the objection is respected and that further marketing contact does not take place. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR / UK GDPR), namely honouring opt-out requests, maintaining compliance records, and preventing unwanted further contact. f) Legal compliance and defence of claims Personal data may be processed where necessary to comply with legal obligations, maintain records, or establish, exercise, or defend legal claims. Legal basis: - Art. 6(1)(c) GDPR / UK GDPR where a legal obligation applies; - Legitimate interests (Art. 6(1)(f)) for the establishment, exercise, or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time. If you object to direct marketing, your personal data will no longer be processed for those purposes. You can object at any time by: - replying to an email; - using any unsubscribe or opt-out option provided; - or contacting: vincent@dealscaler.com If you opt out, limited suppression data may be retained to ensure that your request is respected in future.

Personal data may be shared with the following categories of recipients where relevant: - hosting providers; - email and communication providers; - CRM and outreach platform providers; - scheduling providers; - data enrichment / business intelligence providers; - cloud storage and IT support providers; - legal, tax, and professional advisers; - courts, authorities, or regulators where legally required. Personal data is not sold in the ordinary sense of selling contact data to third parties for their independent marketing.

Depending on the actual setup, tools and providers may be used for website hosting, email communication, scheduling, CRM, outreach, data enrichment, storage, automation, and administration. This may include tools such as: - TidyCal for scheduling (Privacy Policy: https://tidycal.com/privacy-policy); - Clay for data structuring / enrichment; - Smartlead for outreach execution and campaign management; - and other service providers used as part of the operational setup. Only tools that are actually in use should be understood as active processing tools in practice.

Some service providers may process personal data outside the European Union, the European Economic Area, or the United Kingdom. Where personal data is transferred internationally, appropriate safeguards are intended to be used where required, such as: - adequacy decisions; - Standard Contractual Clauses; - or other lawful transfer mechanisms recognised under applicable law. Further information about relevant safeguards may be requested using the contact details above.

Personal data is retained only for as long as necessary for the purposes for which it was collected, including to: - respond to enquiries; - provide services; - maintain business records; - comply with legal obligations; - respect opt-out requests; - and establish, exercise, or defend legal claims. Retention periods may vary depending on the type of data and purpose of processing. Where data is no longer required, it will be deleted, anonymised, or restricted as appropriate.

Depending on the applicable law and circumstances, you may have the right to: - access your personal data; - rectify inaccurate or incomplete data; - erase personal data; - restrict processing; - object to processing; - object at any time to direct marketing; - receive personal data in a portable format where applicable; - and lodge a complaint with a competent supervisory authority. If personal data is processed on the basis of legitimate interests, you may object on grounds relating to your particular situation. Where personal data is processed for direct marketing, your right to object applies at any time and without needing to justify your request.

As I am based in Germany, the primary supervisory framework is in Germany. If you are located in the European Union, you may complain to the competent data protection supervisory authority in your place of residence, place of work, or the place of the alleged infringement. If you are located in the United Kingdom and UK GDPR applies to the relevant processing, you may also have the right to complain to the UK Information Commissioner's Office (ICO).

If this website uses cookies or similar technologies that are not strictly necessary, additional information may be provided in a separate cookie notice or consent mechanism. Where legally required, consent will be requested before non-essential cookies or similar technologies are placed on your device.

Appropriate technical and organisational measures are used to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

You are generally not legally required to provide personal data. However, without certain information it may not be possible to respond to your enquiry, communicate effectively, arrange a meeting, or provide requested services.

No decisions producing legal or similarly significant effects are made solely by automated means, unless expressly stated otherwise and legally permitted. Where automation or scoring is used in a limited B2B context, it is used only to support internal prioritisation or relevance assessment and not to make legally significant decisions about individuals.

This Privacy Notice may be updated from time to time to reflect legal, technical, or operational changes. The latest version will always be made available on the website. Effective date: 19 March 2026 Last updated: 19 March 2026