Last Updated May 19, 2021.
Our company is committed to protecting personal data and respects your desire for privacy. Here we provide you with information on the collection of personal data when our website is used. If you have further questions relating to use of your personal data, please do not hesitate to contact our Data Protection Officer.
When you get in touch with us by e-mail or using a contact form, we store the data you provide (such as your e-mail address, name and phone number) so that we can respond to your questions and handle your requests. The legal basis for that is Article 6 (1) sentence 1 point (f) GDPR. Inputs that we request in our contact form, but that are not necessary for contacting us, are always indicated as optional. This information helps us ascertain more concrete details about your request so that it can be better handled. It is provided expressly on a voluntary basis and with your consent in accordance with Article 6 (1) point (a) GDPR. The data we obtain from you when you contact us is erased as soon as it is no longer required for achieving the purpose for which it was collected, your request has dealt with in full, and no further communication with you is necessary or wanted by you. If there is no further action on your part within 6 months after the first contact or a response from AEVI, we will delete your data. If the contact leads to further actions based on another legal basis (e.g. contractual relationship) and are processed further, they are subject to a longer retention period as applicable.
As the controller under data protection law, our company has implemented numerous technical and organizational measures to ensure that personal data processed on this website is protected as fully as possible. Nevertheless, the transfer of data over the Internet may have security vulnerabilities. Total protection cannot be guaranteed, and sending unencrypted e-mails is not a secure means of transfer. We therefore ask you not to send sensitive data by unencrypted e-mail, but instead to use encrypted means of communication (such as our contact form) or regular postal mail.
Our service provider for our contact form is salesforce Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”).
We will be pleased to provide you with information on whether and what personal data about you is processed by us and for what purposes (Article 15 GDPR). You also have the right, subject to the statutory conditions being met, to rectification of data (Article 16 GDPR), to restriction of processing (Article 18 GDPR), to erasure of data (Article 17 GDPR), and to data portability (Article 20 GDPR). Subject to the statutory conditions being met, you have a right to object to the processing of personal data about you (Article 21 GDPR).
If you wish to exercise these rights, please contact us by sending an e-mail to GDPR@aevi.com or by postal mail under the address AEVI International GmbH, Heinz-Nixdorf-Ring 1, 33106 Paderborn, Germany. The exercise of these rights is free of charge for you.
Without prejudice to these rights and the possibility of any other administrative or judicial remedy, you can at any time lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement, if you consider that the processing of personal data about you infringes data protection regulations (Article 77 GDPR).
The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(The North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information)
P.O. Box 20 04 44
Phone: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
This is for your information. You may also address your concerns with another supervisory authority.
Insofar as we engage service providers for the processing of your personal data on our behalf, they are listed below. We conclude Data Processing Agreements with the service providers pursuant to Art. 28 GDPR to ensure all legal Data Privacy obligations.
We prefer processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established before transferring your personal data, e.g. by means of the EU standard contracts or Binding Corporate Rules.
Legal bases for our data processing
There may be various legal grounds for processing personal data. If we need your data to fulfill a contract with you or to reply to your inquiry relating to a contract, the legal basis for such data processing is Article 6 (1) sentence 1 point (b) GDPR. If we obtain your explicit or implied consent to a specific type of data processing, the legal basis is Article 6 (1) sentence 1 point (a) GDPR. We carry out some types of data processing on the basis of our legitimate interests. In this case, your interests in protecting your personal data are always weighed against our legitimate interests. The legal basis for that is Article 6 (1) point (f) GDPR. If the processing of personal data is necessary for compliance with a legal obligation our company has, the legal basis for that is Article 6 (1) point (c) GDPR.
In the following, we explain how we process personal data in connection with our website.
Data processing when the website is called
If you only use the website to obtain information, i.e. if you do not register or otherwise send us information (using a contact form, for example), we collect the following technical information (log file data):
– The operating system of the device you use to visit our website
– Your browser (type, version and language settings)
– The current IP address of the device you use to visit our website
– The date and time you accessed the website
– The URL of the website you previously visited
– The URL of the (sub-)page you call on the website
– The Internet service provider of the system accessing our website
This data must be collected for technical reasons so that we can display our website to you and ensure its stability and security. We (and our service provider) do not normally know the identity of the person behind an IP address. We do not combine the above data with other data. The legal basis for that is Article 6 (1) sentence 1 point (f) GDPR. Since the collection of this data is absolutely necessary so that we can deliver the website and since the data must be stored in log files so that the website can be operated and we can prevent misuse, our legitimate interest in processing the data outweighs your interests in this case.
We use a service provider for web hosting and infrastructure services, namely Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.
We have taken extensive technical and organizational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are reviewed regularly and adapted to technological advances.
Transfer of data
On principle, your personal data is not transmitted to third parties unless we are obliged by law to do so, transmission of the data is required to fulfill a contract, or you have given your express prior consent to the transmission of your data.
Where our service providers process your personal data on our behalf, we ensure as part of such commissioned data processing in accordance with Article 28 GDPR that they likewise comply with data protection laws. Please also take note of the privacy policies of the providers in question.
We place value on processing your data within the EU / EEA. However, it may be the case that we engage service providers who process data for us outside the EU / EEA. In such cases, we ensure before transmitting your personal data that an adequate level of data protection comparable to EU standards has been established at the recipient. This can be achieved, for example, by means of EU standard contractual clauses or Binding Corporate Rules.
You can apply to work for our company electronically by e-mail or web forms or by regular postal mail. Please note that if you send unencrypted e-mails, they are not protected against being accessed.
Your statements are used to handle your application and enable us to decide whether to establish an employment relationship with you. The legal basis for that is Section 26 (1) in conjunction with (8) sentence 2 of the German Federal Data Protection Act (BDSG). In addition, personal data about you may be processed where that is required for the defense of legal claims against us from the job application process. The legal basis for that is Article 6 (1) sentence 1 point (f) GDPR. The above purposes also constitute our legitimate interest in processing the data.
If we establish an employment relationship with you, under Section 26 (1) of the German Federal Data Protection Act (BDSG) we can continue processing the personal data obtained from you for purposes of the employment relationship, if that is required for performing or terminating the employment relationship or for the exercise of rights or discharge of duties by employee representative bodies under the law or under collective bargaining, company or works agreement (collective agreement).
Your application data is not processed above and beyond the specified uses.
Your personal data will be deleted no later than 6 months after the application process has been concluded, unless we have other legitimate interests for not erasing it or you have given us your consent to it being stored for a longer period of time. Another legitimate interest here is, for example, the requirement to furnish proof in the event of legal action under the German General Act on Equal Treatment (AGG).
We use as service provider for our contact form for applications Lever, Inc., 1125 Mission Street, San Francisco, CA 94103, USA
Registration on our Developer Portal
We operate a community for Developers wishing to offer their Apps on our AEVI Platform. For the registration and creation of a user account, certain data must be provided. The personal data you are required to provide is indicated as a mandatory field in the registration form; any other information you provide is given voluntarily.
We collect and store the following data from you as part of registration:
– First name
We use the double opt-in procedure for registration: after you have registered on our developer portal, we first send you a notification e-mail and ask you to confirm your wish to register on the portal by clicking on a link contained in that e-mail. If you do not click on this link within 4 days, it is automatically erased from our database. After registering, you receive a personal, password-protected means of access and can view and manage the data you have stored.
We store data about you until you definitively delete your means of access. You can manage and change all the information in the protected customer area. Data that we collect beyond this, e.g. due to the conclusion of a developer contract between you and us, will be deleted after the statutory retention period has expired.
You can delete your user account at any time. If you delete your account, all your personal data is erased, unless it has to be retained by law or is covered by Article 17 (3) GDPR.
The legal basis for processing the data in this way is Article 6 (1) points (a), (b) and (f) GDPR.
Use of data when registering for the e-mail newsletter
We use the so-called double opt-in procedure for sending the newsletter: After you have registered on our Website to receive the newsletter, we will first send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail. Only after we have received this confirmation from you, we will send you our newsletters. If you do not wish to receive any more newsletters from us at a later date, you can object to receiving further newsletters for the future at any time without incurring any costs other than the possible transmission costs according to the basic rates. A notification to the above mentioned contact data (e.g. by e-mail, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe link in every newsletter. When you receive a newsletter, we receive certain information about the success of the newsletter in a statistical, aggregated manner (e.g. ratio of delivered to undelivered newsletters, ratio of opened newsletters, ratio of successful clicks on links in newsletter) and also some personal information (e.g. if the newsletter could not be delivered, was opened and in which format).
The legal basis for this data processing is Art. 6 para. 1 lit. a, b and f DSGVO. After unsubscribing from the newsletter, all personal data that is not subject to a legal retention obligation or Article 17 (3) DSGVO will be deleted.
What are cookies?
Cookies are items of data which are stored on your computer system by a website you visit and enable your browser to be identified again. Cookies transmit information to the party using them. Cookies can store various items of information, such as your language setting, the length of time you visited our website, or the information you entered there. That eliminates the need to enter the required form data again every time you use the website, for example. The information stored in cookies can also be used to identify preferences and tailor content to fields of interest.
There are two different types of cookie: Session cookies are strings of data that are stored temporarily in the working memory and deleted when you close your browser. Persistent cookies are deleted automatically after a predefined time, which may differ depending on the cookie. With this type of cookie, information can also be stored in text files on your computer system. However, you can delete these cookies as well using your browser settings.
First-party cookies are always placed by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are placed by organizations that are not the operator of the website you are visiting. They are used by marketing companies, for example.
The legal basis for the possible processing of personal data using cookies and the length of time they are stored may vary. If you have given us your consent, the legal basis is Article 6 (1) sentence 1 point (a) GDPR. If we have legitimate interests in processing the data and they outweigh your interests, the legal basis is Article 6 (1) sentence 1 point (f) GDPR. The specified purpose then constitutes our legitimate interest.
For the non-essential cookies that require consent as a legal basis, we use an external service provider to obtain and manage consent: OneTrust Technology Ltd, Cannon Green 27 Bush Lane London, UK. OneTrust stores information about the categories of cookies used by the website and whether users have given or withdrawn their consent to the use of each category. This allows us to prevent non-essential cookies from being set without your consent.
The cookies used on this website are:
|OptanonConsent||.aevi.com||1 year||Storage of the selection in the cookie banner||Legitimate interest|
|__cfduid||.onetrust.com||1 year||Storage of the selection in the cookie banner||Legitimate interest|
||Pardot||2 years||Pardot-Tracking-Code to pardot account ID||Consent|
||Pardot||2 years||Tracking button on / off||Consent|
||Pardot||2 years||Pardot account ID stores a unique hash||Consent|
||Pardot||Session plus 30 min||Page view count||Consent|
|pardot||Pardot||Session plus 30 min||Pardot Session Cookie||Consent|
|_pk_id||Matomo||Session plus 13 months||Matomo first party cookie unique visitor ID||Consent|
|_pk_ref||Matomo||6 months||Matomo first party cookie attribution information about the visit to the website||Consent|
|_pk-ses||Matomo||Session plus 30 min||Matomo first party cookie Session cookie||Consent|
We use the software “Matomo” (www.matomo.org) on this website, a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The responsible party for users in the EU/EEA and Switzerland is ePrivacy Holding GmbH Große Bleichen 21 20354 Hamburg Germany. Matomo Analytics uses a first-party cookie to help the website analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Matomo on servers in Germany. Due to the activation of IP anonymisation on this website, your IP address will be shortened by Matomo. The following data is collected by us:
– IP address of the user (anonymised)
– User ID (anonymised)
– Date and time of the query
– Title of the page accessed (Page Title)
– URL of the page called up (Page URL)
– URL of the page accessed before the current page (referrer URL)
– Screen resolution used
– Time in the local user’s time zone
– Files that were clicked on and downloaded (Download)
– Links to an external domain that were clicked on (outlink)
– Page generation time (the time it takes the web server to generate the pages and then download them from the user: Page speed)
– Location of the user: country, region, city, approximate latitude and longitude (geolocation).
Some information is also stored in first-party cookies and then collected by Matomo:
– Random unique visitor ID
– Time of this user’s first visit
– Time of this user’s last visit
– Number of visits by this user
On behalf of the operator of this website, Matomo will use this information to evaluate your use of the website in order to compile reports on website activity. These purposes also constitute our legitimate interest in processing data via Matomo Analytics. The data sent by us and linked to the cookie is automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
YouTube (extended data protection mode)
We use services from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. As part of that, we use the extended data protection mode option YouTube provides in order to protect your personal data. If you call a page on which a YouTube video is embedded, a connection to YouTube’s servers is established and the content is shown on the website by being transmitted to your browser. According to YouTube, however, data is sent to the YouTube server in extended data protection mode only if you actively start the video. If you are logged on to YouTube at the time, information on the videos you have watched is assigned to your YouTube account. You can prevent that by logging off your YouTube account before visiting our website.
More information on data protection on YouTube is provided by Google at: https://policies.google.com/privacy?hl=en&gl=de.
Google Web Fonts (online variant)
We use web fonts from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) to ensure consistent fonts are displayed on our website. When you call our website, the required data is loaded in your browser cache so that texts and fonts are displayed correctly. That requires a connection to Google’s servers and may mean that personal data, in particular your IP address, is transmitted to servers of Google LLC in the USA. Google web fonts are transferred to your browser’s cache so that they do not need to be loaded multiple times. If your browser does not support web fonts or prevents access to them, a default font from your computer is used.
The legal basis for data processing is our legitimate interest in ensuring a consistent and appealing presentation of our online offering.
We use services from salesforce Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”). Pardot analyses the activities of visitors and potential customers on our website and landing pages by setting cookies on their browsers. Cookies are set to remember preferences (e.g. form field values) when a visitor returns to our website. Pardot also sets a cookie for logged in users to maintain the session and remember table filters. Pardot uses first-party cookies for tracking purposes and third-party cookies for redundancy. The joint use of first-party and third-party cookies is standard in the marketing automation industry. Pardot cookies do not store personally identifying information, only a unique identifier. Pardot sets first-party cookies on our Tracker subdomains and Pardot domains. (Pardot uses third party cookies on https pages and when no tracker subdomain is set up on your account).
Links to third party website
Our website may contain links to other third-party websites. If you follow a link to one of these third-party websites, please note that these websites process your Personal Data under their own responsibility and that we do not accept any responsibility or liability for their policies or their processing of your Personal Data. Please review these third-party privacy statements before submitting any Personal Data to these third-party websites.
Our social media presence
Social networks such as Facebook, Instagram or Twitter can comprehensively analyze your user behaviour when you visit their website or a website with a connection to the social networks (e.g. through Like buttons or advertising banners on our own website). Visiting our social media sites triggers numerous processing operations relevant to data protection. In detail:
– The social network can assign your visit to your user account, possibly even if you are not logged in with your account in the social network or do not have an account at all.
– By analyzing your user behaviour, the social network can draw conclusions about your preferences and interests and thus create user profiles, so that you may be shown interest-based advertising across devices inside and outside the respective social media presence.
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. The legal basis for our use of social media advertising banners and Like buttons is Art. 6 (1) lit. f DSGVO. The further analyses initiated by the social networks mentioned above may be based on different legal bases, which are to be stated by the operators of the social networks in their own data protection declarations. The same applies to the storage period of your personal data with the operator of the social media platform.
Operators of our social media accounts
|Account||Operator||Data Privacy Notes|
1000 W. Maude Avenue
Sunnyvale, CA 94085
1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
1 Hacker Way, Menlo Park, California 94025, USA.
1601 Willow Road, Menlo Park, CA, 94025, USA.
|Youtube||YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, einem Unternehmen der Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA||https://support.google.com/adspolicy/
If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the meeting host. When registering for the online meeting, you must enter your name and, if applicable, your e-mail address. You are not required to communicate with us via Microsoft Teams. If you prefer, communication can take place by other means (such as e-mail or telephone).
If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR (special categories of personal data), we ask you to black out or otherwise make this data unrecognizable in advance.
We use Microsoft Teams, a service of Microsoft Corporation. For more information about how we process your data when you use Teams, please visit: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer .
Purposes of data processing/legal basis
We use the “Microsoft Teams” tool to conduct online meetings, video conferences and/or webinars and, where applicable, to exchange documents or electronic information (e.g. graphics, videos) with the participants.
Our legitimate interest (Art, 6 (1) lit. f) GDPR is the legal basis for the data processing regarding contact persons at external bodies. Our interest is to create improvements in our organization as well as on our communication with our contact persons. In some cases, our contact person is a natural person as our direct contractual partner. In these cases, the fulfillment of a contract (Art. 6 para. 1 lit. b) GDPR) is the legal basis.
If we process special categories of your personal data within the meaning of Art. 9 (1) GDPR are processed, e.g. within documents provided, the legal basis is Art. 9 (2) a) GDPR. You expressly give your consent for this.
Furthermore, in accordance with Art. 49 (1) a) GDPR, you expressly consent to the fact that under certain circumstances data may also be transferred to entities outside the EU/EEA.
You can revoke these consents at any time with effect for the future. In the event of revocation, we will delete the documents from Microsoft Teams.
Recipients / Disclosure of Data:
Personal data processed in connection with the filing of documents in Microsoft Teams will generally not be disclosed to third parties unless it is specifically intended for disclosure. Please note that content from stored documents, as well as from personal meetings, is often used to communicate information with customers, prospects, or third parties and is therefore intended for disclosure.
However, the provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft”.
Storage period/ criteria for determining the storage period:
We generally delete your personal data from the Online Meeting Tool when there is no need for further storage. A requirement may exist, in particular, if the data is still needed to fulfill contractual services, to check and grant warranty claims or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
AEVI International GmbH
If you have any questions, please do not hesitate to contact our Data Protection Officer:
Mr. Jörg Rübben