In the following, you will find the information to be provided in accordance with Articles 13 and 14 of the General Data Protection Regulation ("GDPR") regarding the processing of personal data of visitors to our website https://www.aiticon.com (hereinafter in each case: "website") and our customers or their contact persons (hereinafter in each case: "you" or "your") by aiticon GmbH (hereinafter "we" or "us").
A. Reliable Entity for Data Protection Policy
Responsible: aiticon GmbH, Stephanstraße 1, 60313 Frankfurt am Main, firstname.lastname@example.org, +49 (0) 69 795 83 83-0
B. Information about the Processing of Personal Data
In the following, you will find information about the processing of your personal data for the purposes listed in more detail there and, among other things, about the legal basis for the processing. If the legal basis for the processing is mentioned there as the balancing of interests, you can request further information on the balancing of interests from us using the contact details listed in section A.
I. Processing of Data when Using the Website
1. Informational Use of the Website
When you visit our website, we process the IP address of your end device for technical reasons, i.e. to be able to display the website at all. In addition, to protect our IT infrastructure, we process the IP address of your end device, the type and version of the Internet browser you use, information about the operating system of your end device, information about the pages accessed, the previously visited page (referrer URL) and the date and time of access and store this information in so-called log files. Without the provision of this information, we can not provide the accessed content of the website.
The legal basis for this processing is the balancing of interests (Art. 6 para. 1 p. 1 lit. f DS-GVO). Our legitimate interest is the provision of the website content accessed by the user as well as the protection of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and evidence-based documentation of faults (e.g. DDoS attacks).
We generally store this personal data in the log files for one (1) month. In the event of a security-relevant event (e.g. an attack), we store the log files beyond this until the security-relevant event has been eliminated and fully clarified.
2. Use of the Contact Form
If you contact us about a concern using our contact form, we process your contact data and information about your concern for the purpose of processing your concern. This data typically includes your name, the company you work for, your function in the company, your request, address data and telephone numbers as well as any arrangements made with you. You are not required to provide this data. Without this data, however, we cannot process your request properly. The minimum information to be provided when submitting a request is marked with an asterisk (*).
If you yourself are an interested party or customer, the legal basis of the processing is the implementation of pre-contractual measures in response to your inquiry or the implementation of a contract with you (Art. 6 para. 1 sentence 1 lit. b DS-GVO). In addition, the legal basis for this processing is the balancing of interests (Art. 6 para. 1 p. 1 lit. f DS-GVO). This is also relevant if you are not acting for yourself, but – for example, as an employee – for a legal entity. In this case, our legitimate interest is to process the request you have communicated.
We store this data for the duration of the processing of your request and thereafter for as long as the statutory retention obligations provide (§ 257 HGB and § 147 AO). This is currently six (6) years for commercial letters and ten (10) years for vouchers, in each case from the end of the calendar year of receipt or dispatch of the commercial letter or the creation of the accounting document. The legal basis for this further storage is compliance with our legal obligation (Art. 6 para. 1 p. 1 lit. c DS-GVO).
3. Analysis of the Behavior on the Website by Means of Google Analytics
If you have given us your consent to do so, we will record and analyze your usage behavior on our website by means of the web analysis technology "Google Analytics" and the cookies set by this (see section C for this). The personal data processed for this purpose includes your IP address as well as information about the subpages visited, length of stay and the website from which you arrived at our website, as well as the page you access after visiting our website. The analysis is used to optimize our website based on information about, for example, the frequency of visits to certain sub-pages. For this purpose, the cookie stored on your end device (e.g. computer or smartphone) is read on each subpage of our website and the page views are logged on the basis of the pseudonym stored in the cookie, thus creating pseudonymized usage profiles about your use of our website. The usage profiles are not merged with data about the bearer of the pseudonym, so that you are not identified as a user.
There is no obligation to give consent and provide this data for the purposes of analysis. Without this data, we cannot analyze the use of our website and improve our website according to the analysis results.
As a result of the use of Google Analytics, your IP address is transmitted to Google. However, we use Google Analytics with the so-called IP anonymization. Your IP address is therefore shortened after transmission to Google and stored only in abbreviated form. A conclusion to you as the owner of the IP address is then no longer possible.
The legal basis for this processing – including the setting and reading of cookies – is your consent (Art. 6 (1) p. 1 lit. a DS-GVO). You can revoke this consent by deleting the cookies. How you can do this is described in section C.2.
Google Analytics is a service of Google LLC ("Google") based in the USA. The data described in this section 3 may therefore be transferred to the USA. The USA is a third country outside the European Union, which in principle guarantees a level of data protection that differs from the European Union. However, Google has certified itself under the EU-US Privacy Shield. More information on Google's registration can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. The European Commission has determined in an adequacy decision under Article 45 of the GDPR (see Commission Implementing Decision (EU) 2016/1250 of July 12, 2016, notified under case number C(2016) 4176) that the United States ensures an adequate level of protection for personal data transferred from the European Union to organizations in the United States under the EU-US Privacy Shield.
4. Third-Party Plug-Ins
The provider of the plug-in can receive (comparable to calling up an external website via a link) in particular your IP address and the address (URL) of the website from which you call up the map service. If you are registered as a user with the third-party provider, the provider of the plug-in can usually also assign the data received to your user account.
II. Data Processing During the Execution of the Contract
If you are a customer of ours or act as a contact person for such a customer, we process your business contact data, details of the assignment and any transcripts of conversations or correspondence with you (e.g. by e-mail) for the purpose of executing the contract.
If you are a customer yourself, the legal basis of the processing is the implementation of pre-contractual measures in response to your request or the implementation of a contract with you (Art. 6 para. 1 sentence 1 lit. b DS-GVO). In addition, the legal basis of the processing is the balancing of interests (Art. 6 para. 1 p. 1 lit. f DS-GVO). This is also relevant if you are not acting for yourself, but - for example, as an employee - for a legal entity. In this case, our legitimate interest is to process the request you have communicated.
We store this data for the duration of the processing of your request and thereafter for the duration of the statutory retention obligation (§ 257 HGB and § 147 AO), if this exists. The retention obligation is currently six (6) years for commercial letters and ten (10) years for vouchers, in each case from the end of the calendar year of receipt or dispatch of the commercial letter or the creation of the accounting document. The legal basis for this further storage is compliance with our legal obligation (Art. 6 para. 1 p. 1 lit. c DS-GVO).
When you use our website, we store cookies in the browser of your terminal device, unless you prohibit this through appropriate settings in your browser.
1. General Information on Cookies
Cookies are small text files containing information that can be placed on the user's end device via the browser when visiting a website. When the website is called up again with the same end device, the cookie and the information stored in it can be read.
Basically, a distinction is made between (i) first and third party cookies, (ii) transient and persistent cookies and (iii) consent-free and consent-requiring cookies. First-party cookies are those that are set by us or by a processor commissioned by us. In contrast, third-party cookies are those that are set and retrieved by another responsible party. Transient cookies are deleted when you close your browser. Persistent cookies, on the other hand, are those that are stored on your terminal device for a certain period of time. You can find out which cookies are used on our website under section C.3.
2. Management of Cookies
To the extent that user consent is required for the use of certain cookies, we will only use these cookies when you use the Website if you have given your prior consent to do so. For information on whether consent is required for the use of a cookie, please see Section C.3.
We also store your consent and, if applicable, your individual selection of cookies in the form of a cookie ("opt-in cookie") on your terminal device in order to determine whether you have already given your consent when you call up the website again. The opt-in cookie has a limited validity period of one (1) month.
Essential cookies cannot be disabled via the cookie management function of this website. However, you can disable the storage of these cookies in the browser of your terminal device at any time for all types of cookies.
If you deactivate the storage of cookies in your browser, some functions of the website may not work or no longer work properly.
3. Cookies Used on this Website
Under Cookie-Settings, you will find information about the cookies we use.
D. Information on Rights of the Data Subjects
As a data subject, you have the following rights in relation to the processing of your personal data, for the exercise of which you may contact us using the contact information provided in Section A above:
- a right to information (Art. 15 DS-GVO) about which of your personal data we process. This includes further information about the data processing, such as the purpose and legal basis as well as the recipient of this data. You also have the right to request a copy of this data;
- a right to request that we correct any inaccurate personal data relating to you and complete any incomplete personal data (Art. 16 DS-GVO);
- a right to request the erasure of personal data concerning you in the cases provided for by law (Art. 17 DS-GVO), for example if the data are no longer needed for the purposes for which they were collected or if they have been processed unlawfully;
- a right to request the restriction of processing in the cases prescribed by law (Art. 18 DS-GVO);
- a right to receive the personal data concerning you that we process on the basis of consent given or for the performance of a contract (see section B) in a structured, common and machine-readable format (right to data portability, Art. 20 DS-GVO)
- a right to revoke consent given to us at any time. This does not affect the lawfulness of the processing carried out until the revocation;
- a right to lodge a complaint with a supervisory authority (Art. 77 DS-GVO). A list of data protection supervisory authorities with their addresses can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right of Objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 lit. f DS-GVO (see Section B). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
You do not have to be entitled to the above rights without restriction in every case. The law provides for restrictions in each case. The full scope of your rights can be found in the above-mentioned articles, which you can access at the following link:
Updated: October 19th, 2021