The controller responsible for this website is
AICI GmbH
Max-Scheler Straße 16
50395 Cologne
Germany
managing director: Anna Ludmann
Entry in: Handelsregister,
Register Number: HRB 116132
Register Court: Amtsgericht Köln
telephone number: +49 (0) 89 92742185
email address: contact@aici.de
Our website is hosted externally by STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin. The personal data collected on this website are stored on the servers of the hoster(s). These may include IP addresses, contact requests, metadata and communications, contract information, contact information, names and other data generated through a web site.
This data is processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of Art. 6(1)(f) GDPR or on your consent (Art. 6(1)(a) GDPR) provided that this has been requested; consent may be revoked at any time.
Every time the website content is accessed, data that may possibly allow identification is temporarily stored. The following data is collected in this process:
The temporary storage of data is necessary for the course of a website visit to enable the website to be delivered. Further storage in log files is done to ensure the functionality of the website and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes.
The data is processed on the basis of Art. 6(1)(f) GDPR.
Every time a web shop transaction is initiated, data that may possibly allow identification is temporarily stored. The following data is collected in this process:
The temporary storage of data is necessary for processing the order and enabling its fulfillment. Further storage in our order management systems is performed to ensure accurate order execution, efficient customer support, and compliance with legal record-keeping obligations.
The data is processed on the basis of Art. 6(1)(b) GDPR.
We store all our data in MySQL database hosted on AWS EC2 as well as AWS RDS.
For Site APP and other apps, we use AWS S3 bucket object storage.
Every time a enquiry is sent via our website with the function "Enquire", the following data is processed and stored:
The temporary storage of data is necessary for processing the enquiry. Our legitimate interest in data processing also lies in these purposes.
This data is processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of Art. 6(1)(f) GDPR or on your consent (Art. 6(1)(a) GDPR) provided that this has been requested; consent may be revoked at any time.
Every time a job applications is sent via our website with the function "Careers", the following data is processed and stored:
The temporary storage of data is necessary for processing the job applications. Our legitimate interest in data processing also lies in these purposes.
This data is processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of Art. 6(1)(f) GDPR or on your consent (Art. 6(1)(a) GDPR) provided that this has been requested; consent may be revoked at any time.
We offer the option of processing the payment transaction through the payment service provider Stripe, ℅ Legal Process, 510 Townsend St., San Francisco, CA 94103 (Stripe). Our legitimate interest in data processing also lies in these purposes. In this context, we pass on the following data to Stripe, insofar as it is necessary for the fulfillment of the contract (Art. 6(1)(b) GDPR):
The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot make a payment via Stripe.
Stripe has a dual role as controller and processor for data processing activities. As controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (Art. 6(1)(f) GDPR) and serves the execution of the contract (Art. 6(1)(b) GDPR). We have no influence on this process.
Stripe acts as a processor to complete transactions within the payment networks. Within the scope of the processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities in which Stripe processes personal data of individuals in the EU. These measures are based on the EU standard contractual clauses (SCCs).
Further information on objection and removal options vis-à-vis Stripe can be found at: https://stripe.com/privacy-center/legal
Our websites do not use cookies.
The data is deleted as soon as it is no longer required for the purpose for which it was collected. When the website is provided, this is the case when the respective session has ended. The log files are stored for a maximum of 24 hours and can only be accessed by administrators. After that, they are only available indirectly through the reconstruction of backup tapes and are permanently deleted after a maximum of four weeks.
You can request information about the personal data concerning you that we process in accordance with Article 15 of the GDPR.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) of the GDPR, including profiling based on those provisions. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are essential for the operation of the website.
If the information concerning you is no longer accurate, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
You can request the deletion of your personal data in accordance with Art. 17 of the GDPR.
According to Art. 18 GDPR, you have the right to request a restriction of the processing of your personal data.
If you believe that the processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your own choice in accordance with Article 77 (1) of the GDPR. This also includes the data protection supervisory authority responsible for the controller: State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia https://www.ldi.nrw.de/kontakt/ihre-beschwerde.
In the event that the conditions of Art. 20 (1) of the GDPR are met, you have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or to third parties. The collection of data for the provision of the website and the storage of the log files are essential for the operation of the website. They are therefore not based on consent pursuant to Article 6(1)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, but are justified pursuant to Article 6(1)(f) of the GDPR. The requirements of Article 20(1) of the GDPR are therefore not met in this respect.