Privacy Policy

We welcome you to our website and appreciate your interest. The protection of your personal data is important to us. That is why we conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. Below, we would like to inform you about which data from your visit is used for which purposes.

1. Controller for processing according to GDPR

The data controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

AVENTOS Management GmbH

Geschwister-Scholl-Straße 5

10117 Berlin

info@aventos.group

+49 30 221841650

https://aventos.group/

Data protection officer

Nils Möllers

Keyed GmbH

Siemensstraße 12

48341 Altenberge, Westfalen

info@keyed.de

+49 (0) 2505 – 639797

https://keyed.de

2. What are personal data?

The term “personal data” is defined in the Federal Data Protection Act and in the EU GDPR. According to these definitions, personal data is any information relating to the personal or material circumstances of an identified or identifiable natural person. This includes, for example, your real name, your address, your telephone number, or your date of birth. Find out more about what data protection is exactly here.

3. Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is collected, processed, or used when you use our websites. However, we do obtain certain technical information through the use of analysis and tracking tools based on the data transmitted by your browser (e.g., browser type/version, operating system used, websites visited on our site, including length of stay, previously visited website). We evaluate this information for statistical purposes only.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

4. Use of cookies

The websites of AVENTOS Management GmbH use cookies. Cookies are data that are stored by the Internet browser on the user's computer system. Cookies can be transmitted to a page when it is accessed, thus enabling the identification of the users. Cookies help to simplify the use of websites for users.

It is possible to object to the setting of cookies at any time by changing the settings in the Internet browser. Cookies that have been set can be deleted. Please note that if cookies are deactivated, it may not be possible to use all the functions of our website to their full extent. The user data collected in this way is pseudonymized by technical measures. This means that it is no longer possible to assign the data to the user who accessed the website. The data is not stored together with other personal data of the users. When visiting our website, users are informed about the use of cookies for analysis purposes via an information banner and referred to this privacy policy. In this context, there is also a note on how to prevent the storage of cookies in the browser settings. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR, provided that the users have given their consent. Please refer to our cookie banner and our information in this privacy policy to find out whether and to what extent cookies are used on our website.

5. CookieFirst

Description and purpose

We use the CookieFirst service provided by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands. CookieFirst is a cloud-based consent management platform (CMP) and is used to manage cookies and similar technologies on our website. The consent management tool allows users to decide which cookies may be set when they first visit the website.

CookieFirst processes information about your consent (e.g., abbreviated IP address, time and scope of consent or refusal, device used, browser information). The purpose is to obtain, document, and manage consent in accordance with the GDPR and TTDSG, as well as to correctly display the cookie banner when the website is accessed.

Legal basis

The use of CookieFirst is based on Art. 6 (1) (c) GDPR (legal obligation to manage consent) and Art. 6 (1) (f) GDPR (legitimate interest in legally compliant website operation).

Recipient

The recipient of the data is Digital Data Solutions B.V. (Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands).

Transfer to third countries

As a matter of principle, no data is transferred to third countries. Nevertheless, data transfer to a third country can never be completely ruled out. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 et seq. GDPR. If you have any questions, please contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17 (1) GDPR.

Contractual and legal obligation

Furthermore, personal data must be provided if we are legally obliged to collect it (or) if the provision of this data is necessary to achieve compliance with a legal obligation. The legal obligation is determined by Union law or the law of the Member States to which the data controller is subject. Failure to provide the data would mean that compliance with a legal obligation cannot be fulfilled.

Further privacy notes

Further information on the processing of your personal data can be found here: https://cookiefirst.com/legal/privacypolicy/_gl=1*j3bfkr*_up*MQ..*_ga*MTY1MTY4MjYzOS4xNzU2MTkyOTA3*_ga_Y2P3JXV84S*czE3NTYxOTc4OTMkbzIkZzAkdDE3NTYxOTc4OTMkajYw

6. Google Fonts

Description and purpose

We use Google Fonts (Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). These web fonts are integrated via a server call when you visit our website and the IP addresses of the browsers on the end devices are stored.

The service is used to display fonts in a uniform manner. Fonts are loaded from Google servers. In doing so, Google processes your IP address and other technical data (e.g., browser and device information) in order to provide the fonts. The purpose is to ensure the visually appealing and consistent design of our website.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. Where necessary, we have concluded appropriate safeguards within the meaning of Art. 46 (2) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, which ensure the protection of personal data.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to erasure within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) p. 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://www.google.com/policies/privacy

7. Google Tag Manager

Description and purpose

We use Google Tag Manager (Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. Google Tag Manager allows us to manage website tags via an interface and is a cookie-free domain that does not collect any personal information but can trigger other tags that collect data. Google pseudonymizes the data and the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. Where necessary, we have concluded appropriate safeguards within the meaning of Art. 46 (2) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

Revocation

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=de&gl=de

8. SalesViewer® technology

Description and purpose

On this website, data is collected and stored for marketing, market research, and optimization purposes using SalesViewer® technology from SalesViewer® GmbH, Bongardstraße 29, 44787 Bochum, Germany, based on the consent and legitimate interests of the website operator. For this purpose, a JavaScript-based code is used to collect company-related data and information about its use. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify visitors to this website. You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent SalesViewer® from collecting data on this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will need to click on this link again.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR, provided that personal identification is made. If only pseudonymized data is collected, Art. 6 (1) (f) GDPR is the legal basis. The legitimate interest then lies in marketing and market research in order to optimize our own activities.

Recipient

The recipient of your personal data is SalesViewer® GmbH, Bongardstraße 29, 44787 Bochum, Germany.

Transfer to third countries

Your personal data will not be transferred to a third country. However, we are aware of our responsibility and regularly review the framework conditions and legal changes. In the event of a transfer to a third country, we will update this information as soon as possible.

Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to erasure within the meaning of Art. 17 (1) GDPR.

Revocation and objection

If Art. 6 (1) (f) is the legal basis for data processing, you have the right to object to the processing of your personal data at any time in accordance with Art. 21 (1) GDPR. If you exercise this right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://www.salesviewer.com/datenschutz

9. Creation of log files

Each time the website is accessed, AVENTOS Management GmbH collects data and information using an automated system. This is stored in the server's log files. The data is also stored in our system's log files. This data is not stored together with other personal data of the users.

The following data may be collected:

Information about the browser type and version used
The user's operating system
The user's Internet service provider
The user's IP address
Date and time of access
Websites from which the user's system accesses our website (referrer)
Websites accessed by the user's system via our website

10. Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After expiry of this period, the data is routinely deleted, unless it is necessary for the initiation or performance of a contract.

11. Contact opportunities

The AVENTOS Management GmbH website features a contact form that can be used to contact us electronically. The contact form is provided by Klickpark GmbH & Co. KG. Alternatively, you can contact us via the email address provided. If the data subject contacts the data controller via one of these channels, the personal data transmitted by the data subject will be stored automatically. The storage serves solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the users have given their consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the users has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

12. Newsletter

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the data controller. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else's email address. When registering for the newsletter, the IP address of the users as well as the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data will not be passed on to unauthorized third parties. However, data may be transferred to relevant service providers for the purpose of sending the newsletter. An exception to this is when there is a legal obligation to pass on the data. The data will be used exclusively for sending the newsletter. The data subject can unsubscribe from the newsletter at any time. Consent to the storage of personal data can also be revoked at any time. For this purpose, a corresponding link is provided in each newsletter. The legal basis for the processing of data after the user has subscribed to the newsletter is Art. 6 (1) (a) GDPR, provided that the user has given their consent. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 (3) UWG.

Our newsletter is operated by HubSpot.

13. HubSpot

Description and purpose

We use HubSpot (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland) for our online marketing activities (in particular newsletters). This is an integrated software solution that we use to cover various aspects of our online marketing. These include, among other things:

Email marketing (newsletters and automated mailings, e.g., to provide downloads), social media publishing & reporting, reporting (e.g., traffic sources, hits, etc.), contact management (e.g., user segmentation & CRM), landing pages, and contact forms.

Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as the content of our website, is stored on servers belonging to our software partner HubSpot. We may use this information to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing activities.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) (consent for live chat, newsletter, and other performance measurements) and (f) GDPR. Our legitimate interest in using this service is to optimize our customer service and manage our contact data.

Recipient

The recipient of your personal data is HubSpot (2nd Floor 30 North Wall Quay, Dublin 1, Ireland).

Transfer to third countries

It cannot currently be ruled out that personal data may be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) has been in place for the US since July 10, 2023. The parent company Hubspot Inc. has the appropriate certification under the EU-US Data Privacy Framework, which is why there is an adequacy decision for third-country transfers to the USA to HubSpot Inc.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure within the meaning of Art. 17 (1) GDPR.

Revocation and objection

In cases of processing based on Art. 6 (1) (a) GDPR, you have the right to revoke your consent at any time, cf. Art. 7 (3) p. 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

In cases of processing based on Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data at any time in accordance with Art. 21 (1) GDPR. If you exercise this right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here: https://legal.hubspot.com/privacy-policy

14. Routine deletion and blocking of personal data

The data controller processes and stores the personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. As soon as the purpose of storage no longer applies or a storage period prescribed by the aforementioned provisions expires, the personal data is routinely blocked or deleted.

15. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the data controller:

Right of access by the data subject acc. To Art. 15 GDPR

You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the data controller:

the purposes for which the personal data is processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom your personal data has been or will be disclosed;
the planned duration of storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the data controller or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

You have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification acc. to Art. 16 GDPR

You have the right to obtain from the data controller the rectification and/or completion of your personal data if the personal data processed concerning you is inaccurate or incomplete. The data controller shall rectify the data without delay.

Right to erasure acc. to Art. 17 GDPR

(1) You may request that the data controller erase your personal data without undue delay, and the data controller is obliged to erase this data without undue delay if one of the following reasons applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you has been processed unlawfully.
The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the data controller is subject.
The personal data concerning you has been collected in relation to the services offered by information society services pursuant to Art. 8 (1) GDPR.

(2) If the data controller has made your personal data public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the data controller shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

(3) The right to erasure does not apply if the processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defense of legal claims.

Right to restriction of processing acc. to Art. 18 GDPR

You may request the restriction of the processing of your personal data under the following conditions:

if you contest the accuracy of your personal data for a period enabling the data controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
the data controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims; or
you have objected to processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the data controller override your grounds.

If the processing of your personal data has been restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

Notification obligation regarding rectification or erasure of personal data or restriction of processing acc. to Art. 19 GDPR

If you have asserted your right to rectification, erasure, or restriction of processing against the data controller, the data controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the data controller about these recipients.

Right to data portability acc. to Art. 20 GDPR

You have the right to receive your personal data that you have provided to the data controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data was provided, provided that

the processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR, and
the processing is carried out using automated procedures. In exercising this right, you also have the right to have your personal data transferred directly from one data controller to another, where technically feasible. This shall not adversely affect the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Right of objection acc. to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures using technical specifications, irrespective of Directive 2002/58/EC.

Right to revoke the declaration of consent under data protection law pursuant to Art. 7 (3) GDPR

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.

Right to lodge a complaint with a supervisory authority acc. to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

16. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary

for entering into or performing a contract between you and the data controller,
is authorized by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in a. and c., the data controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.

17. Integration of other third-party services and content

Description and purpose

It may happen that third-party content, such as videos, fonts, or graphics from other websites, is integrated into this online offering. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore necessary for the display of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence on whether third-party providers store the IP address for statistical purposes, for example. To the extent that we are aware of this, we inform users accordingly. We use these integrations to provide and improve our online offering.

Legal basis

The legal basis for the integration of other third-party services and content is Art. 6 (1) (f) GDPR. Our overriding legitimate interest lies in the intention to present our online presence in an appropriate manner and to provide user-friendly and economically efficient services on our part. For further information, please refer to the respective data protection information of the providers.

Contractual or legal obligation to provide personal data

The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide personal data. However, failure to provide such data may mean that you cannot use this function or cannot use it to its full extent.

18. Google Ads and conversion tracking

Description and purpose

In order to draw attention to our current projects and developments, planned activities, and services, we place Google AdWords ads and use Google conversion tracking as part of this. Google AdWords (Google Ads) is a service provided by Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). These ads are displayed on websites in the Google advertising network based on search queries. We have the option of combining our ads with specific search terms. We also use AdWords remarketing lists for search ads. This allows us to tailor search ad campaigns to users who have already visited our website. These services allow us to combine our ads with specific search terms or to show ads to previous users in which, for example, services that users have viewed on our website are advertised. An analysis of online user behavior is necessary for interest-based offers. Google uses cookies to perform this analysis. When you click on an ad or visit our website, Google places a cookie on the computer of the User. This information is used to target Users with a subsequent search query. Further information on the cookie technology used can also be found in Google's notes on website statistics and in the privacy policy. With the help of this technology, Google and we as a customer receive information that a user has clicked on an ad and been redirected to our website to contact us via the contact form. Similarly, Google and we as a customer receive information via Google forwarding numbers that a user has clicked on one of our phone numbers on the internet and contacted us by phone. The information obtained in this way is used exclusively for statistical evaluation for ad optimization. We do not receive any information that can be used to personally identify visitors. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website that has a conversion tag. These statistics enable us to track which search terms were used most frequently to click on our ad and which ads led to the users contacting us via the contact form or by telephone. With regard to telephone contact by interested parties or customers, the statistics provided by Google include the start time, end time, status (missed or received), duration (seconds), caller's area code, telephone costs, and call type.

Legal basis

The legal basis for the processing of your personal data is consent in accordance with Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The data controller responsible for processing your information depends on your usual place of residence, unless otherwise specified in the privacy note of a particular service:

Google Ireland Limited for users of Google services who are habitually resident in the European Economic Area or Switzerland

Google LLC for users of Google services who are habitually resident in the United Kingdom.

Transfer to third countries

The personal data is transferred to the USA (server location). The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. We have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, which ensure the protection of personal data.

Duration of data storage

Revocation

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: www.google.com/policies/privacy/

19. Google Ads remarketing service

Description and purpose

Our website uses the Google Ads remarketing service provided by Google LLC. This service enables us to display interest-based advertising to visitors to our website. To do this, Google sets cookies and processes information about your usage behavior (e.g., pages visited, click behavior, technical data such as IP address). The purpose is to analyze user behavior in order to display personalized advertising on other websites.

By using cookies or pixels, the system recognizes returning users and segments them based on their behavior, such as which pages they visited or how long they stayed there.

As part of these remarketing measures, Google processes various personal data. This includes, in particular, the IP address, information about the device and browser used, and specific usage behavior on the website. This data is collected via cookies and tracking IDs and transmitted to Google.

The data collected is primarily used to personalize advertising, measure the success of campaigns, and optimize ads and target groups.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. Where necessary, we have concluded appropriate safeguards within the meaning of Art. 46 (2) GDPR with the data importer. In addition, Google LLC is certified under the Data Privacy Framework. Furthermore, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your consent at any time in accordance with Art. 6 (1) (a) GDPR, cf. Art. 7 (3) (1) GDPR. This can be done informally and without giving reasons and takes effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://policies.google.com/privacyhl=de&_gl=1*1ltq0is*_ga*MzE0Mzg4NzI2LjE3NTYxOTYzMTQ.*_ga_V9K47ZG8NP*czE3NTYxOTYzMTMkbzEkZzAkdDE3NTYxOTYzMTYkajU3JGwwJGgw

20. Google Analytics 4

Description and purpose

This website uses the “Google Analytics 4” service, which is provided by Google LLC, to analyze how users use the website. The service uses “cookies” – text files that are stored on your device. First-party cookies are used for this purpose. With a first-party cookie, the users can only be recognized by the site from which the cookie originates, not across multiple domains. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If necessary, Google Analytics is used on this website with the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: The IP address of users within the member states of the EU and the European Economic Area is truncated. This truncation removes the personal reference from your IP address. For EU citizens, the IP address is also only used to derive location data and is then deleted again. You also have the option of activating or deactivating the collection of detailed location and device data for individual regions (tracking settings). Under the agreement on data processing that the website operators have concluded with Google LLC, the latter uses the information collected to evaluate website usage and activity and to provide services related to internet usage.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons, ensuring the protection of personal data.

Duration of data storage

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) p. 1 GDPR. This can be done informally and without giving reasons, and will take effect in the future. The withdrawal of consent does not affect the lawfulness of the processing carried out until the withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://support.google.com/analytics/answer/6004245?hl=de https://policies.google.com/privacy?hl=de&gl=de.

21. Data transmission to third countries

The data controller may transfer personal data to a third country. In principle, the data controller can ensure that an adequate level of protection for the processing is achieved by means of various appropriate safeguards. It is possible to transfer data on the basis of an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses, or an approved certification mechanism pursuant to Art. 46 (2) (a) – (f) GDPR.

If the data controller transfers data to a third country on the legal basis of Art. 49 (1) (a) GDPR, you will be informed here about the possible risks of data transfer to a third country.

There is a risk that the third country receiving your personal data may not offer a level of protection equivalent to that of the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the third country in question or if certain agreements between the European Union and the third country in question are declared invalid. Specifically, in some third countries there are risks regarding the effective protection of EU fundamental rights through the use of surveillance laws (e.g., the USA). In such cases, it is the responsibility of the data controller and the recipient to assess whether the rights of the data subjects in the third country enjoy an equivalent level of protection as in the Union and can also be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection guaranteed throughout the Union for natural persons when personal data is transferred from the Union to data controllers, data processors, or other recipients in third countries or to international organizations, even if personal data is transferred from a third country or international organization to data controllers or data processors in the same or another third country or to the same or another international organization.

22. Additional website features

Google Maps

Description and purpose

This website uses Google Maps API from Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to visually display geographic information. When using Google Maps, Google also collects, processes, and uses data about the use of the Maps features by users of the websites.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR, § 25 (1) TTDSG.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

Duration of data storage

Revocation

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

For more information on the handling of user data, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.

23. Google reCAPTCHA

Description and purpose

To protect your orders via the online form, we use the reCAPTCHA service (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA), which is equipped with an advanced risk analysis engine and adaptive challenges to protect against malware and abusive activity. The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. reCAPTCHA collects IP addresses and anonymizes them, whereby shortened IP addresses are usually transmitted. The IP address transmitted by your browser as part of reCaptcha is not merged with other Google data. Further information about reCAPTCHA can be found here.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA)

Transfer to third countries

Duration of data storage

The data will be automatically deleted after 14 months. Data that has reached its retention period is automatically deleted once a month.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) p. 1 GDPR. This can be done informally and without giving reasons, and will take effect in the future. The revocation of consent does not affect the lawfulness of the processing that took place prior to the revocation. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=de&gl=del

24. friendly captcha

Description and purpose

This website uses the “Friendly Captcha” service (www.friendlycaptcha.com). This service is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is a new, privacy-friendly protection solution that makes it more difficult for automated programs and scripts (so-called “bots”) to use this website. In this context, we have integrated a program code from Friendly Captcha into our website (e.g., for contact forms) so that the visitor's device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's device solves the math problem (puzzle), which uses certain system resources, and sends the result to our web server. This web server contacts the Friendly Captcha server via an interface and receives a response indicating whether the puzzle was solved correctly by the device. Depending on the result, we can apply security rules to requests via our website and, for example, process or reject them.

Friendly Captcha processes and stores the following data in the process described above:

Anonymized IP address of the requesting computer.

Information about the browser and operating system used.

Anonymized counter per IP address to control cryptographic tasks.

Website from which the access took place.

The version of the widget.

A timestamp.

This data is used exclusively for the protection against spam and bots described above. Friendly Captcha does not set or read any cookies on the visitor's device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us or Friendly Captcha to identify any individual.

Legal basis

The legal basis for processing is our overriding legitimate interest in protecting our website from malicious access by bots, including spam protection and protection against attacks (e.g., mass requests), Art. 6 (1) (f) GDPR.

Recipient

The recipient is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Objection

You have the right to object to the processing of your personal data at any time in accordance with Art. 21 (1) GDPR. If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

Transfer to third countries

No transfer to a third country takes place.

Duration of data storage

If personal data is collected, it will be deleted after 30 days at the latest.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://friendlycaptcha.com/legal/privacy-end-users/.

25. Klickpark GmbH & Co. KG

Description and purpose

Our website is hosted by Klickpark GmbH & Co. KG, Bahnhofstraße 27, 68526 Ladenburg, Germany. To operate the website, the provider automatically processes connection data (IP address, access time, requested files, browser information). In addition, our website provides a contact form that you can use to send us messages. The data you enter (e.g., name, email address, telephone number, message) is transmitted to us via Klickpark's servers. The purpose is to ensure the secure provision of our website and communication with interested parties.

The digital agency specializes in brand marketing, web development, digitization, automation, and market launch. It offers holistic solutions that combine technology, design, communication, and processes.

Legal basis

The legal basis for the processing of your personal data in the case of web hosting is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the provision and secure functioning of the website.

Recipient

The recipient of the data is Klickpark GmbH & Co. KG.

Transfer to third countries

Personal data is not transferred to third countries. Nevertheless, data transfer can never be completely ruled out. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 ff. GDPR. If there is no adequacy decision with the third country in which the data importer is based, the transfer is subject to appropriate safeguards. If you have any questions, please contact our data protection officer.

Duration of data storage

Revocation and objection

In cases of processing based on Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data at any time in accordance with Art. 21 (1) GDPR. If you exercise your right, processing for this purpose will no longer take place. For more information, please refer to our privacy policy above under “Rights of data subjects.”

In cases of processing based on Art. 6 (1) (a) GDPR, you have the right to withdraw your consent at any time, cf. Art. 7 (3) p. 1 GDPR. This can be done informally and without giving reasons and takes effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out until the withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects.”

In the case of processing for the performance of a contract, withdrawal is not possible as long as the contractual relationship exists and the data is required.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy note

Further information on the processing of your personal data can be found here: https://klickpark.de/Datenschutz

26. Applications

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy. The legal basis for the processing of applicant data is Art. 88 GDPR, § 26 BDSG-neu (German Data Protection Act) and Art. 9 (2) (b) GDPR. If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed as part of the application process, they will also be processed in accordance with Art. 9 (2) (b) GDPR (e.g., health data, such as severe disability or ethnic origin). If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) (a) GDPR (e.g., health data if this is necessary for the performance of the job). If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by email (jobs@aventos.group). However, please note that emails are generally not sent in encrypted form and applicants must ensure encryption themselves. We therefore cannot accept any responsibility for the transmission of the application between the sender and the receipt on our server and therefore recommend using an online form or postal mail. Instead of applying via the online form and email, applicants still have the option of sending us their application by post. If an application is successful, the data provided by applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job vacancy is unsuccessful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place after a period of six months so that we can answer any follow-up questions regarding the application and fulfill our obligations to provide evidence under the General Equal Treatment Act. Invoices for any travel expense reimbursements are archived in accordance with tax law requirements.

27. Data recipients

To the extent permitted or required by law, or to the extent you have consented, we also share your personal data with other recipients who provide services to us. We limit the disclosure of your personal data to what is necessary. In some cases, our service providers receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data (data protection agreement in accordance with Art. 28 GDPR). In some cases, the recipients act independently with the data we transfer to them. The following categories of service providers/recipients may receive your data:

Providers of email marketing via newsletters

Providers of hosting services for the operation of our servers

Service providers in the field of job applications to assist in the selection of applicants

Service providers for development work, including programming, development, maintenance, and support of software applications

Service providers for postal services

External legal advisors

Marketing agencies/website management

Other IT service providers (e.g., system houses)

Other services and tools

The service providers we commission must meet strict confidentiality requirements. They only receive the access to your data that is necessary to perform the assigned tasks.

In the event of a suspected criminal offense, data may be passed on to law enforcement authority.

28. Safety

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we continuously ensure data protection through constant auditing and optimization of our data protection organization.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

29. Conclusion

The AVENTOS Management GmbH reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system as part of hellotrust, a brand of Keyed GmbH.