Privacy Policy

1. Controller

2. Data Protection Officer

3. Types of data processed:

4. Purpose of processing

5. Legal basis for data processing

6. Cooperation with processors and third parties

7. Transfers to third countries

8. Cookies and right to object to direct advertising

9. Deletion of data

10. Provision of contractual services (webshops)

11. Use of blog functions / comments

12. Registration / email newsletter or online services

13. Online payment providers

14. Financial accounting

15. Contact via contact form / email / fax / mail

16. Contact by phone

17. Advertising mailings by mail (B2B)

18. Competitions

19. Collection of access data and log files

20. Online presence in social media

21. Google Analytics

22. Chatbot & Voicebot services

23. Google Remarketing Services

24. Facebook Buttons

25. Bing Ads

26. WIX (Content Management)

27. Newsletter

28. Web Hosting

29. Integration of Third-Party Services and Content

30. Rights of the Data Subject

31. Security Measures

32. Changes and Updates to the Privacy Policy

33. Disclaimer

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering"). With regard to the terms used, such as "personal data" or their "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

​

1. Controller

Sandro Curati – AI for You
Chattenpfad 35

65232 Taunusstein

Email: info@aiforu.de
Tel: +49 6128 9803642
 

2. Data Protection Officer

You can contact our data protection officer using the following contact details:

Sandro Curati – AI for You
Chattenpfad 35 65232 Taunusstein

Email: info@aiforu.de Tel: +49 6128 9803642
 

3. Types of Data Processed:

3.1 We process data in the following categories:

Inventory data (e.g., names, addresses);

Contact data (e.g., email, telephone numbers);

Content data (e.g., text entries, photographs, videos);

Contract data (e.g., subject matter of the contract, term, customer category);

Payment data (e.g., bank details, payment history);

Usage data (e.g., websites visited, interest in content, access times);

Meta/communication data (e.g., device information, IP addresses).

Employee data (e.g., cover letters and attachments to online applications)

3.2 Processing of special categories of data (Art. 9 (1) GDPR)

In principle, no special categories of data are processed unless they are provided for processing by the users, e.g., entered into online forms.

3.3. Categories of data subjects affected by processing

Employees / customers / prospective customers / suppliers / employees of customers and suppliers / visitors and users of the online offering. In the following, we refer to the data subjects collectively as "users."

4. Purpose of processing

Below you will find a list of the purposes of processing:

• Provision of the online offering, its contents and functions;

• Provision of contractual services, service and customer care;

• Answering contact requests and communicating with users;

• marketing, advertising and market research;

• Safety measures.

5. Legal basis for data processing

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Article 6 Paragraph 1 Sentence 1 Letter a) and Article 7 GDPR, the legal basis for processing to fulfill our services and Carrying out contractual measures and answering inquiries is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6 Paragraph 1 Clause 1 Letter c) GDPR, and The legal basis for processing to protect our legitimate interests is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Sentence 1 Letter d) GDPR serves as the legal basis.

6. Collaboration with processors and third parties

6.1. If, as part of our processing, we disclose data to other people and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this only takes place on the basis of legal permission (e.g. if the data is transferred to third parties, as to payment service providers, in accordance with Art. 6 Para. 1 Sentence 1 lit. b) GDPR is necessary for the fulfillment of the contract), you have consented, a legal obligation stipulates this or on the basis of our legitimate interests (e.g. when using agents, web hosts, Etc.).

6.2. If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

7. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or disclosure or transmission of data to third parties, this will only occur if it is done to fulfill our (pre-)contractual obligations, based on your consent (Art. 49 Para. 1a GDPR), on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level that corresponds to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”). The consent according to Art. 49 Paragraph 1 a) GDPR with regard to processing by Google, Facebook, Automattic in the USA when accessing our website is as follows:

"We use cookies in accordance with our data protection declaration linked below to process device information and personal data. This is used to integrate content, external services and elements from third parties, statistical analysis/measurement, personalized advertising and the integration of social media. Depending on the function, data is used passed on to and processed by third parties, including in the USA, with the risk of secret access by US authorities and use for surveillance purposes, possibly without any legal remedy. By clicking the "Accept all" button, you agree to the above use. 
This Consent is voluntary and can be revoked at any time using the "Cookie settings" link at the bottom of the footer of the website. When you click the "Reject all" button, only essential cookies that are necessary for the operation of the website are set. Links at the bottom via " "Advanced Settings" allows you to select in detail which cookies you want to allow."

8. Cookies and right to object to direct advertising

8.1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser places and saves on your computer. When you visit our website again, these cookies provide information to automatically recognize you. Cookies also include so-called “user IDs”, where user information is stored using pseudonymized profiles. When you access our website, we will inform you by referring to our data protection declaration about the use of cookies for the aforementioned purposes and how you can object to them or prevent them from being stored (“opt-out”).

A distinction is made between the following types of cookies:

• Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website in order to save certain functions of the website such as logins, shopping cart or user input, for example regarding the language of the website.
• Session cookies: Session cookies are required to recognize multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and to give you easier access to our site. When you close the browser or log out, the session cookies are deleted.
• Persistent cookies: These cookies remain stored even after the browser is closed. They are used to store the login, measure reach and for marketing purposes. These are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings.
• Third-party cookies (third-party cookies, especially from advertisers): According to your wishes, you can configure your browser settings and e.g. B. Decline to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all of the functions of this website. Read more about these cookies in the respective data protection declarations of the third-party providers.

8.2. Data categories: user data, cookies, user ID (including the pages visited, device information, access times and IP addresses).

8.3. Purposes of processing: The information obtained in this way serves the purpose of technically and economically optimizing our web offerings and enabling you to access our website more easily and securely.

8.4. Legal basis: If we process your personal data using cookies based on your consent (“opt-in”), then Art. 6 Paragraph 1 Sentence 1 Letter a) GDPR is the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that in this case Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR is the legal basis. The legal basis is also Article 6 Paragraph 1 Sentence 1 Letter b) GDPR if the cookies are set to initiate a contract, for example when placing orders.

8.5. The consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR when accessing our website is as follows:

"We and these third parties process your personal data and store or access information on your device (e.g. cookies, personal identifiers or IP addresses) in accordance with the data protection declaration linked below. This serves to integrate content, external services and elements from third parties , statistical analysis/measurement, personalized and interest-based advertising as well as the integration of social media. Depending on the function, usage and behavioral data are sent to third parties to create personal advertising profiles, including in the USA, with the risk of secret access by US authorities and the Use for monitoring purposes, possibly without any legal recourse, and processed by them. By clicking the "Accept all" button, you agree to the above use."

8.6. Storage period/deletion: The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended. Cookies are otherwise stored on your computer and transmitted from it to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

Here you can find information about deleting cookies by browser:

Chrome: https://support.google.com/chrome/answer/95647

Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen

Internet Explorer: https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies

Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies

8.7. Objection and “opt-out”: You can generally prevent cookies from being stored on your hard drive, regardless of consent or legal permission, by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can opt out of the use of third-party cookies for advertising purposes via a so-called “opt-out” via this American website ( https://optout.aboutads.info ) or this European website ( http://www.youronlinechoices.com/de /preference management/) . You can also revoke your consent at any time using the “Cookie Settings” link at the bottom of the footer of the respective website.

9. Deletion of data

9.1. The data we process will be deleted or its processing will be restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any legal retention obligations. Unless the data is deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or to data whose further retention is required for evidentiary purposes.

9.2. According to legal requirements, storage takes place in particular for 6 years in accordance with Section 257 Paragraph 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 Paragraph 1 AO (books, records, management reports , accounting documents, commercial and business letters, documents relevant to taxation, etc.).

10. Provision of contractual services (web shops)

10.1. We process inventory data (e.g. company, title/academic degree, names and addresses as well as contact details of users, email), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) in order to fulfill our contractual obligations (Knowing who the contractual partner is; justification, content and execution of the contract; checking the plausibility of the data) and services (e.g. contacting customer service) in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

10.2. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims (e.g. handing it over to a lawyer for debt collection) or there is a legal obligation to do so in accordance with Article 6 Paragraph 1 Sentence 1 Letter c) GDPR.

10.3. We can also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.

10.4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for inventory and contract data if the data is no longer required for the execution of the contract and claims can no longer be asserted under the contract because they have expired (standard limitation period: three years). Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, if the contract is terminated after three years, we will restrict processing, meaning your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

10.5. Obligation of confidentiality of the contractual partners when providing AI and automation services

10.5.1. The contractual partners undertake to keep all exchanged information, in particular economic information such as customer-related data, individual work results, price and financial data, secret from third parties and to take all necessary measures to prevent third parties from becoming aware of it and using it. They also require their respective employees to do this.

10.5.2. The contractual partners agree that the information will only be provided for the purpose of collaboration. The exchanged information may only be passed on to third parties if an agreement corresponding to this confidentiality obligation has been concluded with these third parties and their knowledge of the information is necessary for the execution of the contract.

10.5.3. The obligation of confidentiality and the prohibition of use do not apply to information that is obvious because it:

• are generally known,

• must be made accessible to authorities due to mandatory regulations,

• have been released in writing for publication by the transferring contractual partner,

• were already legally known and available to the recipient from their own development work or from a third party at the time of the information exchange.

The burden of proof regarding the obviousness of information for one or more of the aforementioned reasons lies with the user of this information. If secret information becomes lawfully disclosed, the confidentiality of this information expires.

10.5.4. The contractual partners will be informed of the criminal consequences (in particular in accordance with Section 203 of the Criminal Code) of a breach of duty of confidentiality.

11. Use of the blog functions / comments

11.1. In the future, you will be able to make public comments in our blog, where we publish various articles on topics on our website. Your comment will be published with your specified username in the post. We recommend using a pseudonym instead of your real name. Providing a username and email address is required; all other information is voluntary.

11.2. If you leave a comment, we will continue to store your IP address, which we will delete after 70 days. The storage is necessary for us to be able to defend ourselves against liability claims in the event of possible publication of illegal content. We need your email address in order to contact you if a third party should complain that your comment is illegal.

11.3. The legal basis is Article 6 Paragraph 1 Sentence 1 Letters b) and f) GDPR.

11.4. Comments are not checked before publication. We reserve the right to delete comments if they are criticized by third parties as being unlawful. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 Paragraph 1 Sentence 1 Letter c) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected or to carry out the contract because the contract has been terminated.

12. Registration / email newsletter or online services

12.1. On our website we offer users the opportunity to register (user account) by providing personal data (e.g. company, title/academic degree, names and addresses as well as contact details of users, email). The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. At the time of registration, the following data is also stored: the user's IP address, date and time of registration. We use the so-called double opt-in procedure for registration, i.e. your registration is only complete if you have previously confirmed your registration in a confirmation email sent to you for this purpose by clicking on the link contained therein. sent a fax with the confirmation. If you do not confirm this within 30 days, your registration will automatically be deleted from our database. Providing the aforementioned data is mandatory; you can provide any further information voluntarily by using our portal.

12.2. Registration of the user is necessary to fulfill a contract with the user (determining the identity of the contractual partner, data for contacting us) or to carry out pre-contractual measures. The legal basis for processing the data when registering is to fulfill a contract to which the user is a party or to carry out pre-contractual measures Art. 6 Paragraph 1 Sentence 1 Letter b) GDPR.

12.3. If necessary, we analyze using information from the service provider maxmind inc. 14 Spring Street, 3rd Floor, Waltham, MA 02451, USA ( https://www.maxmind.com/de/privacy_policy ) Your IP in terms of origin (GeoIP) and whether it is a proxy (Proxyscore). The circumstance and result of our request will be stored in your user account for the duration of the contractual relationship. The storage is based on our legitimate interests, as well as the user's protection against misuse/fraud and other unauthorized use. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.

12.4. As a user, you have the opportunity to change the data stored about you at any time. If the data is necessary to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible unless contractual or legal obligations prevent deletion. In this case, the regulations for the provision of contractual services apply under No. 10.

13. Online payment providers

13.1. When paying via “Paypal”, billing is carried out via PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg, Web: paypal.de, https://www.paypal.com/ de/webapps/mpp/ua/privacy-full ., by Visa, https://www.visa.de/datenschutz , Mastercard, https://www.mastercard.de/de-de/datenschutz.html or American Express , https://www.americanexpress.com/de/content/privacy-policy-statement.html . Hereafter referred to as “online calculator”. The online billers collect, store and process the user's usage and billing data to determine and bill the service they use. The data entered into the online calculators will only be processed and stored by them. If the online billers cannot or only partially collect the usage fees or the online billers fail to do so due to a complaint from the user, the usage data will be passed on by the online billers to the person responsible and the user may be blocked by the person responsible . The same also applies if, for example, a credit card company reverses a user's transaction at the expense of the provider.

13.2. The legal basis is Article 6 Paragraph 1 Letter b) GDPR, as the processing is necessary for the person responsible to fulfill a contract. In addition, external online billers are used on the basis of Article 6 Paragraph 1 Sentence 1 Letter f) GDPR for the legitimate interests of the person responsible in order to be able to offer the user the most secure, simple and diverse payment options possible.

13.3. With regard to the storage period, revocation, information and data subject rights, we refer to the above data protection declarations of the online billing companies.

14. Financial accounting

14.1. As part of financial accounting and statutory archiving obligations (GoBD), we process the same data that we use as part of the provision of our contractual services in accordance with No. Process 10. The legal basis is Article 6 Paragraph 1 Sentence 1 Letters c) and f) GDPR. This affects customers, interested parties and users of our online offering. The purpose of the processing is the commercial and tax law obligation for financial accounting and archiving of data. We also have a legitimate interest in maintaining our business activities and proper office organization. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities under No. 10.

14.2. This data will be passed on to the following third parties: to the tax office/financial auditor and tax advisor as well as to other authorities, insofar as there is a legal obligation to do so.

15. Contact via contact form / email / fax / post

15.1. When you contact us via contact form, fax, post or email, the user's details are processed for the purpose of processing the contact request.

The legal basis for processing the data, if the user has given his consent, is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. The legal basis for the processing of data transmitted in the course of sending an email, letter or fax is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. The person responsible has a legitimate interest in processing and storing the data in order to be able to answer user inquiries by email, letter or fax, to preserve evidence for liability reasons and, if necessary, to be able to fulfill his legal retention obligations for business letters. If the e-mail/post/fax contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.

When contacting us via a contact form, your declaration of consent according to Art Processing my request. You can revoke your consent at any time.”

15.2. User information can be stored in our customer relationship management system (“CRM system”) or comparable inquiry organization.

15.3. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified. We permanently store inquiries from users who have a user account and refer to the registration information section for deletion. 13 or provision of contractual services No. 10. In the case of legal archiving obligations, deletion takes place after their expiry (end of the commercial law (6 years) and tax law (10 years) retention obligation).

15.4. You have the option at any time to revoke your consent to the processing of personal data in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.

16. Contact by telephone

16.1. When contacting us by telephone, the user's telephone number is processed and temporarily stored or displayed in the RAM/cache of the telephone device/display in order to process the contact request and process it. The data is stored for liability and security reasons, to provide evidence of the call, and for economic reasons to enable a callback. In the case of unauthorized advertising calls, we block the phone numbers.

16.2. The legal basis for processing the telephone number is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR.

16.3. The device cache stores the calls for 30 days and gradually overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory may be destroyed. Blocked telephone numbers are checked annually to determine whether blocking is necessary.

16.4. You can prevent the phone number from being displayed by calling with the phone number hidden by default.

17. Anyone who receives emails by post (B2B)

17.1. We also use postal advertising to potential customers for direct advertising. We process and store the following data: company, title/academic degree, profession, title, name, address. The mailings are sent by a letter shop in Germany with which there is an agreement for order processing in accordance with Art. 28 GDPR. Otherwise, the data will not be passed on to third parties.

17.2. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR (or before May 25, 2018: Section 28 Paragraph 3 Sentence 2 BDSG old version).

17.3. The purpose of using mailings is to acquire new B2B customers for our company. Our legitimate interest in processing personal data in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR also lies in this purpose. This is based on the following balancing of interests:

• Recital (EC) 47 GDPR must be used for the balancing: “The processing of personal data for the purpose of direct advertising can be viewed as processing serving a legitimate interest.” In addition, EC 47 GDPR specifies “the reasonable expectations of the data subjects” with regard to the balancing of interests , which are based on their relationship with the person responsible. In order to determine the reasonable expectations of the data subject, Articles 13 and 14 GDPR must be used. In addition, according to EC 47 GDPR, it must be taken into account whether the data subject is already a customer of the controller or uses its services. Finally, the “Principles for the processing of personal data” in accordance with Art. 5 GDPR must also be used.

• We offer services and products for small and medium-sized businesses interested in the use of artificial intelligence, IT, marketing and automation. These help our customers to acquire new customers themselves, achieve more sales with existing customers or simplify their processes. It can therefore generally be assumed that customers will find our offers useful. We are interested in advertising to new customers who are not yet existing customers. It is to be expected that new customers will also find the offers useful (“reasonable expectations of the people concerned”).

• The interest in direct advertising is also supported by the focus on B2B customers, where the selection criteria are based on information about the company, e.g. small and medium-sized companies and not individuals. No data is collected from the customers' personal environment or from special categories in accordance with Art. 9 Para. 1 GDPR. Likewise, no information from other sources such as social networks is taken into account or so-called advertising scores are created. The lack of aggregation of selection criteria means a low intensity of intervention.

• Companies that want to be accessible to their customers and also offer interesting offers usually make their contact information public. Therefore, our direct advertising measures are primarily used for offers to acquire customers from those affected. Entrepreneurs can therefore expect their data to be used for marketing purposes due to the publication of their contact details for contact purposes.

• We therefore also research the addresses from publicly accessible sources/directories or company homepages. No additional data will be stored.

• In contrast, the person concerned has little interest in not receiving direct advertising from us as a company that has not previously contracted with them. Industry-specific B2B letter advertising only has a minor impact on company processes and generally suggests that those affected are interested in it. It should also be taken into account that the people or companies affected by postal advertising can stop the advertising mail by putting a notice on the mailbox stating that they do not want to receive advertising letters, since the postmen are generally instructed to send advertising letters marked as “Dialogpost”. not to be delivered. This means that any burden on the office organization caused by those affected can easily be avoided in advance. Due to the fact that direct mail is paid, direct mail is generally smaller in number than electronic mail and is therefore less burdensome. Finally, there is a right to object at any time in accordance with Art. 21 Para. 2 GDPR, which must be expressly pointed out to those affected in accordance with Art. 21 Para. 4 GDPR. According to Art. 21 Para. 3 GDPR, personal data may no longer be processed or used for advertising purposes if there is an objection to advertising. Based on the previous considerations, the interest of the data subjects or companies in excluding data processing does not outweigh this.

 

 

17.4. The data will be deleted as soon as it is no longer necessary to achieve the purpose or the data subject objects to the processing.

17.5. Objection to advertising: You can object to the processing of your personal data for advertising purposes at any time. Your objection can be made by email, fax or post to the contact details above.

18. Competitions

18.1. In order to carry out competitions, the email address is saved for contacting us and, if you win, the address details are saved so that the prize can be sent. The address data can be passed on to a shipping service provider. The data will not be passed on to third parties in any other way.

18.2. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.

18.3. The data will be deleted 2 months after the winner has been determined.

19. Collection of access data and log files

19.1. Based on our legitimate interests within the meaning of Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider .

19.2. Log file information is stored for security reasons (e.g. to investigate hacker attacks, misuse or fraud) for a maximum of 60 days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

20. Online social media presence

20.1. We maintain profiles or fan pages on social media. When you use and access our profile in the respective network, the respective data protection information and terms of use of the respective network apply.

20.2. Data categories and description of data processing: usage data, contact data, content data, inventory data. Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (particularly if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

We are jointly responsible for our fan page with Facebook, Instagram, Twitter (X) in accordance with Art. 26 GDPR. For this purpose, an agreement called “Information on Page Insights”, available at https://www.facebook.com/legal/terms/page_controller_addendum, was concluded, according to which Facebook must observe certain security measures and will also directly fulfill the rights of those affected. Above all, you can contact Facebook directly about your rights to information and deletion.

This does not affect your data subject rights, such as information, deletion, objection and complaint to the responsible supervisory authority. For more information about shared responsibility, see “Page Insights Data Information” at https://www.facebook.com/legal/terms/informationaboutpageinsightsdata. In the case of requests for information and the assertion of the rights of those affected, we would like to point out that these can also be asserted directly on Facebook. 

Since Instagram, like Facebook, belongs to the Meta Group, the group's common data protection policy is available for all services at https://privacycenter.instagram.com/policy/ , which concerns the processing of your data if you have either a Facebook profile or Instagram Visit our company's profile and use the link on our website. In addition, the standard contractual clauses for commercial use apply https://www.facebook.com/legal/commercial_terms . We expressly point out that when using these services, Twitter (X) data can also be processed outside the EU. Please also note this on Instagram https://privacycenter.instagram.com/policies/data_privacy_framework/ and on Twitter (X) https://twitter.com/de/privacy .

20.3. Purpose of processing: communication with users connected and registered on social networks; Information and advertising for our products, offers and services; Representation and image cultivation; Evaluation and analysis of the users and content of our social media presence.

20.4. Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above purposes in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. If you have given us or the person responsible for the social network your consent to the processing of your personal data, the legal basis is Article 6 Paragraph 1 Sentence 1 Letter a) in conjunction with Article 7 GDPR. 

20.5. Data transmission/recipient category: Social network.

20.6. The data protection information, information options and objection options (opt-out) of the respective networks/service providers can be found here:

• Facebook – service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Website: www.facebook.com ; 

  • Data protection declaration: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com ;

  • Objection: https://www.facebook.com/help/contact/2061665240770586; Agreement on joint

  • Processing of personal data on Facebook pages (Art. 26 GDPR): https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for

  • Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data .

  • ​Twitter (X) https://twitter.com/de/privacy .

 

21. Google Analytics

21.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 Sentence 1 Letter f) GDPR), we use Google Analytics, a web analysis service from Google LLC (“Google”). ) a. If we obtain consent for use, Art. 6 Para. 1 lit. a) GDPR is the legal basis. The storage of and access to information in the end user's device is carried out in accordance with Section 25 Paragraph 1 TTDSG. With regard to the use of the data, there is a joint responsibility for data processing between Google and us in accordance with Article 26 GDPR. We have agreed with Google that we assume primary responsibility for processing the data in accordance with the GDPR and that we will fulfill all obligations under the GDPR with regard to the processing of the data (including Art. 12, 13 GDPR, Art. 15 to 22 GDPR and Art . 32 to 34 GDPR). We have also concluded an order processing contract with Google (Art. 28 GDPR) and, for example, deactivated all data sharing in the settings.

 

21.2. Google Analytics typically uses cookies. The information generated by the cookie about the user's use of the online offering is usually transmitted to a Google server in the USA and stored there. We have therefore reprogrammed the Google Analytics code so that it no longer sets cookies. We also technically prevent the creation and merging of user profiles. We also load the analytics.js file directly from our own server instead of from Google. Google Analytics does not use any “cookies” in this integration, but instead uses our own, anonymous and non-resolvable ID (“ClientId”) without personal reference, which we created and which is usually transferred to a Google server in the USA and stored there. In addition, Google Analytics cannot combine statistical data beyond the boundaries of the website with data from other websites.

 

21.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and internet usage. 

 

21.4. We use Google Analytics to show the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products) based on the information they visit websites) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads match the potential interest of users and do not appear annoying.

 

21.5. We only use Google Analytics with IP anonymization activated. This means that the user's IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

​

21.6. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offering and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https:// tools .google.com/dlpage/gaoptout?hl=de .

 

21.7. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link . An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

 

21.8. Further information on data usage by Google, settings and objection options can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when you use websites or apps our partners"), https://policies.google.com/technologies/ads ("use of data for advertising purposes"), https://adssettings.google.com/authenticated ("manage information that Google uses to show you advertising ").

9/21 The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

​

22. Chatbot Services

22.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 Sentence 1 Letter f) GDPR), we use a chatbot that runs via the Voiceflow platform (www.voiceflow.com ) is hosted. Data is processed in accordance with the EU GDPR directive. Data will be transferred to Canada, Voiceflow's headquarters, but will also be transferred to other countries where Voiceflow hosts servers within the scope of legal permissibility and guidelines.

Details on data processing of personal data with Voiceflow can be found herehttps://www.voiceflow.com/gdpr

22.2 Voiceflow may transfer personal data to countries outside the European Economic Area (EEA) or to third parties located in such countries. In such cases, Voiceflow will ensure that appropriate safeguards such as standard contractual clauses or security certifications are in place to protect the data and ensure its secure transmission in accordance with the requirements of the General Data Protection Regulation (GDPR). Voiceflow is committed to protecting the privacy and rights of individuals regarding their personal information. By adhering to the principles of transparency, accountability and data protection, we strive to maintain the trust of our users and partners. This GDPR Compliance Statement will be updated as necessary to ensure ongoing compliance with changing regulations and standards. We have also agreed on so-called standard data protection clauses with Voiceflow, the purpose of which is to maintain an appropriate level of data protection.

​

22.3 Stack AI
Please note that we can use other platforms to display the virtual AI assistants and chatbot experiences on this website and to provide our services.  StackAI (www.stack-ai.com) is also GDPR compliant, information about this can be found here: https://www.stack-ai.com/blog/gdpr-announcement, and here https://www.stack- ai.com/privacy.

22.4. Airtable
Please note that we can use other platforms to display the virtual AI assistants and chatbot experiences on this website and to provide our services.  Airtable (www.airtable.com) is also GDPR compliant, information about this can be found here: https://support.airtable.com/docs/gdpr-at-airtable.

22.5. Google Cloud
We also use Google Cloud to display our chatbot services, with corresponding enterprise accounts. The Google Cloud Declaration of Conformity for GDPR can be found here: https://cloud.google.com/privacy/gdpr?hl=de

22.6. Twilio
If you use SMS and mobile or voice call notification services through our AI agents and chatbots, Twilio is our partner. Twilio is also GDPR compliant: https://www.twilio.com/de-de/gdpr.
22.7. Manychat
We use Manychat to translate our AI assistants to services such as Whatsapp and Instagram, as well as Facebook Messenger. We have entered into a data processing agreement with Manychat. Manychat processes your data under GDPR as follows: https://manychat.com/legal/privacy, https://manychat.com/legal/dpa.

 

22.8 Voicebot Services

22.9. Use of Voice AI
We use voice AI systems (so-called voicebots) based on our legitimate interests (Art. 6 (1) (f) GDPR), to fulfill contractual obligations (Art. 6 (1) (b) GDPR), and, where necessary, with your consent (Art. 6 (1) (a) GDPR). The voicebots enable telephone or voice-supported interaction with our company.

22.9.1 Data Processed
The following types of data are processed in particular during use:
-Voice and audio data (spoken content, voice recordings, voice transcripts)
-Metadata of the communication (e.g., telephone number, IP address, time, duration, connection status)
-Conversation logs, chat or call logs
-Personal data provided voluntarily (e.g., name, request, contact details)

22.9.2 Providers and Sub-Processors

​

Technical delivery of the voicebot services is carried out via Vapi (Superpowered Labs Inc., USA) and additionally through Voiceflow (Canada). Further sub-processors may be involved in service delivery, in particular:

​

​

​

​

​

​

​

​

​

​

​

​

• AI / LLM Providers: OpenAI (Azure EU Cloud, our standard LLM), Anthropic/Claude (USA), TogetherAI, Perplexity, DeepInfra, Anyscale

• Speech and Transcription Services: Azure EU, Deepgram (EU API), fallback voice service ElevenLabs (GDPR compliant)

• Telecommunications Providers: Twilio, Vonage, Daily.co (all USA)

• Infrastructure / Networking: Azure (USA and EU), Cloudflare (USA), Supabase (USA), BetterStack (Czech Republic), Sentry (USA)

An up-to-date list of subprocessors can be provided upon request.

​

22.9.2. Data transfer to third countries
Some processing takes place in third countries outside the European Economic Area (in particular the USA). These transfers are based on standard contractual clauses (SCCs) of the EU Commission and additional technical and organizational measures to ensure an adequate level of data protection (Article 46 GDPR).

22.9.3. Storage and Deletion
Conversation content is not stored for the providers' training purposes. However, conversation logs, transcripts, or recordings may be stored if necessary to fulfill the services or legal obligations.
Please note: Although personal data can generally be deleted, complete deletion in the context of AI/LLM models that have already been processed is not technically possible in all cases, as their functionality precludes the subsequent removal of individual entries.

22.9.4. Legal basis for processing
-Contractual performance (Art. 6 (1) (b) GDPR)
-Legitimate interests (Art. 6 (1) (f) GDPR, in particular efficient customer communication and support)
- Consent (Art. 6 (1) (a) GDPR, e.g., when additional data is voluntarily provided or for marketing purposes)

22.9.5 Your rights
Under the GDPR, you have, in particular, the right to information (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). To exercise your rights, please contact us at: info@aiforu.de

22.9.6 Transparency according to the EU AI Act
In accordance with Art. 52 of the EU AI Act, we expressly inform you that you are interacting with an AI system. You can terminate the communication at any time or request forwarding to a human contact person.

22.9.7 No automated decision-making with legal effect
The voice bots used do not make legally binding decisions. Decisions with legal or significant effects for data subjects are made exclusively by natural persons.