Privacy Policy

Siehe Deutsche Übersetzung   |   See also the IMPRINT

 

Privacy Policy

Our company is committed to protecting personal data and respects your desire for privacy. Here we provide you with information on the collection of personal data when our website is used. If you have further questions relating to use of your personal data, please do not hesitate to contact our Data Protection Officer.

 

Contact

When you get in touch with us by e-mail or using a contact form, we store the data you provide (such as your e-mail address, name and phone number) so that we can respond to your questions and handle your requests. The legal basis for that is Article 6 (1) sentence 1 point (f) GDPR. Inputs that we request in our contact form, but that are not necessary for contacting us, are always indicated as optional. This information helps us ascertain more concrete details about your request so that it can be better handled. It is provided expressly on a voluntary basis and with your consent in accordance with Article 6 (1) point (a) GDPR.

The data we obtain from you when you contact us is erased as soon as it is no longer required for achieving the purpose for which it was collected, your request has dealt with in full, and no further communication with you is necessary or wanted by you. If there is no further action on your part within 6 months after the first contact or a response from AEVI, we will delete your data. If the contact leads to further actions based on another legal basis (e.g. contractual relationship) and are processed further, they are subject to a longer retention period as applicable.

As the controller under data protection law, our company has implemented numerous technical and organizational measures to ensure that personal data processed on this website is protected as fully as possible. Nevertheless, the transfer of data over the Internet may have security vulnerabilities. Total protection cannot be guaranteed, and sending unencrypted e-mails is not a secure means of transfer. We therefore ask you not to send sensitive data by unencrypted e-mail, but instead to use encrypted means of communication (such as our contact form) or regular postal mail.

Our service provider for our contact form is salesforce Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”).

Your rights

We will be pleased to provide you with information on whether and what personal data about you is processed by us and for what purposes (Article 15 GDPR). You also have the right, subject to the statutory conditions being met, to rectification of data (Article 16 GDPR), to restriction of processing (Article 18 GDPR), to erasure of data (Article 17 GDPR), and to data portability (Article 20 GDPR).

Subject to the statutory conditions being met, you have a right to object to the processing of personal data about you (Article 21 GDPR).

If you wish to exercise these rights, please contact us by sending an e-mail to GDPR@aevi.com or by postal mail under the address AEVI International GmbH, Ahornallee 9, 33106 Paderborn, Germany. The exercise of these rights is free of charge for you.

Without prejudice to these rights and the possibility of any other administrative or judicial remedy, you can at any time lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement, if you consider that the processing of personal data about you infringes data protection regulations (Article 77 GDPR).

The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(The North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information)
P.O. Box 20 04 44
40102 Düsseldorf
Germany

Phone: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
E-mail: poststelle@ldi.nrw.de

This is for your information. You may also address your concerns with another supervisory authority.

Insofar as we engage service providers for the processing of your personal data on our behalf, they are listed below. We conclude Data Processing Agreements with the service providers pursuant to Art. 28 GDPR to ensure all legal Data Privacy obligations.

We prefer processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established before transferring your personal data, e.g. by means of the EU standard contracts or Binding Corporate Rules.

 

Legal bases for our data processing

There may be various legal grounds for processing personal data. If we need your data to fulfill a contract with you or to reply to your inquiry relating to a contract, the legal basis for such data processing is Article 6 (1) sentence 1 point (b) GDPR. If we obtain your explicit or implied consent to a specific type of data processing, the legal basis is Article 6 (1) sentence 1 point (a) GDPR. We carry out some types of data processing on the basis of our legitimate interests. In this case, your interests in protecting your personal data are always weighed against our legitimate interests. The legal basis for that is Article 6 (1) point (f) GDPR. If the processing of personal data is necessary for compliance with a legal obligation our company has, the legal basis for that is Article 6 (1) point (c) GDPR.

In the following, we explain how we process personal data in connection with our website.

 

Data processing when the website is called

If you only use the website to obtain information, i.e. if you do not register or otherwise send us information (using a contact form, for example), we collect the following technical information (log file data):

– The operating system of the device you use to visit our website
– Your browser (type, version and language settings)
– The current IP address of the device you use to visit our website
– The date and time you accessed the website
– The URL of the website you previously visited
– The URL of the (sub-)page you call on the website
– The Internet service provider of the system accessing our website

This data must be collected for technical reasons so that we can display our website to you and ensure its stability and security. We (and our service provider) do not normally know the identity of the person behind an IP address. We do not combine the above data with other data.

The legal basis for that is Article 6 (1) sentence 1 point (f) GDPR. Since the collection of this data is absolutely necessary so that we can deliver the website and since the data must be stored in log files so that the website can be operated and we can prevent misuse, our legitimate interest in processing the data outweighs your interests in this case.

We use a service provider for web hosting and infrastructure services, namely Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.

 

Data security

We have taken extensive technical and organizational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are reviewed regularly and adapted to technological advances.

 

Transfer of data

On principle, your personal data is not transmitted to third parties unless we are obliged by law to do so, transmission of the data is required to fulfill a contract, or you have given your express prior consent to transmission of your data.

Where our service providers process your personal data on our behalf, we ensure as part of such commissioned data processing in accordance with Article 28 GDPR that they likewise comply with data protection laws. Please also take note of the privacy policies of the providers in question.

We place value on processing your data within the EU / EEA. However, it may be the case that we engage service providers who process data for us outside the EU / EEA. In such cases, we ensure before transmitting your personal data that an adequate level of data protection comparable to EU standards has been established at the recipient. This can be achieved, for example, by means of EU standard contractual clauses, Binding Corporate Rules.

 

Applications

You can apply to work for our company electronically by e-mail or web forms or by regular postal mail. Please note that if you send unencrypted e-mails, they are not protected against being accessed.

Your statements are used to handle your application and enable us to decide whether to establish an employment relationship with you. The legal basis for that is Section 26 (1) in conjunction with (8) sentence 2 of the German Federal Data Protection Act (BDSG). In addition, personal data about you may be processed where that is required for the defense of legal claims against us from the job application process. The legal basis for that is Article 6 (1) sentence 1 point (f) GDPR. The above purposes also constitute our legitimate interest in processing the data.

If we establish an employment relationship with you, under Section 26 (1) of the German Federal Data Protection Act (BDSG) we can continue processing the personal data obtained from you for purposes of the employment relationship, if that is required for performing or terminating the employment relationship or for the exercise of rights or discharge of duties by employee representative bodies under the law or under a collective bargaining, company or works agreement (collective agreement).

Your application data is not processed above and beyond the specified uses.

Your personal data will be deleted no later than 6 months after the application process has been concluded, unless we have other legitimate interests for not erasing it or you have given us your consent to it being stored for a longer period of time. Another legitimate interest here is, for example, the requirement to furnish proof in the event of legal action under the German General Act on Equal Treatment (AGG).

We use as service provider for our contact form for applications Lever, Inc., 1125 Mission Street, San Francisco, CA 94103, USA.

 

Registration on our Developer Portal

We operate a community for Developers wishing to offer their Apps on our AEVI Platform. For the registration and creation of a user account, certain data must be provided. The personal data you are required to provide is indicated as a mandatory field in the registration form; any other information you provide is given voluntarily.

We collect and store the following data from you as part of registration:

– First name
– Surname

– Organization
– Password
– E-mail

We use the double opt-in procedure for registration: after you have registered on our developer portal, we first send you a notification e-mail and ask you to confirm your wish to register on the portal by clicking on a link contained in that e-mail. If you do not click on this link within 4 days, it is automatically erased from our database. After registering, you receive a personal, password-protected means of access and can view and manage the data you have stored.

We store data about you until you definitively delete your means of access. You can manage and change all the information in the protected customer area. Data that we collect beyond this, e.g. due to the conclusion of a developer contract between you and us, will be deleted after the statutory retention period has expired.

You can delete your user account at any time. If you delete your account, all your personal data is erased, unless it has to be retained by law or is covered by Article 17 (3) GDPR.

The legal basis for processing the data in this way is Article 6 (1) points (a), (b) and (f) GDPR.

 

Use of data when registering for the e-mail newsletter

We use the so-called double opt-in procedure for sending the newsletter: After you have registered on our Website to receive the newsletter, we will first send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail. Only after we have received this confirmation from you, we will send you our newsletters. If you do not wish to receive any more newsletters from us at a later date, you can object to receiving further newsletters for the future at any time without incurring any costs other than the possible transmission costs according to the basic rates. A notification to the above mentioned contact data (e.g. by e-mail, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe link in every newsletter.

When you receive a newsletter, we receive certain information about the success of the newsletter in a statistical, aggregated manner (e.g. ratio of delivered to undelivered newsletters, ratio of opened newsletters, ratio of successful clicks on links in newsletter) and also some personal information (e.g. if the newsletter could not be delivered, was opened and in which format).

The legal basis for this data processing is Art. 6 para. 1 lit. a, b and f GDPR.

After unsubscribing from the newsletter, all personal data that is not subject to a legal retention obligation or Article 17 (3) GDPR will be deleted.

 

Your participation in surveys

From time to time, we may offer you to participate in surveys about the market or certain products. If you participate by accessing and answering the questions, you indicate your consent with the processing of your personal data by AEVI and / or external processors. Where possible, we will always chose the EU as place of data storage and we will always conclude a Data Processing Agreement with the external processor to ensure compliance with GDPR. We process your IP address and further data that you may wish to give us about yourself, like e.g. your name, or email address. The data will be stored for the duration of the survey, or until you withdraw your consent (whichever occurs first). The legal basis of the data processing is your consent pursuant to Article 6 (1) point (a) GDPR.

More or other legal grounds and purposes may apply additionally, e.g. if you also subscribe for our newsletter on the occasion of participating in the survey.

 

What are cookies?

Cookies are items of data which are stored on your computer system by a website you visit and enable your browser to be identified again. Cookies transmit information to the party using them. Cookies can store various items of information, such as your language setting, the length of time you visited our website, or the information you entered there. That eliminates the need to enter the required form data again every time you use the website, for example. The information stored in cookies can also be used to identify preferences and tailor content to fields of interest.

There are two different types of cookie: Session cookies are strings of data that are stored temporarily in the working memory and deleted when you close your browser. Persistent cookies are deleted automatically after a predefined time, which may differ depending on the cookie. With this type of cookie, information can also be stored in text files on your computer system. However, you can delete these cookies as well using your browser settings.

First-party cookies are always placed by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are placed by organizations that are not the operator of the website you are visiting. They are used by marketing companies, for example.

The legal basis for the possible processing of personal data using cookies and the length of time they are stored may vary. If you have given us your consent, the legal basis is Article 6 (1) sentence 1 point (a) GDPR. If we have legitimate interests in processing the data and they outweigh your interests, the legal basis is Article 6 (1) sentence 1 point (f) GDPR. The specified purpose then constitutes our legitimate interest.

We use cookies in order to ensure the website is operated properly, to provide basic features, to measure the reach of our website, and – with your consent – to tailor our services to your preferred fields of interest.

The cookies used on this website are:

Cookie Provider Validity Purpose Legal basis
cookieConsent .aevi.com 1 year Storage of the selection in the cookie banner Legitimate interest
cookiesFunctional .aevi.com 1 year Storage of the selection in the cookie banner Legitimate interest
cookiesPerformance .aevi.com 1 year Storage of the selection in the cookie banner Legitimate interest
cookiesTargeting .aevi.com 1 year Storage of the selection in the cookie banner Legitimate interest
visitor_id Pardot 2 years Pardot-Tracking-Code to pardot account ID Consent
visitor_id hash Pardot 2 years Pardot account ID stores a unique hash Consent
lpv Pardot Session plus 30 min Page view count Consent
pardot Pardot Session plus 30 min Pardot Session Cookie Consent
lang LinkedIn Session LinkedIn Cookie which is used to remember a user’s language Consent
bcookie LinkedIn 2 years LinkedIn Cookie which is used to identify unique users Consent
li_gc LinkedIn 2 years LinkedIn Cookie used to store consent of guests regarding the use of cookies Consent
lidc LinkedIn 24 hours LinkedIn Cookie used to facilitate data center selection Consent
AnalyticsSyncHistory LinkedIn 30 days Used to store information about the time a sync took place with the lms_analytics cookie Consent
UserMatchHistory LinkedIn 30 days Used for id sync process. It stores the last sync time to avoid repeating the syncing process in a frequent manner Consent
Bscookie LinkedIn 2 years Used for remembering that a logged in user is verified by two factor authentication Consent
_ga Google 2 years Google Analytics First Party Cookie used to identify unique users Consent
_gac_gb_ Google 90 days Google Analytics First Party Cookie used to capture campaign data Consent
_gat Google 1 minute Created by Google Analytics script to throttle the request rate to Google Analytics. Consent
_gcl_ad Google 6 months Used to target advertising on the Google network to users who visit our website. Consent
_gcl_aw Google 6 months Used to target advertising on the Google network to users who visit our website. Consent

 

You can delete cookies already stored on your device at any time. If you wish to prevent the storage of cookies, you can do so in your browser settings. You can find instructions on how to do that for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, and Safari mobile. Alternatively, you can install ad blockers. Please note that individual functions on our website might not work if you have disabled the use of cookies.

When our website is called, an info banner also notifies all users of our website that we use cookies and refers them to this Privacy Policy. You as a user are also asked to consent to the use of certain cookies, in particular those relating to the personalization of services and marketing measures. After giving your consent, you can withdraw it at any time with future effect by using the links above to the different browsers to change your saved settings removing the checkmark from the processing you have consented to.

Google Analytics 

This website uses Google Analytics, a web analytics service from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU / EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The version Universal Analytics is used here. It enables data, sessions and interactions to be assigned to a pseudonymous user ID across multiple devices and so allows analysis of a user’s activities on all devices. 
Google Analytics uses cookies that enable an analysis of how you use the website. The information on your use of this website generated using the cookie is usually transferred to and stored on a server operated by Google in the USA. Because IP anonymization is enabled on this website, however, your IP address will be truncated by Google within the member states of the European Union or other countries that are party to the Agreement on the European Economic Area. The complete IP address is sent to a Google server in the USA and truncated there only in exceptional cases.

The IP address sent from your browser as part of Google Analytics is not combined by Google with other data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services for the website operator relating to website and Internet use. These purposes also constitute our legitimate interest in processing data using Google Analytics. 
The data that we send and that is linked with cookies or user identifiers (e.g. a user ID) is automatically erased after 14 months. Data whose retention period has ended is erased automatically once a month. 

You can prevent storage of the cookies by making the appropriate setting in your browser software; however, we point out that if you do so, you might not be able to use all the functions of this website in full. You can also prevent Google recording the data on your use of the website and generated by the cookie (including your IP address) and its processing of this data by downloading and installing the browser add-on available here. 

Opt-out cookies prevent future recording of your data when you visit this website. In order to prevent your data being recorded by Universal Analytics across different devices, you have to opt out on each system you use. You can set the opt-out cookie by clicking here: Disable Google Analytics. 

You can find more information on the terms of service for Google Analytics and data privacy at Google at Google Analytics Terms or at Google Analytics Policies.

 

YouTube (extended data protection mode)

We use services from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. As part of that, we use the extended data protection mode option YouTube provides in order to protect your personal data. If you call a page on which a YouTube video is embedded, a connection to YouTube’s servers is established and the content is shown on the website by being transmitted to your browser. According to YouTube, however, data is sent to the YouTube server in extended data protection mode only if you actively start the video. If you are logged on to YouTube at the time, information on the videos you have watched is assigned to your YouTube account. You can prevent that by logging off your YouTube account before visiting our website.
More information on data protection on YouTube is provided by Google here.

 

Google Web Fonts (online variant)

We use web fonts from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) to ensure consistent fonts are displayed on our website. When you call our website, the required data is loaded in your browser cache so that texts and fonts are displayed correctly. That requires a connection to Google’s servers and may mean that personal data, in particular your IP address, is transmitted to servers of Google LLC in the USA. Google web fonts are transferred to your browser’s cache so that they do not need to be loaded multiple times. If your browser does not support web fonts or prevents access to them, a default font from your computer is used.

The legal basis for data processing is our legitimate interest in ensuring a consistent and appealing presentation of our online offering.

You can find more information on Google Web Fonts here, and in Google’s Privacy Policy.

 

Salesforce Pardot

We use services from salesforce Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”). Pardot analyses the activities of visitors and potential customers on our website and landing pages by setting cookies on their browsers. Cookies are set to remember preferences (e.g. form field values) when a visitor returns to our website. Pardot also sets a cookie for logged in users to maintain the session and remember table filters.

Pardot uses first-party cookies for tracking purposes and third-party cookies for redundancy. The joint use of first-party and third-party cookies is standard in the marketing automation industry. Pardot cookies do not store personally identifying information, only a unique identifier. Pardot sets first-party cookies on our Tracker subdomains and Pardot domains. (Pardot uses third party cookies on https pages and when no tracker subdomain is set up on your account).

 

Links to third party website

Our website may contain links to other third party websites. If you follow a link to one of these third party websites, please note that these websites process your Personal Data under their own responsibility and that we do not accept any responsibility or liability for their policies or their processing of your Personal Data. Please review these third party privacy statements before submitting any Personal Data to these third party websites.

Any information you express in a public forum or on a publicly accessible social media website (e.g., chat room, public posting or blog, whether or not operated by Aevi ) may be read, collected or used by us and others and may be used to personalize your experience. You are responsible for the information you submit through these media, and while we attempt to monitor user-posted content, such user-posted materials are not subject to this Privacy Policy. Use of Aevi’s accounts on social media or marketing websites may also be subject to additional policies and terms of use of the operators of those websites, which you should review before posting such public information.

Our social media presence

Social networks such as Facebook or Instagram can comprehensively analyze your user behavior when you visit their website or a website with a connection to the social networks (e.g. through Like buttons or advertising banners on our own website). Visiting our social media sites triggers numerous processing operations relevant to data protection. In detail:

– The social network can assign your visit to your user account, possibly even if you are not logged in with your account in the social network or do not have an account at all.

– By analyzing your user behavior, the social network can draw conclusions about your preferences and interests and thus create user profiles, so that you may be shown interest-based advertising across devices inside and outside the respective social media presence.

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. The legal basis for our use of social media advertising banners and Like buttons is Art. 6 (1) lit. f GDPR. The further analyses initiated by the social networks mentioned above may be based on different legal bases, which are to be stated by the operators of the social networks in their own data protection declarations. The same applies to the storage period of your personal data with the operator of the social media platform.

If you visit one of our social media sites mentioned below, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. Despite the joint responsibility, the processing of your personal data does not entirely lie within our responsibility but depends largely on the corporate policy of the respective provider. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

 

Operators of our social media accounts

Account Operator Data Privacy Notes
LinkedIn LinkedIn Corporation
1000 W. Maude Avenue
Sunnyvale, CA 94085
USA
LinkedIn Privacy Policy
Facebook Facebook Inc.
1 Hacker Way, Menlo Park, California 94025, USA.
Facebook Privacy Policy
Instagram Instagram Inc.
1601 Willow Road, Menlo Park, CA, 94025, USA.
Instagram Privacy Policy
Youtube YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, einem Unternehmen der Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA Google Privacy Policy

 

Online meetings

General:

If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the meeting host. When registering for the online meeting, you must enter your name and, if applicable, your e-mail address. You are not required to communicate with us via Microsoft Teams. If you prefer, communication can take place by other means (such as e-mail or telephone).

If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR (special categories of personal data), we ask you to black out or otherwise make this data unrecognizable in advance.

We use Microsoft Teams, a service of Microsoft Corporation. For more information about how we process your data when you use Teams, please visit Microsoft Privacy Statement and Microsoft Data protection and security in Microsoft Teams.

Purposes of data processing/legal basis

We use the “Microsoft Teams” tool to conduct online meetings, video conferences and/or webinars and, where applicable, to exchange documents or electronic information (e.g. graphics, videos) with the participants.

Our legitimate interest (Art, 6 (1) lit. f) GDPR is the legal basis for the data processing regarding contact persons at external bodies. Our interest is to create improvements in our organization as well as on our communication with our contact persons. In some cases, our contact person is a natural person as our direct contractual partner. In these cases, the fulfillment of a contract (Art. 6 para. 1 lit. b) GDPR) is the legal basis.

If we process special categories of your personal data within the meaning of Art. 9 (1) GDPR are processed, e.g. within documents provided, the legal basis is Art. 9 (2) a) GDPR. You expressly give your consent for this.

Furthermore, in accordance with Art. 49 (1) a) GDPR, you expressly consent to the fact that under certain circumstances data may also be transferred to entities outside the EU/EEA.

You can revoke these consents at any time with effect for the future. In the event of revocation, we will delete the documents from Microsoft Teams.

Recipients / Disclosure of Data:

Personal data processed in connection with the filing of documents in Microsoft Teams will generally not be disclosed to third parties unless it is specifically intended for disclosure. Please note that content from stored documents, as well as from personal meetings, is often used to communicate information with customers, prospects, or third parties and is therefore intended for disclosure.

However, the provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft”.

Storage period/ criteria for determining the storage period:

We generally delete your personal data from the Online Meeting Tool when there is no need for further storage. A requirement may exist, in particular, if the data is still needed to fulfill contractual services, to check and grant warranty claims or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

 

Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Aevi International GmbH
Ahornallee 9
33106 Paderborn
Germany

If you have any questions, please do not hesitate to contact our Data Protection Officer:

Mr. Jörg Rübben
Ahornallee 9
33106 Paderborn
Germany
E-mail: gdpr@aevi.com