friðhelgisstefna
name and address of the person responsible
The person responsible in terms of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
aipi e. K.
Grenzstraße 4
26919 Brake
E-Mail info@aipi.deSupervising body - State Commissioner for Data Protection
The task of the State Commissioner for Data Protection (LfD) is to monitor compliance with data protection regulations by public authorities and other public bodies as well as by commercial enterprises and other non-public bodies in Lower Saxony, thus ensuring the right to informational self-determination.
The competent authority in Lower Saxony:
The State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5
30159 Hannover
Telephone (05 11) 1 20-45 00
Fax (05 11) 1 20-45 99
https://www.lfd.niedersachsen.deGeneral information on data processing
The extent to which personal data is processed
We process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
In so far as we obtain the consent of the data subject for processing operations involving personal data, Art. Art. 6 para. 1 lit. a EU Basic Data Protection Regulation (DSGVO) as the legal basis.
Article 6 para. 1 lit. b DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
In so far as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the person concerned or of another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 letter f DSGVO serves as the legal basis for the processing.
If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 DSGVO.
Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose for which they were stored ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other rules to which the responsible person is subject.
Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to store the data further for the conclusion or performance of a contract. The data will then be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons. According to legal requirements, the retention period is 6 years (e.g. trading books, opening balance sheets) or 10 years (e.g. books, records) according to § 257 HGB and § 147 AO. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection commensurate with the risk; the measures include in particular securing the confidentiality, integrity and availability of data by controlling the physical access to the data as well as the access, input, transmission, securing of availability and its separation. We have also put in place procedures to ensure that data subjects' rights are respected, that data is deleted and that we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection by designing technology and by using data protection-friendly default settings (Art. 25 DSGVO).
Security measures include in particular the encrypted transmission of data between your browser and our server. This also applies to the transmission of e-mails between our server and our clients.
Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or any other individual notification.
Rights of the person concerned
If personal data is processed by you, you are the person concerned.S.d. DSGVO and you are entitled to the following rights vis-à-vis the person in charge:
right of access
You can request confirmation from the person in charge as to whether personal data concerning you are being processed by us.
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
- any available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision making including profiling in accordance with Art. You have the right to obtain information on the processing of your personal data in accordance with Article 22 (1) and (4) FADP and, at least in these cases, to be informed about the logic involved and the scope and intended consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 DSGVO in connection with the transmission.
This right of information may be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impairs them and the limitation is necessary for the fulfilment of the research or statistical purposes.
Right of rectification
You have the right to request the controller to correct and/or complete any personal data processed concerning you if it is incorrect or incomplete. The responsible person must make the correction without delay.
Your right to correction may be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impair it and the limitation is necessary for the fulfilment of the research or statistical purposes.
Right to limit processing
You may request limitation of the processing of personal data concerning you under the following conditions
- if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
If the processing of personal data relating to you has been restricted, such data may be processed - apart from storage - only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
Your right to restrict processing may be restricted to the extent that it is likely to make it impossible or seriously prejudicial to the attainment of the research or statistical purposes and that the restriction is necessary for the attainment of the research or statistical purposes.
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 letter a or Art. 9 para. 2 letter a DSGVO, and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 para. 1 DSGVO and there are no legitimate reasons for the processing, or you submit an objection pursuant to Art. 21 para. 1 DSGVO. The personal data concerning you have been processed unlawfully.
- The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- in order to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- on grounds of public interest relating to public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DPA;
- for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DPA, insofar as the right referred to in section a) is likely to render impossible or seriously hamper the attainment of the objectives of such processing, or
- for the assertion, exercise or defence of legal claims.
Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. Furthermore, you have the right to transmit these data to another person in charge without being hindered by the person in charge to whom the personal data have been made available, provided that
- the processing is based on a consent according to art. 6 paragraph 1 letter a DSGVO or art. 9 paragraph 2 letter a DSGVO or on a contract according to art. 6 paragraph 1 letter. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected.
The right to data transferability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The data controller will no longer process the personal data concerning you unless he can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
You may exercise your right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
You also have the right to object, for reasons connected with your specific situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with the provisions of the law. Art. 89 para. 1 DSGVO, you have the right to object to this.
Your right of objection can be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impair them and the limitation is necessary for the fulfilment of the research or statistical purposes.
Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of consent until revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect vis-à-vis you or which significantly affects you in a similar way. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the person responsible,
- is permitted by Union or national legislation to which the person responsible is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
- is made with your express consent.
All the same, these decisions may not be based on special categories of personal data in accordance with Art. 9 paragraph 1 DSGVO, unless Art. 9 paragraph 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
The supervisory authority to which the complaint was filed shall inform the complainant about the status and the results of the complaint, including the possibility of a legal remedy under Art. 78 DSGVO.
- the processing is based on a consent according to art. 6 paragraph 1 letter a DSGVO or art. 9 paragraph 2 letter a DSGVO or on a contract according to art. 6 paragraph 1 letter. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected.
Provision of the website and creation of logfiles
Description and scope of data processing
The provision of our website takes place on our own servers.),
- the transmission protocol used (http1.0, http1.1 etc.),
- status information of the server (call successful, redirection etc.),
- the amount of data transmitted,
- websites from which the user's system accesses our website,
- the address of the page called up including data transmitted via GET and
- information about the browser type and version used as well as the user's operating system.
Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 letter f DSGVO.
purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be saved for the duration of the session.
Saving in log files is done to ensure the website's functionality. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
In these purposes is also our legitimate interest in the data processing according to Art. 6 para. 1 lit. f DSGVO.
Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of the storage of data in log files, this is the case after a maximum of fourteen days. It is possible to save the data beyond that. In this case, the IP addresses of the users are deleted or alienated, so that an allocation of the calling client is no longer possible.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.
In the event of a security-relevant incident, all headers of the http communication between browser and server as well as the returned content of the server response are also logged.
The data is also stored in the log files of our system. A storage of these data together with other personal data of the user does not take place.
Contact by e-mail
Description and scope of data processing
On our website our e-mail address is mentioned as a contact option. In the event of contact by e-mail, the user's personal data transmitted with the message will be stored.
In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.
The legal basis for the processing of the data
The legal basis for the processing of the data transmitted in the course of sending an e-mail is art. 6 par. 1 letter f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 letter b DSGVO.
purpose of data processing
The processing of personal data that we have received by e-mail serves us solely to process the contact. This justifies the necessary legitimate interest in the processing of the data.
Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified.
Possibility of objection and removal
The user has the opportunity to revoke his consent to the processing of personal data at any time. In this case, all personal data stored in the course of the contact will be deleted and the conversation cannot be continued.
The objection must be sent to us by e-mail or in paper form (letter).
Contact via social networks, messengers and other platforms
Description and scope of data processing
We maintain online presences within social networks and other platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
In addition to e-mail, we use other digital means of communication such as messengers in order to communicate with and inform customers, interested parties and users. When using the respective means of communication, the terms and conditions and the data processing guidelines of their respective providers apply.
Unless otherwise stated in our data protection declaration, we process the data of the users insofar as they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
In this context, we do not pass on the data to third parties. The data will be used exclusively for processing the conversation. Please note that the data processing guidelines of the respective operators and providers may provide for data to be passed on to third parties.
The legal basis for data processing
The legal basis for data processing is Art. 6 Paragraph 1 letter a DSGVO.
The legal basis for the processing of data transmitted in the course of sending a message via a messenger is Art. 6 Paragraph 1 letter f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 letter b DSGVO.
purpose of data processing
The processing of personal data in the context of communication via social networks, messengers or other platforms serves us solely to process the contact. In the event of contact, this is also the necessary legitimate interest in the processing of the data.
Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collection. For personal data in the context of communication via social networks, messengers or other platforms, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the relevant facts have been conclusively clarified.
If the operators/providers of the social network, the messenger or other platform provide for special storage periods, these shall apply as the respective terms and conditions of the operators/providers were accepted with the use.
Alternatively, an objection is in principle also possible by e-mail or in paper form (letter).
All personal data stored in the course of contact will be deleted in this case.
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of users and stored there for later retrieval. Cookies can be small files or other types of information storage. Cookies contain characteristic character strings that enable the browsers to be uniquely identified.
We use so-called session cookies, which are only stored for the duration of the current visit to our website.
This is necessary to implement the functionality of our website. This is the only way, for example, to enable the storage of your login status or the shopping basket function and thus the use of our online offer at all.
A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store other data. Session cookies are deleted when you have finished using our online services and, for example, log out or close your browser.
We also use cookies on our website to analyse the surfing behaviour of users.
- Entered search terms
- Frequency of page views
- Use of website functions
The user data collected in this way is pseudonymised by technical precautions.
When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and are referred to this data protection declaration. In this context, a reference is also made to how the storage of cookies can be prevented in the browser settings.
The legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes is art. 6 par. 1 letter a DSGVO.
purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised even after a page change.
For example, the following applications require cookies:
- Login, shopping cart and order process in an online shop
- Saving language settings
- Saving currency settings in an online shop
- Marking search terms
The user data collected through technically necessary cookies will not be used to create user profiles.
The use of analysis cookies is made for the purpose of improving the quality of our website and its contents. Through the analysis cookies we learn how the website is used and can thus constantly optimise our offer. We use the Matomo analysis software for this purpose.
In these purposes we also have a justified interest in the processing of personal data in accordance with Art. 6 Paragraph 1 lit. f DSGVO.
Duration of storage, objection and removal possibility
Cookies are stored on the user's computer and are transmitted by the user to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Web analysis by Matomo (formerly PIWIK)
Description and scope of data processing
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse user behaviour. If individual pages of our website are called up, the following data are stored by the software:
- the first two bytes of the IPv4 address or the first six bytes of the IPv6 address of the user's calling system (anonymised form),
- the web page called up,
- the web page from which the user has reached the called up web page (referrer),
- the sub-pages called up from the called up web page,
- the time spent on the web page,
- the frequency of calling up the web page
The software runs exclusively on our own servers. The personal data of users is only stored there. The software is configured in such a way that IP addresses such as 123.456.789.123 or 2a01:4f8:191:5d00:136:243:202:140 are not stored completely, but the last two bytes of the IPv4 address or the last ten bytes of the IPv6 address are masked, so that an assignment of the shortened IP address 123.456.000.000 or 2a01:4f8:191:: to the calling computer is no longer possible.
The legal basis for data processing
The legal basis for the processing of users' personal data is Art. 6 Par. 1 letter f DSGVO.
The purpose of data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO. By anonymising the IP address, the interest of the users in their protection of personal data is sufficiently taken into account.
Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes.
Deletion is carried out monthly, i.e. after 31 days at the latest.
Possibility of objection and removal
We offer our users on our website the possibility of an opt-out from the analysis procedure. This involves setting a cookie on your system, which signals our system not to store the user's data. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.
For more information on the privacy settings of the Matomo software, please refer to the following link: https://matomo.org/docs/privacy/
Alternatively, users can use their browser to tell us not to perform an analysis. The do-not-track technology we use is a way for users to decide for themselves whether their behaviour is tracked by websites, advertising networks and social networks. If users have set their browser to "I don't want to be tracked", Mamoto will not record these visits.
You can find do-not-track instructions here:
- Mozilla Firefox
https://support.mozillaorg/en/kb/how-to-prevent-me-check-websites - Google Chrome
https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en - Safari
https://support.apple.com/en-en/guide/safari/sfri40732/mac - Microsoft Internet Explorer 11
https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track - Microsoft Edge (Windows 10)
https://privacy.microsoft.com/en/windows-10-microsoft-edge-and-privacy - Opera
http://help.opera.com/Windows/12.10/de/notrack.html
- Mozilla Firefox
newsletter
Description and scope of data processing
On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask (e-mail address, optionally name and company) is transmitted to us.
In addition, the following data is collected during registration: IP address of the calling computer as well as date and time of registration/activation of the subscription.
For the processing of the data, your consent will be obtained during the registration process and reference will be made to this privacy policy.
No data will be passed on to third parties in connection with the data processing for the sending of newsletters. The data will be used exclusively for sending the newsletter.
Legal basis for data processing
Legal basis for the processing of data after registration for the newsletter by the user is Art. 6 Paragraph 1 lit. a DSGVO.
purpose of data processing
The collection of the user's e-mail address serves to send the newsletter.
The collection of name and company name serves to personalise the newsletter.
The collection of other personal data within the scope of the registration process serves to prevent misuse of the services or the e-mail address used and as proof that you have subscribed to the newsletter.
Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collection. Accordingly, the user's e-mail address is stored for as long as the subscription to the newsletter is active. Due to the obligation to provide proof, this also applies to the other personal data collected during the registration process.
Possibility of objection and removal
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a link in every newsletter. This will also enable you to withdraw your consent to the storage of your personal data collected during the registration process.
Description and extent of data processing
aipi offers a video chat at the address aipi.tel. The open source software Jitsi Meet is used for the transmission of video and audio signals. Users communicate with each other using the WebRTC protocol. There is no end-to-end encryption. All users establish encrypted connections to the server. Encrypted transmission to the server is carried out using Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). On the server a decryption takes place, so that the data traffic on this would be basically visible. aipi does not store video and audio signals on the server, however.
For the video chat a web server is used. With each access, our server automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- the IP address of the user,
- date and time of access,
- the http request method (GET, POST etc.).),
- the amount of data transferred,
- websites from which the user's system accesses our website,
- the address of the page accessed, including data transferred by GET and
- information on the type of browser and version used as well as the user's operating system.
In the event of a security-relevant incident, all headers of the http communication between browser and server as well as the returned content of the server response are also logged.
The data is also stored in the log files of our system. A storage of these data together with other personal data of the user does not take place.
Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 letter f DSGVO.
purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be saved for the duration of the session.
Saving in log files is done to ensure the website's functionality. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
In these purposes is also our legitimate interest in the data processing according to Art. 6 para. 1 lit. f DSGVO.
Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of the storage of data in log files, this is the case after a maximum of fourteen days. It is possible to save the data beyond that. In this case, the IP addresses of the users are deleted or alienated, so that an allocation of the calling client is no longer possible.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.
video chat aipi.tel
State of the data protection declaration: 25 March 2020