1. Identity of the controller
Your personally identifiable information will be stored in HELLA GmbH & Co. KGaA. Controller is HELLA GmbH & Co. KGaA, Rixbecker Str. 75, 59552 Lippstadt, Germany. Any personally identifiable information (hereinafter referred to as “data”) that we process will be stored and used by HELLA to be compliant with the legal requirements for the use of conflict minerals based on the US Dodd Frank Act (Section 1902).

2. Purpose of processing personally identifiable information
Based on legal requirements of the US Dodd Frank Act (Section 1902), we are being asked by our customers to report on the use of what are known as "conflict minerals" in our products and bought-in parts. We are therefore writing to our suppliers in order to receive a feedback on whether "conflict minerals" are used in the products they manufacture for Hella (HELLA GmbH & Co. KGaA and companies linked to it in accordance with § 15 of Corporation Law) or in their production processes. After we collect the information from suppliers, we gather the data in a standard form named CMRT and send it to our customers. We have several departments from Hella involved: Purchasing (collects the data from suppliers worldwide, put together the list of suppliers), Sales (they maintain the relation with customers worldwide and sent them our completed CMRT form), legal US (keep us informed on changes regarding legal obligations on conflict minerals).

3. Collection, storage and processing of personally identifiable information
HELLA only stores data which is necessary in connection with the legal requirements, e.g. e-mail-address. The principle of data minimization is taken into account at all times. Your data will only be stored for as long as it is necessary to fulfil the purpose. Your data will then be deleted. We never use your data for other purposes than those mentioned above.

4. Legal basis
Section 1502 of the US law known as the "Dodd-Frank Act" includes a requirement that companies using gold, tin, tungsten and tantalum make efforts to determine if those materials came from the Democratic Republic of Congo (DRC) or an adjoining country and, if so, to carry out a "due diligence" review of their supply chain to determine whether their mineral purchases are funding armed groups in eastern DRC. The US Securities and Exchange Commission (SEC) issued the final rule implementing Section 1502 in August 2012. The rule requires companies to report publicly on their due diligence and to have their reports independently audited. The initial reporting period started in January 2013.

5. Recipients of data
Your data is stored on servers in the EU. Your data will neither be sold nor made available to other unauthorized third parties. HELLA assures that the data will only be forwarded within the HELLA Group, restricted in each case to the extent required in the process. As HELLA is a globally active company, it is also transferred to third party countries. An adequate level of data protection and the legal admissibility of the transfer is guaranteed at all times.

• Employees of the Purchasing, Sales, Legal and Environment departments within HELLA have access to your stored data. The data may not be used by these employees for their own purposes. These employees are bound to data secrecy.
• HELLA has commissioned ValueStream Europe GmbH as our data processor to conduct the inquiry through the supplier chain, process the data received from suppliers and to send Hella’s conflict minerals statement to the customers. Furthermore, ValueStream Europe GmbH is obliged to collect, process and use personally identifiable information only in accordance with our instructions and as contractually agreed.

6. Access, correction, deletion, restriction of processing, objection to processing
You have the right to request access to your data in written or electronic form or to transfer from HELLA at any time. In addition, you have the right at any time to delete any personal data, to object to the processing of the data, to restrict the processing or to have incorrect data corrected. (Note: If country-specific legal retention periods apply or if the data is still needed to defend against possible legal claims, the data will be blocked for a country-specific period before deletion.) You can revoke your consent to data processing at any time in writing. Please use the e-mail address dataprivacy.conflfnzz@jidcictminerals.sales@hella.com. Until that date, processing shall remain lawful. Should the processing of your data violate applicable law, you have the right to complain to a supervisory authority.

7. E-mail address for your contact: dataprivacy.conflukzk@yckyictminerals.sales@hella.com

8. E-mail address for questions about data privacy
If you have any questions regarding data privacy, please do not hesitate to contact our data privacy officer at dataprdqpo@wqbgivacy@hella.com