Data Policy

To use the app „Move healthy“

As of August 10, 2023

1. Foreword and selected terms

AIMO takes the protection of customer data seriously. In principle, the protection of your individual private and personal sphere is of the utmost importance to us. Therefore, compliance with the legal provisions on data protection is a matter of course for us. This applies in particular to the „Move healthy“ app that we offer you. In addition, it is important to us that you as our customer always know when we store which data and how we use it. Our policy is: “You decide what information you want to share – and with whom.”

On the one hand, this data protection declaration clarifies the visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations that do not primarily take place online or via the „Move healthy“ app.

GDPR stands for the European General Data Protection Regulation.

BDSG is the abbreviation for the Federal Data Protection Act in its current version.

Personal data are all individual details that allow conclusions to be drawn about a natural person (see Art. 4 Para. 1 GDPR for definition). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.

The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 DSGVO).

The data subject within the meaning of data protection law is any natural person whose personal data is processed.

Further definitions of terms can be found in the General Data Protection Regulation, which you can find in Article 4 of the GDPR (Definitions).

2. General Privacy Policy

2.1 Responsible for data processing and data protection officer

Name and contact details of the person responsible

  • AIMO GmbH
  • Managing Director: Danny Dressler
  • Obere Gänsweide 5
  • 73770 Denkendorf
  • Email: danny.dressler(at)aimo-fit.com

Name and contact details of the data protection officer

  • Fabian Henkel
  • Diplom-Betriebswirt (FH)
  • Certified data protection officer
  • DSB external data protection officer Stuttgart
  • Kantstrasse 14
  • 71277 Rutesheim
  • Telephone: +49 7152 564 773
  • Fax: +49 7152 564 771
  • Email: info(at)externer-datenschutzbeauftragter-stuttgart.de

 

2.2 Principles

The following content gives you a brief overview of the processing of personal data. You can find more detailed information in the passages presented in detail.

Security on our website (SSL Secure Socket Layer)

Our website is provided with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, if you send us a message via a form. However, as a precaution, we would like to point out that 100% security in electronic data processing is not possible and that there is always a residual risk.

Data that you transmit to us

On the one hand, we process the data that you enter yourself on this page, for example in a form. In this case, the purpose of the processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by e-mail, for example, or contact us in some other way, we process your data in accordance with the purpose of contacting you.

Automatic server log files

On the other hand, our server automatically records all accesses and thus also IP addresses (log files). This serves to ward off attacks, analyze access numbers and ensure smooth operation.

Use of cookies

Cookies help us to provide various services, you can find more information on this in this data protection declaration.

Analysis and tracking tools

In addition to the pure server log files, which also provide us with information on page views, we use analysis tools. These tools give us detailed insights about the content visited on our site, the flow of behavior and, for example, the country accessed from. In order for such services to work, cookies must be set for the site visitor or scripts must be executed.

Plugins and Content Delivery Networks

We sometimes use plugins and content delivery networks, well-known examples of such services would be the video service YouTube or the map service Google Maps. If such services are integrated via a website, access data will be transmitted to the services. As a rule, this is your IP address and other metadata, such as the time and date of access. As a rule, the provision takes place by setting cookies.

Newsletters / direct marketing

Direct marketing based on your consent

If you give us your consent (Article 6 (1) (a) GDPR), we will send you newsletters until you withdraw your consent. You can revoke your consent to us at any time with effect for the future.

Direct marketing in legitimate interest

We reserve the right to send our customers newsletters on the basis of Section 7 (3) UWG in conjunction with Article 6 (1) (f) GDPR. You can of course object to receiving direct marketing information at any time.

Other data recipients

1. a) Use of processors

In accordance with the provisions of Art. 28 GDPR, we use contract processors, for example in the area of IT services, web hosting, e-mail hosting or printing services. They process personal data for us in accordance with our instructions.

2. b) Use of external specialist services

If it is necessary (e.g. for the execution of the contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax consultant or lawyer.

3. c) Legal Obligations

In addition, we are obliged in certain cases to report to the relevant authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we have to pass on certain data to tax authorities, for example.

4. d) Investigating criminal offenses

Insofar as it should be necessary for the investigation of a criminal offense, we pass on data to the law enforcement authorities.

General information on deletion periods for personal data

We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract. In addition, we are obliged to comply with statutory storage obligations. If the data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country

We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Article 28 GDPR, taking into account suitable guarantees. In individual cases, we can use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In these cases, we will point out the circumstance if necessary.

Obligation to provide personal data

You can usually use our website without providing any personal data. The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it is not possible for us to conclude and fulfill a contract with you. We can also provide services, such as our newsletter, by providing personal data, but you are free to use them.

2.3. Legal bases for the processing of personal data

The legal bases for the processing of personal data are exceptions that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal bases on which we process personal data are described in the individual processing operations in this data protection declaration.

Granted consent (Art. 6 Para. 1 lit. a GDPR)

Consent is one of these legal bases and requires that the consenting person give it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can be revoked at any time without giving reasons.

Contract-related data processing (Art. 6 Para. 1 lit. b GDPR)

The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Article 6 (1) (b) GDPR.

Legal obligation (Article 6 (1) (c) GDPR)

The exception to data processing based on a legal obligation can be found in Article 6 (1) (c) GDPR, for example we are obliged to comply with certain retention periods under commercial and tax law.

Legitimate interests (Art. 6 Para. 1 lit. f GDPR)

The processing of personal data on the basis of a balance of interests in accordance with Article 6 Paragraph 1 Letter f GDPR allows processing after careful consideration of financial or legal interests against the interests of the data subject worthy of protection.

2.4. Your rights under the General Data Protection Regulation

Every natural person is entitled to certain rights, these are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can assert against us.

Right to revoke a given consent according to Art. 7 DSGVO

You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions according to § 34 BDSG possible)

You have the right at any time to request information about the data processed by you and the purposes of the processing.

Right to rectification according to Art. 16 GDPR

If you find that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions according to § 35 BDSG possible)

You have the right to request the deletion of your personal data that we process about you at any time. If complete deletion is not possible, for example because we have to comply with legal storage obligations or we can assert legitimate interests for other reasons, we restrict your data until complete deletion is possible.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the examination, you have the right to demand that the processing of your personal data be restricted.

If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand that the processing of your personal data be restricted instead of being deleted.

If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, your interests and ours must be weighed up. As long as it has not yet been determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State are processed.

Right to data portability according to Art. 20 GDPR

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR

a) If the data is processed on the basis of Article 6 Paragraph 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).

If your personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right of appeal to a supervisory authority according to Art. 77 GDPR i. in conjunction with § 19 BDSG

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

3. Data processing through use of the AIMO website

3.1. External hosting

This website and the app „Move healthy“ are hosted by an external service provider (hoster). The personal data that is collected is stored on the hoster’s servers. This can be v. a. IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 paragraph 1 lit. f GDPR). Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data.

We have commissioned the following hoster:

Amazon Web Services EMEA SARL,

38 Avenue John F Kennedy,

L-1855, Luxembourg

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

3.2. Automatic server log files

Our web server automatically logs all accesses and thus also the IP addresses of the visitors. This serves to ward off attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually also records other metadata about the session. You can find this data below.

• Date and time of retrieval

• Information about the browser type and the browser version used

• Information on the operating system used

• device (client)

• Refferer URL (from which page you landed with us)

• Hyperlinks accessed

We only process this data for the above-mentioned purposes. We delete server log files after six months at the latest.

3.3. cookies

General information

When you visit our website, information is stored on your end device in the form of cookies. A cookie is a small piece of data in the form of a file that stores data such as personal page settings and login information. With the use of cookies, we make it easier for you to use our online offer through various service functions (e.g. recognition of previous visits) and can thus better tailor the internet offer to your needs.

In addition, with your consent, we use third-party cookies for analysis and marketing purposes to optimize our website and for interest-based marketing purposes. The stored surfing behavior is analyzed using an algorithm so that targeted, interest-based product recommendations can then be displayed in the form of advertising banners or advertisements on third-party websites. The pseudonymised usage profiles are not merged with personal data about the bearer of the pseudonym without the separate express consent of the person concerned.

You can prevent the storage of cookies and delete existing cookies by making the appropriate settings in your browser. The help function of most browsers explains how you can make these settings. However, if you do not accept cookies, this can impair the service functions of the website.

Further information

You can find information about the cookies we use at https://aimo-fit.com/cookie-policies. Here you can also make individual settings for your cookie preferences. A detailed description of cookies and their use can be found under point 4 of this data protection declaration.

3.4. consent management

CookieLaw

We use the Cookielaw plugin to obtain consent to the use of cookies. Cookies are stored in your browser to save your preferences. The information generated by the Cookielaw cookies is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym.

The following data is automatically logged by Cookielaw:

• IP number of the end user in an anonymous form

(the last three digits are set to ‚x‘)

• Date and time of consent

• A user ID

• Consent status of the end user serving as evidence of consent

If you do not agree to the storage of this data, you can object to the storage at any time with a mouse click as described above. In this case, a so-called opt-out cookie will be stored in your browser, with the result that Cookielaw only provides cookies for the technically error-free and optimized provision of the website. Please note that if you completely delete your cookies, the opt-out cookie will also be deleted and you may have to reactivate it.

We use Cookielaw in the legitimate interest of a functional and user-friendly solution and thus base the processing on Art. 6 Para. 1 lit. f GDPR). In addition, the use of Cookielaw serves to fulfill a legal obligation within the meaning of Article 6 (1) (c) GDPR.

3.5. Data collection and data transmission initiated by the data subject

Communication via email

If you send us an email, we will process your data in accordance with the content and purpose of the message. As a rule, processing takes place on the basis of pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Article 6 (1) (b) GDPR and Article 6 (1) (f) GDPR. We have a legitimate interest in processing your request quickly and efficiently.

If it is a product or service-related message, we usually process your data on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR.

Please note that we store all incoming e-mails for a period of ten years in accordance with generally accepted accounting principles, starting on the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict your data from being processed and only store it in our legitimate interest for the purpose of complying with retention periods.

Communication by telephone or fax

Even if you contact us by phone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting us by e-mail.

We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of the data processing has been achieved and we no longer have a legitimate interest in the processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. Of course, you can request deletion at any time.

Newsletter Pre Sign Up and Newsletter

You have the option to give us your consent to receive direct marketing content. If you give your consent (Article 6 (1) (a) GDPR) to receive our email newsletter, for example, we will process your data for the specific purpose of direct marketing via email.

Since we are obliged to check the correctness of the e-mail address you provided when registering for the newsletter and want to ensure that it is correct, we use procedures that enable verification of the ownership of the e-mail address. As a rule, this check is carried out using the double opt-in procedure. After registering, you will receive an email with a link that you must click to confirm. If the double opt-in procedure is not available due to temporary technical reasons, we will send you an email to which you can reply without text to confirm your identity.

You can revoke your consent at any time with effect for the future. You will find a “unsubscribe” link in every newsletter. Alternatively, you can send us an e-mail with the subject „Unsubscribe from the newsletter“. We process your data until you withdraw your consent. Statutory retention periods remain unaffected.

Use of MailChimp

This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this will be stored on the MailChimp servers in the USA.

Standard contractual clauses have been concluded with MailChimp. These clauses ensure that compliance with European data protection standards is guaranteed in the USA.

With the help of MailChimp we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the MailChimp servers in the USA. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analyzed by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted both from our servers and from the servers of MailChimp after you have canceled the newsletter. Data stored by us for other purposes remain unaffected.

You can find out more about MailChimp’s privacy policy at:

https://mailchimp.com/legal/privacy/

Conclusion of a data processing agreement

We have concluded a so-called „Data Processing Agreement“ with MailChimp, in which we oblige MailChimp to protect our customers‘ data and not to pass it on to third parties.

 

3.6. press mailing list

Registration for the press mailing list

If you are interested in receiving press releases and notifications electronically, you can be included in the press mailing list. For this purpose, please send us a message to info@aimo-fit.com with your contact details. In this case, the processing of your data for inclusion in the press distribution list and the dispatch of press releases is based on your consent (Article 6 (1) (a) GDPR).

You can revoke your consent to receive our press releases at any time. Please send us a message with the subject „Revocation of press distribution list“ and we will delete your data from our press distribution list. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have stored with us for the purpose of receiving press information will be stored by us until you unsubscribe from the press distribution list and deleted after you unsubscribe from the press distribution list. Data stored by us for other purposes remain unaffected.

3.7. Information for Applicants

Privacy Policy Application Procedure

If you apply to us, whether for an advertised position or on your own initiative, we process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the position in question, by online form.

Basically, as part of an application process, we only process the data that you have transmitted to us yourself. The use of other sources may only be considered after information and consultation with you. For example, whether we can contact a former employer.

The legal basis for carrying out an application process is Section 26 BDSG in conjunction with Article 6 Paragraph 1 lit. b GDPR (initiation of an employment contract). If you give us your consent to the longer-term storage of your data, this takes place on the legal basis of Article 6 (1) (a) GDPR.

Deletion periods of applicant data

We delete applicant data no later than 4 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). In principle, the purpose of the data processing is no longer given at the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f DSGVO) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interest in immediate deletion outweighs it, you have the option of asking us to do so. We will then check your request and give you feedback.

After the above-mentioned period has expired, your data will be deleted, unless, for example, we have to defend ourselves in ongoing proceedings, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the process has been completed, provided there are no statutory retention periods.

If we are allowed to store your data for a longer period on the basis of your consent, we will delete your data if you ask us to do so and withdraw your consent. If necessary, we will also delete your data before you revoke your consent if it is foreseeable that no position will be available.

Inclusion in our pool of applicants

If we cannot offer you a position at the current time, we may ask you for your consent to the further storage of your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Aba. 1 lit. a GDPR). Of course you can revoke your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will then delete your data from our pool of applicants at the latest.

4. Data processing through the use of the app „Move healthly“

4.1. Registration of an AIMO account

You can use our login system to create your AIMO account, which you can use to log in to all of our offers after you have registered for the first time. We use cookies to identify you. All data that you store in your account is stored in a database of AIMO GmbH with the service provider mentioned below.

You can only use our offers if you set up an AIMO account. We ask for the data listed below when you register (sometimes mandatory). In addition to our data protection regulations, you must also accept our general terms and conditions and cancellation conditions.

After entering your data, you will receive a registration link to the email address you provided. The registration link is valid for 14 days. If you do not confirm your registration, your personal data will be deleted immediately after the registration link has expired. If you still want to open an AIMO account after the seven days have expired, we ask you to register again.

4.1.1. Registration with Facebook or Google

We also offer you the option of creating your AIMO account via your Facebook account or your Google account or linking it to your Facebook profile or Google profile. You can register or log in with us with your Facebook or Google account if you simply use the Facebook or Google button instead of other options when registering your AIMO account. You will then be forwarded to Facebook or Google (where you must be logged in or need an account) and will then be told what data we need from you from Facebook or Google – in particular, this is your public profile information, such as first name, Last name, gender and your e-mail address that you have stored there. These are necessary for identification in order to create a secure AIMO account for you. If you log in via your Facebook account, this also allows us to show you which of your friends are already registered with AIMO. Your Facebook or Google profile and your AIMO account are permanently linked via the e-mail address. We store your email details with us and will contact you at this address with information if necessary. We also remember that you have registered with us via Facebook or Google. As soon

If you log in to Facebook or Google, you can also log in to us. We will not share any information about you with Facebook or Google without your consent. We never find out your Facebook or Google access data and have no way of posting anything in your Facebook profile or your Google profile without you having specifically approved it. You can find out how Facebook handles privacy settings in Facebook’s privacy policy and terms of use; the valid provisions for the above-mentioned option to log in and register with us are also presented there. You can find out how Google handles privacy settings in Google’s privacy policy and terms of use; the valid provisions for the above-mentioned option to log in and register with us are also presented there.

Data

1. Purpose of Processing

2. Legal Basis for Processing

3. Duration of storage

4. platform

First name

1. Direct address & presentation

2. Implementation of the contractual relationship

3. Up to 30 days after deletion of the customer account

4.Facebook/Google

Last name

1. Direct address & presentation

2. Implementation of the contractual relationship

3. Up to 30 days after deletion of the customer account

4.Facebook/Google

E-mail address

1. Customer account identification

2. Execution of the User Agreement

3. Up to 30 days after deletion of the customer account

4.Facebook/Google

IP address at login

1. Data transfer when registering to the web server

2. Execution of the User Agreement

3. Indefinitely

4.Facebook/Google

Gender

1. Appropriate user experience

2. Execution of the User Agreement

3. Indefinitely

4.Facebook

 4.1.2. Registration with Apple

We also offer you the option of registering and logging in via your Apple account using “Apple Login”. When you register for the first time using the Apple ID, the app will ask for your name and email address so that an account can be set up for you.

You will then be redirected to Apple (where you must be registered or require an account) and will then be told what data we from Apple need from you – namely your public profile information, such as first name, last name, gender and your E e-mail address that you have stored there. These are necessary for identification in order to create a secure AIMO account for you.

We store your email details with us and will contact you at this address with information if necessary. You will not be tracked or profiled by Apple itself while you use the Sign Up with Apple ID feature. Apple only collects the information necessary to ensure you can sign in and manage your account. As long as you remain logged in on your device, you will automatically remain logged in to our app.

Data

1. Purpose of Processing

2. Legal Basis for Processing

3. Duration of storage

4. Platform

First name

1. Direct address & presentation

2. Implementation of the contractual relationship

3. Up to 30 days after deletion of the customer account

4.Apple

Last name

1. Direct address & presentation

2. Implementation of the contractual relationship

3. Up to 30 days after deletion of the customer account

4.Apple

E-mail address

1. Customer account identification

2. Execution of the User Agreement

3. Up to 30 days after deletion of the customer account

4.Apple

IP address at login

1. Data transfer when registering to the web server

2. Execution of the User Agreement

3. Indefinitely

4.Apple

 

Gender

1. Appropriate user experience

2. Execution of the User Agreement

3. Indefinitely

4.Apple

 

4.2. Data processing when using the “Move healthy” app

AIMO offers you access to a technology that you can use to obtain information about your fitness status. In order to grant you this access, we need information from you.

•         Surname

•          Mail address

•         Birth date

•         Gender

•         Weight

•         Size

•         Profile pic

•         IP address

•         Usage data (such as various time stamps)

•         Everyday work (physically active in %, sedentary in %)

•         Sport

•         Reported pain before or after the motion scan

 

In addition, the „Move healthy“ app records videos of you to analyze your movements. AIMO is aware that this is all very personal and confidential information. We take organizational and technical measures to protect your data in the best possible way. This includes the following technical and organizational measures:

Technical Measures

• Personal data such as your name, email address or date of birth are stored in an encrypted database so that only AIMO administrators can access them for maintenance purposes.

• Your password never leaves your device and can therefore never be viewed by AIMO employees or attackers.

Your videos are stored in encrypted storage on our servers so that they can only be viewed by the AIMO software and a highly restricted group of administrators and researchers who must have the appropriate access rights.

• All data transmission between the „Move healthy“ app and AIMO servers is end-to-end encrypted, which means that your data cannot be viewed or changed by anyone on its way through the Internet.

• Server-internal data transmission is also end-to-end encrypted, so attackers cannot take advantage of data streams within the AIMO server infrastructure, provided they penetrate there at all.

• We used three different types of firewalls on three different levels on our servers. This makes access for attackers much more difficult.

• To log in to the „Move healthy“ app, you can activate Touch ID/Face ID to log in using a biometric factor that only you have.

• Any change that could affect the ownership of your account, such as changing your password or e-mail address or deleting your account, requires additional confirmation of the process via a second factor, i.e. via e-mail. This means that even if someone gets your password, they cannot change these basic settings of your account as long as they do not have access to your e-mails.

• Your “Move healthy” app will automatically log you out after 14 days of inactivity, so you will need to log in again.

• All data subject rights according to the GDPR have been implemented directly in the “Move healthy” app and can therefore be claimed by you via the app without the involvement of AIMO Support.

Organizational measures

• Customer data is hosted within Germany in the Amazon data center in Frankfurt am Main.

• The access rights to customer data are very limited and can only be viewed by a few AIMO administrators trained in data protection if necessary for maintenance purposes.

To make it more difficult for attackers, personal data and health data are kept separate from each other on independent, encrypted databases and file storage.

• Our deletion concept ensures that only the data that is necessary for your use and our further development of the app is saved.

Our backup concept ensures that we can restore your data in the shortest possible time should something go wrong.

• An emergency management system has been established in order to be able to act as quickly as possible in a crisis situation.

A process for reporting data breaches has been established and thus ensures that you, but also the authorities, are informed about data breaches in good time and as quickly as possible should they happen.

In order for you to be able to use the „Move healthy” app, we need your consent to process the health data you have provided and to record and process videos. To do this, you make the following declaration when starting the app:

„I hereby agree that AIMO GmbH, Obere Gänsweide 5, 73770 Denkendorf may collect and process the personal data I have provided, my health data with movement videos and the results of the analysis for the purpose of operating the „Move healthy“ app. I am aware that I can revoke this consent at any time by sending an informal declaration to AIMO GmbH, Obere Gänsweide 5, 73770 Denkendorf by email to support@aimo-fit.com or by writing to AIMO GmbH, Obere Gänsweide 5, 73770 Denkendorf.”

The „Move healthy“ app uses your data to determine your personal AIMO™ movement score and inform you about it. The AIMO™ movement score is determined automatically. The processing is based on your consent; Article 6 paragraph 1 letter a) GDPR.

4.3. Push notifications in the app

If you would like our push notifications to be displayed on your mobile device, even if you are not currently in our app, we ask for your consent. Our app only uses these so-called push notifications if you have expressly consented to them. You can deactivate push notifications at any time in the settings. If you are using an Android device, push notifications are automatically allowed as long as you do not disable them in your settings.

Amazon Web Services

• Service provider type: Processor

• Data transfer to a third country: No (server in Germany in Frankfurt am Main)

• Guarantees in accordance with Art. 44ff GDPR: EU standard contractual clauses

Google Firebase

• Service provider type: Processor

• Data transfer to a third country: Yes

• Third country: United States

• Guarantees in accordance with Art. 44ff GDPR: EU standard contractual clauses

Data

device token

• Purpose of processing: Transmission to your end device

• Legal basis of processing: Consent

• Duration of storage: Until consent is revoked

User data that is also accessible in your public profile

• Purpose of processing: direct contact

• Legal basis of processing: Consent

• Duration of storage: Until consent is revoked

5. Analysis, Cookies and Performance Tracking

 

Google Analytics

AIMO uses Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; „Google“). Google Analytics uses cookies, which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We only use Google Analytics with activated IP anonymization. This means that Google will shorten the IP address of users in member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings in their browser software accordingly. We have made privacy-friendly default settings.

The storage of Google Analytics cookies and the use of this analysis tool are based on Article 6 Paragraph 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. Pseudonymous user profiles can be created from the processed data.

The legal basis for the use of Google Analytics is Section 15 (3) TMG and Article 6 (1) (f) GDPR. Users can also prevent Google from collecting the data generated by the cookie and related to their use of the website (including your IP address) and from processing this data by Google by downloading the browser add-on and install Opt-out cookies prevent future collection of your data when you visit this website. If you click here, the opt-out cookie will be set: Disable Google Analytics. As a guarantee in accordance with Art. 44 et seq. GDPR, Google has signed the EU standard contractual clauses. Further information on data processing by Google Analytics can be found in the provider’s data protection guidelines.

If you no longer wish to be recorded by Google Analytics in the future, you can send an email to support@aimo-fit.com at any time.

Facebook pixels

AIMO uses Facebook Pixel, a web analytics service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook Pixel uses cookies, which enable an analysis of your use of the website and the app. The information generated by the cookie about your use of this website and app is usually transmitted to a Facebook server in the USA and stored there.

We only use Facebook Pixel with activated IP anonymization. This means that Facebook will shorten the IP address of users in member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Facebook server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other data from Facebook. Users can prevent the storage of cookies by adjusting the settings in their browser software accordingly. We have made privacy-friendly default settings.

The legal basis for the use of Facebook Pixel is Section 15 (3) TMG and Article 6 (1) (f) GDPR. Users can also prevent the data generated by the cookie and related to their use of the website (including your IP address) being sent to Facebook and the processing of this data by Facebook by downloading the browser add-on and install Opt-out cookies prevent future collection of your data when you visit this website. If you click here, the opt-out cookie will be set: Disable Facebook Pixel.

If you no longer wish to be recorded by Facebook Pixel in the future, you can send an email to support@aimo-fit.com at any time.

profiling

With the help of the tracking tool Google Analytics, the behavior of visitors to the website can be evaluated and their interests analyzed. For this purpose we create a pseudonymised user profile.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Objection against data collection

You can prevent Google Analytics from collecting your data by clicking on the following button. An opt-out cookie will be set to prevent your data from being collected on future visits to this website:

Reject all cookies

You can find more information on how Google Analytics handles user data in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage duration

Data stored by Google at the user and event level that is linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised after 14 months or deleted. You can find details on this at the following link: https://support.google.com/analytics/answer/7667196?hl=de

Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google Ads, we use so-called conversion tracking. If you click on an ad placed by Google, a cookie will be set for conversion tracking. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of „conversion cookies“ and the use of this tracking tool are based on Article 6 Paragraph 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.

You can find more information about Google Ads and Google Conversion Tracking in Google’s data protection regulations: https://policies.google.com/privacy?hl=de.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

5. Our social media appearances

Data processing by social networks

We maintain publicly accessible profiles on social networks. Social networks such as Facebook, Twitter, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations.

In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, the data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot trace all processing procedures on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. You can find details on this in the terms of use and data protection regulations of the respective social media portals.

legal basis

Our social media appearances should ensure the widest possible presence on the Internet and enable effective information for users and communication with users. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a DSGVO).

Controller and assertion of rights

If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data transferability and complaints) both against us as well as the operator of the respective social media portal (e.g. vs. Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, you revoke your consent to storage or the purpose for storing the data no longer applies. Saved cookies remain on your end device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Social networks in detail

We maintain profiles on the following social networks:

Facebook

The provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We have concluded an agreement with Facebook on joint responsibility for the processing of data (Controller Addendum). This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads

You can find more details in Facebook’s privacy policy: https://www.facebook.com/about/privacy

Data protection declaration specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

Facebook is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Instagram

The provider is Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875 or alternatively http://instagram.com/about/legal/privacy/

LinkedIn

The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn uses advertising cookies. If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Details on how they handle your personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

LinkedIn is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

XING

The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

We have a profile on XING. Details on how they handle your personal data can be found in the XING data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung.

6. How and when we share your personal information

We only pass on your personal data on your express request and with your consent. Before the data is passed on, you actively give your declaration of consent. This consent will be displayed to you in your “Move healthy” app before the data is shared.

6.1. The storage and security of your personal data

We take steps to ensure that your information is treated securely and in accordance with this privacy policy. We use appropriate technical and organizational measures to ensure the highest possible level of security and continuously adapt this to improve the general security of our systems. We also ensure that our processors offer the same level of protection as provided for in this privacy statement.

We use Amazon Web Services as a host provider to store your personal data. The storage takes place in compliance with the GDPR with a very high level of protection and within Germany with servers in Frankfurt am Main. We ensure that data is not transferred and stored outside of the European Union (“EU”) on third party servers. You can find more information at: https://aws.amazon.com/de/compliance/gdpr-center/

Our software, apps and websites contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and we accept no responsibility or liability for them. Please read the relevant policies before submitting any personal information to such websites. This applies in particular if you make your health data available to a third party so that they can make you offers.

6.2. The storage period and anonymization of your personal data

We will only keep your data for as long as we are required to do so under applicable law and only as long as we have your consent.

After you have finished using our services, we store parts of your data in an aggregated and anonymous format so that a reference to you cannot be established. This is no longer personal data. We delete all data that can be related to your person within 30 days (after 60 days from the backup) after you have canceled your user account. This applies in particular to the videos you have recorded. In order to effectively anonymize the data, we always form data groups according to age groups and do not store the data separately.

The anonymized data is explicitly the following:

• Age groups

• Gender

• Height

• Weight

• Everyday work (physically active in %, sedentary in %)

• Sports

• Reported pain before or after the motion scan

• Calculated virtual measuring points of the body joints during the AIMO™ movement scan

• Calculated result of the AIMO™ movement scan (AIMO™ movement score and evasive movements)

Please understand that regardless of this, we retain all personal data that we reasonably need to comply with our legal obligations, to resolve and assert legal disputes, and to enforce our contracts.

6.3. How we share your personal information with research

For the further development of the AIMO technology, we would like to make your data available to research institutions that are working on improving the analysis methods on behalf of AIMO (research partners). In addition, the research partners receive secure access to your data. We pass on your personal data to our research partners without your name, date of birth and e-mail address.

We will only work with research partners who show the same high level of care in handling personal data as we do. The research partners receive secure access to your data. We log each of these accesses. In principle, these institutions are responsible for compliance with data protection and IT security. However, we make sure that the data protection requirements of our partners meet the strict data protection requirements of AIMO. In particular, the research partners must delete the data within 3 days after access.

Research partners we are currently working with include:

Linnaeus University, 351 95 Växjö, 391 82 Kalmar, Sweden

6.4. Which of your personal data we pass on to research

The research data is explicitly the following:

• Gender

• Height

• Weight

• Age groups

• Sports

• Everyday work (physically active in %, sedentary in %)

• Reported pain before or after the motion scan

• Video of AIMO™ movement scan

• Calculated virtual measuring points of the body joints during the AIMO™ movement scan

• Calculated result of the AIMO™ movement scan (AIMO™ movement score and evasive movements)

We process your personal data of special categories within the meaning of Art. 9 Para. 1 DS-GVO, insofar as this is necessary for the implementation of the aforementioned purpose on the basis of Art. 9 Para. 2 Letter j DS-GVO in connection with § 27 BDSG.

If you no longer want us to use the data for research purposes, please contact: datenschutz@aimo-fit.com Keyword: data protection.

After you have objected to its use, we will mark your data so that our research partners can no longer access it. Please understand that your objection can only relate to the future use of the data. This does not affect the use of your data prior to your objection. Scientific results and procedures that were developed on the basis of your data before the objection are also not affected.

7. Your privacy rights as a customer and contact details

You can obtain information from us at any time about your stored personal data (Art. 15 GDPR), request its correction (Art. 16 GDPR), deletion (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) as well as your right to Claim data portability (Art. 20 GDPR). In addition, you can change or revoke the declaration of consent at any time without giving reasons with effect for the future (Article 21 GDPR). Please note that data processing that took place before the revocation is not affected. Yours under a., b., d. The rights listed and f. may be restricted if the exercise of the rights is likely to make it impossible or seriously impair the realization of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes. For the details, we have listed everything again below:

Right to information according to Art. 15 DS-GVO

You can request information according to Art. 15 DS-GVO about the personal data that we process.

Right to correction according to Art. 16 DS-GVO

If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 DS-GVO. If your data is incomplete, you can request a completion.

Right to erasure according to Art. 17 GDPR

According to Art. 17 DS-GVO you can request the deletion of your personal data.

Right to restriction of processing according to Art. 18 DS-GVO

According to Art. 18 DS-GVO you have the right to demand a restriction of the processing of your personal data.

Right to data transferability according to Art. 20 Para. 1 DS-GVO

In the event that the requirements of Art. 20 Para. 1 DS-GVO are met, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties.

Right to object according to Art. 21 Para. 1 DS-GVO

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to complain according to Art. 77 Para. 1 DS-GVO

If you believe that the processing of your personal data violates data protection law, according to Art. 77 Para. 1 DS-GVO you have the right to complain to a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for us: Baden-Württemberg State Commissioner for Data Protection and Freedom of Information, Postfach 10 29 32, 70025 Stuttgart, 0711/615541-0, Poststelle@lfd.bwl.de.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

For the above purposes, please contact the person responsible for data processing:

  • AIMO GmbH
  • Managing Director: Danny Dressler
  • Obere Gänsweide 5
  • 73770 Denkendorf
  • Email: danny.dressler(at)aimo-fit.com

Name and contact details of the data protection officer

  • Fabian Henkel
  • Diplom-Betriebswirt (FH)
  • Certified data protection officer
  • DSB external data protection officer Stuttgart
  • Kantstrasse 14
  • 71277 Rutesheim
  • Telephone: +49 7152 564 773
  • Fax: +49 7152 564 771
  • Email: info(at)externer-datenschutzbeauftragter-stuttgart.de

 

8. Additional Information for Business Partners

Categories of data and purposes of processing

We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we only process it for the purposes for which we received or collected it.

As a rule, we process the following categories of data from you:

  • Name first Name
  • Address and/or company address
  • Telecom Data
  • E-mail address
  • Company
  • professional function and/or position
  • Bank details / credit card number / other payment details, if applicable
  • if necessary, data on the history of the business relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or one of our employees, further personal data is collected that we collect, e.g. B. Information about contact channel, date, cause and result; (Electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are allowed to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes can only be considered if the necessary legal requirements in accordance with Art. 6 Para. 4 GDPR are in place. In this case, we will of course observe any information obligations under Art. 13 Para. 3 GDPR and Art. 14 Para. 4 GDPR.

legal basis

On the basis of your consent (Art. 6 Para. 1 lit. a GDPR)

We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.

Data processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR)

We process personal data for the performance of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is required to carry out pre-contractual measures, such as initiating a contract, and which is carried out at your request.

Data processing based on a legal obligation (Article 6 (1) (c) GDPR)

Like any business, we have retention and other documentation requirements, which may include documents containing personal information. Insofar as we process data for these purposes, the processing takes place on the basis of a legal obligation.

Data processing based on legitimate interests (Article 6 (1) (f) GDPR)

If we process data on the basis of legitimate interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR. As far as the specific purpose allows, we process your data pseudonymously or anonymously.

Other recipients of your data

Passing on to processors within the framework of Art. 28 GDPR

Processors used by us (Art. 28 GDPR), especially in the area of IT services, who process your data for us in accordance with our instructions. If we commission service providers to fulfill our tasks, we always observe the data protection regulations, in particular, data is only passed on after contracts for order processing have been concluded.

To carry out a contractual relationship

If it is necessary for the execution of the contract with you, we pass on your data to banks (you can find the relevant bank in the respective contract documents) or shipping service providers (usually Deutsche Post or DHL).

Disclosure due to a legal obligation

If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

In the legitimate interest of a legal representative

In the event of disputes, we reserve the right to engage a legal representative to clarify the matter and will transmit your data for this purpose. Which legal representative we use depends on the specific case.

Other positions, insofar as you have given us your consent

If you have given your explicit consent, we will also pass on your data to other bodies. However, this is done within the limits of the existence of a verifiable consent by you.

Information on relevant erasure periods for personal data

Principle of earmarking and compliance with statutory retention periods

We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.

In addition, like any company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as there are legal storage obligations, the relevant personal data will be stored for the duration of the storage obligation. The legal retention period for the execution of legal transactions (in particular according to §257 HGB and §158 AO) is 10 years, starting with the calendar year following a transaction. The storage period is also based on the statutory limitation periods, which, for example, are usually three years according to Sections 195 et seq. of the German Civil Code (BGB).

After the storage obligation has expired, it is checked whether there is a further need for processing. If it is no longer necessary, the data will be deleted.

Concrete example

If you provide us with your contact details, for example by e-mail, telephone or by handing over your business card, we store this data on the basis of pre-contractual measures within the meaning of Article 6 Paragraph 1 lit. b GDPR and in the legitimate interest according to Article. 6 Paragraph 1 lit. f GDPR. The legitimate interests lie in smooth and targeted communication. If no legal transaction comes about, we will delete your data if you ask us to do so or if there is no further contact within a period of 3 years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit b GDPR), we will store your data for 10 years until the commercial and tax regulations expire. After this period, we check whether we can delete the data and, if necessary, delete it.

Audit-proof email archiving

We archive our entire e-mail traffic for 10 years according to the principles of proper management and storage of books, records and documents in electronic form and data access. If you write us an e-mail, your data and the entire e-mail content will be stored for 10 years. Most e-mails count as business letters, and e-mails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual e-mail is disproportionate to the benefit and the legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out an individual examination. We will inform you of the result. This may result in erasure or restriction of processing, depending on the content of the correspondence.

Withdrawal of your consent

If we process your data on the basis of your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation. Unless legitimate interests stand in the way of complete deletion. For example, we generally keep the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f DSGVO). We keep the consent exclusively and with limitation of processing to be able to defend ourselves in case of dispute.

Your rights

You have the right to information, correction, restriction, deletion, objection and the right to complain to the competent state data protection authority at any time. You can also revoke your consent at any time. You can find detailed information under the heading „Your rights under the General Data Protection Regulation“ in this data protection declaration.

Legal or contractual obligation to provide personal data

The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it is not possible for us to conclude and fulfill a contract with you.

Transmission to a third country

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. Transmission to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.

 Reject all cookies

You can find more information on how Google Analytics handles user data in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage duration

Data stored by Google at the user and event level that is linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised after 14 months or deleted. You can find details on this at the following link: https://support.google.com/analytics/answer/7667196?hl=de

Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google Ads, we use so-called conversion tracking. If you click on an ad placed by Google, a cookie will be set for conversion tracking. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of „conversion cookies“ and the use of this tracking tool are based on Article 6 Paragraph 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.

You can find more information about Google Ads and Google Conversion Tracking in Google’s data protection regulations: https://policies.google.com/privacy?hl=de.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.