Privacy Policy

The protection of your personal data is very important to us. We therefore process your personal data exclusively in strict accordance with data protection regulations. These are the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other legal regulations. The following information provides a simple overview of what happens to your personal data when you visit our website or our social media profiles, contact us or how we process your personal data in the context of the business relationship.

Contact details

‌

Information on the responsible party

‌

aiio GmbH

Klausenerstraße 10a

39112 Magdeburg

Phone: 0391 251 948 79

E-mail: info@aiio.de

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Data protection officer

‌

Mandy Herrmann

LGD Datenschutz GmbH

Rogätzer Straße 8

39106 Magdeburg

Phone: 0391 5568632-2

E-mail: datenschutz@lgd-data.de

1. If you contact us with a request

‌

You can contact us with your concerns at any time. You can do this by phone, letter, e-mail or in person. We also provide a contact form on our website. The data that you send us with your request is always provided voluntarily.

Personal data:

- Name

- Company

- Email Address

- Message

Purposes of processing:

- Processing your request

Legal basis:

- Art. 6 para. 1 lit. b GDPR within the framework of the contract or pre-contractual measures

- Art. 6 para. 1 lit. f GDPR to protect legitimate interests (processing the request)

Recipient of the data:

- Internal departments

- Entities to whom we forward the data at your request

Retention period:

- After processing is complete, the data will be archived

- Data subject to statutory retention requirements will be deleted after 6 years

Objection:

- If the data processing serves to protect our legitimate interests, you have the right to object to the processing. Please send your objection in writing to the address provided or by email to info@aiio.de. In the event of an objection, your request cannot be processed.

2. Data collection on the website

‌

When you visit our website, the following data is automatically processed:

2.1 Server log files

When you visit our website, you automatically transmit information to our web server. The provider is Amazon Web Service (AWS). The data centers of this provider are located in Ireland. Nevertheless, it can happen that personal data is also stored on servers in the USA. There is no adequacy decision of the European Commission for the USA. The processing of personal data is therefore based on standard data protection clauses of the European Commission. The following data is recorded during the browser session:

Personal data:

- Browser type and browser version

- Operating system used

- Referrer URL

- Hostname of the accessing computer

- Date and time of the server request

- IP address

Purposes of processing:

- Operation of the website, evaluation of malfunctions

Legal basis:

- Art. 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

Recipient of the data:

- AWS

Retention period:

- 14 days

Objection:

- The collection of data for the provision of the website and the storage of data in server log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

2.2 Cookies

Our website uses so-called "cookies." Cookies are small data sets and do not cause any damage to your device. They are temporarily stored on your device, for example, for the duration of a session (session cookies). This is technically necessary. It is automatically deleted by your browser after you leave our website.

Personal data:

- Session cookies do not store any information that can be used to identify the website visitor.

- The server generates a "Session ID" that is transmitted to the client. This ID is a randomly generated number that the session cookie temporarily stores. It is only used to assign the website visitor to a specific session.

Purposes of processing:

- Operation of the website, evaluation of malfunctions

Legal basis:

- Art. 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

Recipient of the data:

- None

Retention period:

- Cookies are deleted after the end of the browser session.

Objection:

- Technical cookies are stored on your computer and transmitted from there to our site. Therefore, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

2.3 Finsweet Cookie Consent

We use the Finsweet consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in compliance with data protection regulations. The provider is Finsweet Inc., 2774 Harbor Rd Merrick, NY,11566-4608, USA. We process your personal data as follows:

Personal data:

- Date and time of the server request

- Browser type and browser version

- Operating system used

- Referrer URL

- IP address

- Information on consent behavior

Purposes of processing:

- Obtaining, managing and documenting consent behavior

Legal basis:

- Art. 6 para. 1 lit. c GDPR

Recipient of the data:

- Internal departments

- Finsweet

Retention period:

Finsweet sets a cookie in your browser to associate you with the consents you have given or their revocation. The data collected in this way is stored until you delete the cookie yourself or is deleted after 180 days at the latest.

Revocation:

- You can change your settings at any time in the cookie settings.

2.4 Google Tag Manager

We manage website tags (website code) with Google Tag Manager. The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in managing and continuously improving our services and reducing your loading time. Google Tag Manager only implements website code. Google Tag Manager itself does not generate cookies and does not collect any personal data. It merely integrates the website code that we have stored elsewhere and that can be used to collect data. It is therefore only used to facilitate the management of the respective code, but does not itself access the data processed by the code.

2.5 Google Analytics

We use Google Analytics on this website for website analysis. Google Analytics is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information about your use of our website automatically collected by Google is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. We have concluded standard contractual clauses with Google, which guarantee compliance with an adequate level of data protection. We have activated IP anonymization on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Personal data:

- IP address

- Referrer URL

- Website access (frequency and duration)

Purposes of processing:

- Analysis of visitor flows on our website

- Evaluation of website usage

Legal basis:

- Art. 6 para. 1 lit. a GDPR

Recipient of the data:

- Internal departments

- Google Ireland Ltd. and Google LLC

Retention period:

- 24 months

Revocation:

- You can change your settings at any time in the privacy settings.

You can find more information about Google Analytics here: https://policies.google.com/privacy?hl=de

2.6 Google Ads

We use the "Google Ads conversion tracking" function of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Ads conversion tracking uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website when you have clicked on a Google ad. The information collected by Google is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. We have concluded a data processing agreement and standard data protection clauses with Google, with which Google undertakes to process the data received only in accordance with our instructions and to comply with the EU data protection level.

Personal data:

- IP address

- Referrer URL

- Website access (frequency and duration)

Purposes of processing:

- Analysis of visitor flows on our website

- Evaluation of website usage

- Evaluation of the advertising measures carried out (online marketing measures)

Legal basis:

- Art. 6 para. 1 lit. a GDPR

Recipient of the data:

- Internal departments

- Google

Retention period:

- The cookies are stored for 90 days and then automatically deleted.

Revocation:

- You can change your settings at any time in the privacy settings.

You can find more information about Google Ads here: https://policies.google.com/privacy?hl=de or https://support.google.com/adwords/answer/93148?ctx=tltp

2.7 Integration of YouTube videos

We have integrated videos from the YouTube platform on our website. The operator is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube belongs to the Google Group, here Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The following data is processed:

Personal data:

- IP address

- Data that your browser automatically transmits (operating system of your device, browser type and version, date and time of the server request)

- Language settings, login information, location/radius information

Purposes and legal basis of the processing:

- The data processing is carried out in the interest of an appealing presentation of our online offers in accordance with Art. 6 Para. 1 lit. f GDPR.

Recipient of the data:

- By integrating the video, a connection to Google servers is established, so that Google receives your personal data. Google also processes your personal data in the USA.

- A connection is also established to Google's “Double Click” advertising network in the USA.

Retention period:

- The lifespan of the cookies depends on their respective purpose. You can find the purposes and lifespan of the respective cookies in the following list:

NID

The NID cookie contains a unique ID that Google uses to store your preferred settings and other information.

6 months

CONSENT

This cookie is used to store cookie consent settings regarding YouTube.

400 days

‌

VISITOR_INFO1_LIVE

This is a cookie that YouTube sets to calculate the user's bandwidth. This information determines whether the user should use the new or old user interface of the player.

6 months

‌

YSC

This cookie is set by YouTube on websites with embedded YouTube videos.

Session

‌

IDE

390 days

‌

Nextid, requests

Registers a unique ID to maintain statistics of the YouTube videos that the user has viewed.

1 year

‌

remote_sid

These are set as soon as a YouTube video is embedded and played on our site, enabling the correct functionality of these

YouTube videos.

Session

Further information on the purpose and scope of data collection and processing by YouTube can be found in Google's privacy policy. There you can find information about your rights against Google and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy

2.8 Google Maps

We use Google Maps on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

Personal data:

- Browser type and browser version

- Operating system used

- Referrer URL

- Hostname of the accessing computer

- Date and time of the server request

- IP address

Purposes and legal basis of the processing:

- Data processing is carried out in the interest of an appealing presentation of our online offers and easy discoverability of the locations specified by us on the website, based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.

Recipient of the data:

- By integrating Google Maps, a connection to Google servers is established, so that Google receives your personal data. Google also processes your personal data in the USA.

Retention period:

- Cookies set by Google Maps are deleted after 2 years at the latest. You can find the specific lifespan of the cookies in our cookie settings.

2.9 Meta Pixel

We use Meta Pixel from the social network Facebook on our website, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Meta Pixel is an analysis tool that allows us to measure the effectiveness of our advertising by analyzing the actions users take on our website. With the help of the Meta pixel, we also want to ensure that our Facebook ads match the potential interests of users and are not annoying. With the help of the Meta Pixel, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advertisement (so-called "conversion").

Personal data:

- IP address

- Information that your browser automatically transmits (operating system of your device, browser type and version, date and time of the server request)

- Language settings, login information, location/radius information

- Browsing behavior

Purposes of processing:

- Analysis of website usage

- Display of user-related advertising

- Measuring the effectiveness of Facebook ads

Legal basis:

- Art. 6 para. 1 lit. a GDPR

Recipient of the data:

- Meta stores cookies on users' devices. If users then log into Facebook, for example, or visit Facebook when logged in, the visit to our online service is noted in the Facebook profile. The data collected is anonymous for us, i.e. it does not allow us to draw any conclusions about the identity of the users.

- The data collected is transferred to a Meta server in the USA and stored there.

Retention period:

The lifespan of the cookies depends on their respective purpose. You can find the purposes and lifespan of the respective cookies in the following list:

This cookie stores browser details.

2 years

This cookie is used to read the screen resolution.

1 week

‌

datr

This is a cookie for evaluating usage data for statistical purposes for non-logged-in users.

1 week

‌

presence

This cookie is used to save the user's chat status.

Session

This cookie is used to deliver advertisements and measure and improve their relevance.

3 months

‌

This cookie is used to prevent users from seeing ads from Meta that are based on their activities on third-party websites.

5 years

‌

This cookie stores a unique session ID.

1 year

c_user

This cookie stores the unique Facebook account number for logged-in users.

1 year

usida

A Facebook cookie that collects a combination of the user's browser and a unique identifier and is used to tailor advertising to users.

Session

For more information about the purpose and scope of data collection and processing by Meta, please refer to Meta's privacy policy at https://www.facebook.com/about/privacy/legal_bases and in the Facebook data policy.

Revocation:

- You can change your settings at any time in the privacy settings.

‌

2.10 Lead Forensics

To optimize our services, we use Lead Forensics on our website, a service of Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, UK.

Lead Forensics does not use cookies. When you visit our website, Lead Forensics collects the IP address and transmits it to Lead Forensics, where the IP address is then compared with its own data records in a global database of company and business information. This includes processing data about your company and the decision-makers stored in the database. This may also include personal data such as first name, last name, email address, social profiles (limited to LinkedIn) and the business IP address. This data is not matched with the specific IP address. Lead Forensics does not assign the IP address to the personal data stored in the database. As soon as the data has been matched, the IP address is anonymized by Lead Forensics.

After the data reconciliation, we receive information from Lead Forensics' database that has been assigned to the relevant IP address. This allows us to see who is interested in our products. We receive from Lead Forensics the actual history of your visit to our website. This includes an overview of all pages you visited and how long you were on each page. Use is only with your prior express consent. Further information can be found at: https://www.leadforensics.com/privacy-policy/. The legal basis for the use of Lead Forensics is Art. 6 para. 1 lit. a GDPR. Consent is voluntary and can be revoked at any time. We store and process the data until consent is revoked, unless further processing is covered by another legal basis.

‌

3. Social Media Presence

‌

3.1 Facebook

Meta (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as Meta), as the operating company of Facebook, is solely responsible for the processing of personal data when you visit our Facebook page (hereinafter referred to as Fanpage). We would like to point out that you use our fan page and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, liking, sharing). When you visit our Facebook page, your data is processed as follows:

Personal data:

- When you simply visit our fan page, we do not process any personal data. In particular, we do not operate the servers on which the content of the fan page and the associated communication are stored and processed.

- If you communicate with us via the fan page, we process your message and can view your username and current profile picture.

- When you access our fan page, your IP address is transmitted to Meta. According to Meta, this IP address is anonymized. Meta also stores information about the user's end devices (e.g. as part of the "Login notification" function). The data may also be transmitted by Meta to countries outside the European Union. In particular, it is conceivable that some of the personal data collected may also be processed outside the European Union by Meta Platforms, Inc. based in the USA. We ourselves do not pass on any personal data.

- Meta describes which data Meta processes in detail for which purposes and on which legal basis and which contact and configuration options exist in the legal basis for the processing of data at https://www.facebook.com/about/privacy/legal_bases and in the Facebook data policy. This applies to all offers from Meta products.

- We are not aware of how Meta uses the personal data generated from visiting fan pages for its own purposes and to what extent Meta may assign certain data to specific users.

Purposes and legal basis of the processing:

- We operate the fan page to present content to you, so that you can communicate with us or to link you to other interesting online content. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR.

Storage period:

- We delete messages transmitted in connection with our fan page as soon as the purpose of storage has been achieved, you request us to delete them or the purpose for storage no longer applies. Messages that are subject to commercial or tax retention periods are retained for 6 years.

Processing of Page Insights:

- Meta provides us with page summaries in anonymized form for our fan page (so-called Page Insights). Page Insights are an overview of all key figures within a specific period. For example, we can learn more about our target group and find out which content is best received.

- With Insights, we can only carry out anonymous evaluations based on aggregated data on the use of our fan page. Furthermore, we do not collect any further data from visiting our fan page. This processing of personal data is carried out by Meta and us as joint controllers.

- If you are logged in to Facebook, there is a cookie with your Facebook ID on your end device. This enables Meta to track that you have visited our fan page and how you have used it.

- If you want to avoid this, you should log out of Facebook or deactivate the "stay logged in" function and delete the cookies on your device. In this way, Facebook information that can be used to directly identify you will be deleted. This allows you to use our fan page without revealing your Facebook ID. If you access interactive functions of the fan page (press "Like", comment, share, send messages, etc.), a Facebook login screen appears. After logging in, you will be recognizable to Facebook again as a specific user.

Purposes and legal basis of the processing:

- The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in evaluating visits to our fan page and improving our fan page based on these findings.

- We have an agreement with Meta regarding processing as joint controllers, which defines the distribution of data protection obligations between us and Meta. The agreements with Meta on joint responsibility essentially mean that information requests and the assertion of other data subject rights, in particular objections, should reasonably be made directly to Meta. As the provider of the social network, Meta alone has direct access to the necessary information and can also directly take any necessary measures and provide information. Should our support still be required, you can contact us at any time.

- Your right to assert corresponding claims directly against us remains unaffected.

- Details on the processing of personal data for the creation of Page Insights and the essential content of the agreement concluded between us and Meta can be found in the information on Page Insights.

If you have any further questions regarding the processing of your personal data, please contact Meta's data protection officer via the form provided or our data protection officer via the contact information above.

Further information can be found in Facebook's data policy.

3.2 Instagram

Meta (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as Meta), as the operating company of Instagram, is solely responsible for the processing of personal data when you visit our Instagram presence (hereinafter referred to as Fanpage). We would like to point out that you use our fan page and its functions under your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, liking, sharing). When you visit our Instagram account, your data is processed as follows:

Personal data:

- If you communicate with us via the fan page, we process your message and can view your username and current profile picture.

- When you access our fan page, your IP address is transmitted to Meta. According to Meta, this IP address is anonymized. Meta also stores information about the user's devices (e.g. as part of the "login notification" function). The data may also be transmitted by Meta to countries outside the European Union. In particular, it is conceivable that some of the personal data collected may also be processed outside the European Union by Meta Platforms, Inc., which is based in the USA. We ourselves do not pass on any personal data.

- Meta describes which data Meta processes in detail, for what purposes and on what legal basis, and what contact and configuration options exist, in the legal basis for the processing of data at https://www.facebook.com/about/privacy/legal_bases and in Instagram's data protection policy. This applies to all offers from Meta products.

- We are not aware of how Meta uses the personal data generated from visiting fan pages for its own purposes and to what extent Meta may assign certain data to specific users.

Purposes and legal basis of the processing:

Storage period:

- We delete messages transmitted in connection with our fan page as soon as the purpose of storage has been achieved, you request us to delete them or the purpose for storage no longer applies. Messages subject to commercial or tax retention periods will be retained for 6 years.

Processing of Page Insights:

- If you are logged in to Instagram, there is a cookie with your Instagram ID on your device. This enables Meta to track that you have visited our fan page and how you have used it.

- If you want to avoid this, you should log out of Instagram or deactivate the "stay logged in" function and delete the cookies on your device. In this way, Instagram information that can be used to directly identify you will be deleted. This allows you to use our fan page without revealing your Instagram account. If you access interactive functions of the fan page (like, comment, share, send messages, etc.), an Instagram login screen will appear. After logging in, you will be recognizable to Instagram as a specific user again.

Purposes and legal basis of the processing:

- The processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in evaluating visits to our fan page and improving our fan page based on these findings.

- Your right to assert corresponding claims directly against us remains unaffected.

Further information can be found in Instagram's privacy policy.

3.3 YouTube

YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA is responsible for our YouTube channel. YouTube LLC belongs to the Google Group and is represented by Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We do not process any personal data when you visit our YouTube channel. In particular, we do not operate the servers on which the content of the channel and the associated communication are stored and processed.

If you communicate with us via the YouTube channel, we will receive your message including your username.

Further information on the processing of your personal data by YouTube or Google can be found here: https://policies.google.com/privacy?hl=de&gl=de

Personal data:

- When you simply visit our YouTube channel, we do not process any personal data. In particular, we do not operate the servers on which the content of the YouTube channel and the associated communication are stored and processed.

- If you communicate with us via the YouTube channel, we process your message and can view your username.

- When you access our YouTube channel or play the videos, your IP address is transmitted to YouTube. YouTube also stores information about the user's devices. The data is also transmitted by YouTube to countries outside the European Union. The personal data collected is processed outside the European Union by Google LLC, which is based in the USA. We ourselves do not pass on any personal data.

- You can find out which data YouTube processes in detail, for what purposes and on what legal basis, and what contact and configuration options are available in Google's privacy policy.

Purposes and legal basis of the processing:

- We operate the YouTube channel to present content to you, so that you can communicate with us or to link you to other interesting online content. The legal basis for processing is Art. 6 para. 1 lit. f GDPR.

Storage period:

- We delete the messages transmitted to us as soon as the purpose of storage has been achieved, you request us to delete them or the purpose for storage no longer applies. Messages subject to commercial or tax retention periods will be retained for 6 years.

3.4 Twitter

For the short message service offered here, we use the technical platform and services of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We would like to point out that you use the Twitter short message service offered here and its functions under your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).

Personal data:

- When you simply visit our Twitter channel, we do not process any personal data. In particular, we do not operate the servers on which the content of the Twitter channel and the associated communication are stored and processed.

- If you communicate with us via the Twitter channel, we will process your message and be able to view your username.

- The data collected about you when using the service is processed by Twitter and, if necessary, transferred to countries outside the EU. This includes your IP address, the application used, information about the end device you are using (including device ID and application ID), information about websites accessed and your location.

- This data is assigned to the data in your Twitter account. We have no influence on the type and scope of data processed by Twitter, the type of processing and use, or the disclosure of this data to third parties.

- You can restrict the processing of your data in the general settings of your Twitter account and under the item "Privacy and Security". In addition, you can restrict Twitter's access to contact and calendar data, photos, location data, etc. in the settings on mobile devices (smartphones, tablet computers). However, this depends on the operating system used. You can find more information on this in the Twitter Help Center: https://support.twitter.com/articles/105576#

Purposes and legal basis of the processing:

- We operate the Twitter channel to present content to you, so that you can communicate with us or to link you to other interesting online content. The legal basis for processing is Art. 6 para. 1 lit. f GDPR.

Storage period:

Further information on the processing of personal data by Twitter can be found in the Twitter privacy policy.

3.5 LinkedIn

The LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is solely responsible for the processing of personal data when you visit our LinkedIn page. When you visit our LinkedIn page, your personal data is processed by LinkedIn as follows:

Personal data:

- We do not process any personal data when you visit our LinkedIn page. In particular, we do not operate the servers on which the content of the profile and the associated communication are stored and processed.

- If you communicate with us via LinkedIn, we will receive your message including your profile.

Processing of Page Insights

When you visit our LinkedIn page, follow the page or interact with the page, LinkedIn provides us with statistics and insights in anonymized form for our page, which we use to gain insights into the types of actions people take on our page (so-called "Page Insights"). Through the Page Insights, we neither receive personal data nor can we assign received information to individual accounts. This processing of personal data is carried out by LinkedIn and us as joint controllers.

Purpose of processing:

- The processing serves our legitimate interest in evaluating visits to our page and improving our page based on these findings.

Legal basis:

- Art. 6 para. 1 lit. f GDPR.

We have entered into an agreement with LinkedIn regarding processing as joint controllers, which defines the distribution of data protection obligations between us and LinkedIn. Details on the processing of personal data for the creation of Page Insights and the essential content of the agreement concluded between us and LinkedIn can be found here: https://legal.linkedin.com/pages-joint-controller-addendum

Further information on the processing of your personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

4. Customers

The implementation of our contractual relationship requires the processing of data from our customers and their employees. Due to your obligation to cooperate, it is essential to provide the personal data requested by us, as we would otherwise not be able to fulfill our contractual obligations. We process the data as follows:

Personal data:

- Name

- Company, address

- Function, activity

- Telephone number, fax number

- Email Address

- If applicable, order

- Information about the services/deliveries provided

Purposes of processing:

- Agreements regarding commissioned services/deliveries

- Fulfillment of contractual obligations, e.g., support

Legal basis:

- Art. 6 para. 1lit. b GDPR

Source of data:

- Communication by the contact person themselves

- Communication by another department of the customer

Recipient of the data:

- Internal departments

- Service providers who support us in the execution of the contract

Retention period:

- After completion of the order, the data is archived

- The data in the archive will be deleted after 10 years

5. Business partners, service providers, and suppliers

Most of our business partners, service providers, and suppliers provide us with one of their employees as a contact person. There is no obligation to transmit this data. The processing is also not absolutely necessary for the service or delivery. However, the effort for coordination is disproportionately high without fixed contact persons, and there is a risk of misunderstandings. Therefore, there is a legitimate interest in this processing. The contact details of the contact persons are processed by us as follows:

Personal data:

- Names

- Company, address

- Function, activity

- Telephone number, fax number

- Email Address

- If applicable, order

Purposes of processing:

- Agreements regarding commissioned services/deliveries

Legal basis:

- Art. 6 para. 1lit. f GDPR

Source of data:

- Communication by the contact person themselves

- Communication by another department of the business partner, service provider, and supplier

Recipient of the data:

- Internal departments

Retention period:

- After completion of the order, the data is archived

- The data in the archive will be deleted after 10 years

6. Applicants

Applicants can send us their application in paper form or as an email. When you apply to us, we process the following data from you:

Personal data:

- Data that you send with the application

- We process the personal data that we receive from you as part of your application. This includes the data that you provide to us as part of your application, in particular by submitting the application documents and your information in job interviews.

- The processing of the data is necessary for the application process. Participation in this is not possible without providing the data.

Purposes of processing:

- Decision on hiring

Legal basis:

- Art. 88 GDPR in conjunction with §26 BDSG

- Art. 6 para. 1 lit. a GDPR (Consent to longer storage of documents)

Recipient of the data:

- Management and internal departments

Retention period:

- if hired: usually 10 years after the end of your employment with us

- in case of rejection: 6 months after rejection (unless you agree to a longer storage period)

7. Your Rights

You have the following rights regarding the processing of your personal data:

- Information about the data stored about you (Art. 15 GDPR)

- Correction of incorrect data (Art. 16 GDPR)

- Deletion, if legally permitted (Art. 17 GDPR)

- Restriction of processing (Art. 18 GDPR)

- Receipt of your data in a structured, common and machine-readable format (Art. 20 GDPR)

- Objection to the processing (Art. 21 GDPR)

- Complaint to a supervisory authority (Art. 77 GDPR)

- Revocation of consent (Art. 7 Para. 3 GDPR)

‌