Data Protection Policy

1. Introduction

Below we inform you about the collection of personal data when using

  • our website www.aim.science

  • our webshop shop.aim.science

  • our profiles on social media

Personal data means any information relating to an identified or identifiable natural person, such as their name or IP address.

1.1. Contact Information

The controller pursuant to Art. 4(7) GDPR is AIM – Advanced Identification Methods GmbH, Niemeyerstraße 1, 04179 Leipzig, Germany, e-mail: info@aim.science. We are legally represented by Jérôme Morinière.

Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, e-mail: datenschutz@heydata.eu.

1.2. Scope of Processing, Purposes and Legal Bases

The scope of processing, the purposes and the legal bases are explained below. As legal bases for processing, the following generally apply:

  • Art. 6(1) sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.

  • Art. 6(1) sentence 1 lit. b GDPR is the legal basis where processing of personal data is necessary for the performance of a contract, e.g., when a visitor purchases a product from us or we provide a service to them. This also applies to processing necessary for pre-contractual measures, e.g., inquiries about our products or services.

  • Art. 6(1) sentence 1 lit. c GDPR applies where processing personal data enables us to comply with a legal obligation, e.g., under tax law.

  • Art. 6(1) sentence 1 lit. f GDPR serves as the legal basis where we rely on legitimate interests to process personal data, e.g., for cookies necessary for the technical operation of our website.

1.3. Processing Outside the EEA

Where we transfer data to service providers or other third parties outside the EEA, the security of the transfer is ensured by adequacy decisions of the European Commission, where available (e.g., for the United Kingdom, Canada and Israel) (Art. 45(3) GDPR).

If no adequacy decision exists (e.g., for the USA), the legal basis for the transfer is generally, unless stated otherwise, standard contractual clauses (SCCs) adopted by the European Commission, which form part of our contract with the respective third party. Pursuant to Art. 46(2)(b) GDPR, they ensure the safety of the data transfer. Many providers also offer contractual safeguards beyond the SCCs, e.g., encryption commitments or an obligation to notify data subjects if law enforcement authorities request access to the data.

1.4. Storage Period

Unless expressly stated otherwise in this privacy policy, we delete data stored by us as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If data is not deleted because it is required for other and legally permissible purposes, processing will be restricted; i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

1.5. Rights of Data Subjects

Data subjects have the following rights vis-à-vis us with regard to their personal data:

  • Right of access,

  • Right to rectification or erasure,

  • Right to restriction of processing,

  • Right to object to processing,

  • Right to data portability,

  • Right to withdraw consent at any time.

Data subjects also have the right to lodge a complaint with a supervisory authority. Contact details of the data protection supervisory authorities can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to Provide Data

In the context of a business or other relationship, customers, prospects or third parties must provide us with personal data that is necessary for establishing, carrying out and terminating such relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we may no longer be able to fulfil an existing contract or relationship.

Mandatory fields are marked as such.

1.7. No Automated Individual Decision-Making

As a rule, we do not use fully automated decision-making pursuant to Article 22 GDPR to establish and carry out business or other relationships. Should we use such procedures in individual cases, we will provide separate information where legally required.

1.8. Contacting Us

When contacting us, e.g., by e-mail or telephone, the data provided (e.g., names and e-mail addresses) is stored by us in order to answer the inquiry. The legal basis is our legitimate interest (Art. 6(1) sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data arising in this context after it is no longer needed, or restrict processing where statutory retention obligations exist.

1.9. Customer Surveys

From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested in each case. It is our legitimate interest to get to know our customers and their needs better; the legal basis for the associated processing is therefore Art. 6(1) sentence 1 lit. f GDPR. We delete the data once the survey results have been evaluated.

2. Newsletter

We reserve the right to inform customers who have already used our services or purchased goods from time to time by e-mail or other electronic means about our offers, unless they have objected. The legal basis is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest is direct marketing (Recital 47 GDPR). Customers can object to the use of their e-mail address for advertising purposes at any time at no additional cost, e.g., via the link at the end of each e-mail or by e-mailing us at the address stated above.

Interested parties can subscribe to a free newsletter. We process the data provided during registration solely for sending the newsletter. Registration takes place by clicking the relevant field on our website, by ticking the relevant box in a paper document, or by another clear action by which the interested party gives consent to the processing of their data; the legal basis is therefore Art. 6(1) sentence 1 lit. a GDPR. Consent can be withdrawn at any time, e.g., by clicking the relevant link in the newsletter or by notifying us at the e-mail address stated above. Processing prior to withdrawal remains lawful even if consent is later withdrawn.

We send newsletters using the tool rapidmail provided by rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg (Privacy Notice: https://www.rapidmail.de/datenschutz). The provider processes content, usage, metadata/communications and contact data within the EU.

3. Data Processing on Our Website

3.1. Notice for Website Visitors from Germany

Our website stores information on visitors’ end devices (e.g., cookies) or accesses information already stored on end devices (e.g., IP addresses). Details are provided in the following sections.

This storage and access occur under the following rules:

  • Where the storage/access is strictly necessary for us to provide a service expressly requested by the website visitor (e.g., operating a chatbot used by the visitor or ensuring IT security of our website), it is based on Section 25(2) No. 2 of the German TTDSG.

  • Otherwise, such storage/access is based on the consent of the website visitor (Section 25(1) TTDSG).

Further processing of personal data follows the sections below and the provisions of the GDPR.

3.2. Informational Use of Our Website

When you use the website for informational purposes only, i.e., if you do not otherwise transmit information to us, we collect the personal data that your browser transmits to our server to ensure the stability and security of our website. This is our legitimate interest; the legal basis is Art. 6(1) sentence 1 lit. f GDPR.

This data includes:

  • IP address

  • Date and time of the request

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • Amount of data transferred

  • Referring website

  • Browser

  • Operating system and its interface

  • Language and version of the browser software.

This data is also stored in log files. It is deleted when storage is no longer required, but no later than after 14 days.

3.3. Web Hosting and Website Provision

Our website is hosted by Ionos. The provider is 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. The provider processes personal data transmitted via the website (e.g., content, usage, metadata/communications or contact data) within the EU. Further information: https://www.ionos.co.uk/terms-gtc/privacy-policy/#c4183.
It is our legitimate interest to provide a website; the legal basis for the described processing is Art. 6(1) sentence 1 lit. f GDPR.

Our website is hosted by United Domains. The provider is united-domains AG, Gautinger Straße 10, 82319 Starnberg. The provider processes personal data transmitted via the website within the EU. Further information: https://www.united-domains.de/unternehmen/datenschutz/.
It is our legitimate interest to provide a website; the legal basis is Art. 6(1) sentence 1 lit. f GDPR.

Our website is hosted by Squarespace. The provider is Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland. The provider processes personal data transmitted via the website, e.g., content, usage, metadata/communications or contact data, in the USA. Further information: https://www.squarespace.com/privacy.
It is our legitimate interest to provide a website; the legal basis is Art. 6(1) sentence 1 lit. f GDPR.

The legal basis for transfers to a country outside the EEA is standard contractual clauses. The security of data transferred to a third country is ensured by the standard data protection clauses (Art. 46(2)(c) GDPR) adopted by the European Commission under the procedure in Art. 93(2) GDPR, which we have agreed with the provider.

3.4. Contact Form

When contacting us via the contact form on our website, we store the data requested there and the content of the message.

The legal basis is our legitimate interest in answering inquiries addressed to us; thus Art. 6(1) sentence 1 lit. f GDPR applies. We delete the data once storage is no longer required or restrict processing where statutory retention obligations exist.

3.5. Job Openings

We publish job openings on our website, on pages linked from the website, or on third-party websites.

We process the data provided in the application for the purpose of conducting the application process. Where necessary for our decision to establish an employment relationship, the legal basis is Art. 88 GDPR in conjunction with Section 26(1) BDSG. Data required for the application process is marked accordingly or we refer to it. If applicants do not provide this data, we cannot process the application.

Additional information is voluntary and not required for an application. If applicants provide additional information, this is based on their consent (Art. 6(1) sentence 1 lit. a GDPR).

We ask applicants to refrain from providing information on political opinions, religious beliefs and similarly sensitive data in their CV and cover letter. Such information is not required. If applicants nevertheless include such data, we cannot prevent its processing when handling the CV or cover letter. Processing is then also based on the applicant’s consent (Art. 9(2)(a) GDPR).

We also process applicants’ data for further recruitment procedures if they have given us their consent. In this case, the legal basis is Art. 6(1) sentence 1 lit. a GDPR.

We disclose applicants’ data to the responsible HR staff, to our processors in the area of recruiting, and to other employees involved in the recruitment process.

If, following the recruitment process, we enter into an employment relationship with the applicant, we delete the data only after termination of the employment relationship. Otherwise, we delete the data no later than six months after rejection.

If the applicant has consented to us using their data for further recruitment processes, we delete the data one year after receipt of the application.

3.6. Provision of Services

We offer services via our website. In the ordering process we process the following data:

  • Salutation

  • First name

  • Last name

  • Organization

  • E-mail address

  • Website

  • Phone

  • Address

  • VAT ID

Processing is carried out for the performance of the contract with the respective visitor (Art. 6(1) sentence 1 lit. b GDPR).

We pass the above data to the following service providers where necessary for the order:

  • Billomat GmbH & Co. KG, Lorenzer Straße 31, 90402 Nürnberg, Germany

  • LDB Labordatenbank GmbH, Mittelstraße 24, 10117 Berlin, Germany

  • monday.com Ltd, 6 Yitzhak Sadeh St, Tel Aviv 6777506, Israel

  • DATEV eG, Paumgartnerstr. 6–14, 90429 Nürnberg, Germany

The legal basis is Art. 6(1) sentence 1 lit. b GDPR, as processing is necessary for contract performance.

3.7. Payment Processors

We use payment processors for handling payments; they are independent controllers within the meaning of Art. 4 No. 7 GDPR. Insofar as they receive the data entered by us in the ordering process and the payment data, this serves to fulfil the contract with our customers (Art. 6(1) sentence 1 lit. b GDPR).

These payment processors are:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

  • Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands

3.8. Technically Necessary Cookies

Our website uses cookies. Cookies are small text files stored by the web browser on a visitor’s device. Cookies help make our offering more user-friendly, effective and secure. Where these cookies are required for operating our website or its functions (“technically necessary cookies”), the legal basis for the related processing is Art. 6(1) sentence 1 lit. f GDPR. We have a legitimate interest in providing customers and other visitors with a functional website.

In particular, we use technically necessary cookies for the following purposes:

  • Cookies that store language settings, shopping cart contents, search terms, login data, and cookies set by payment providers for payment processing which do not analyse user behavior.

3.9. Third Parties

3.9.1. Google Analytics

We use Google Analytics for analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited pages, interest in content, access times) and metadata/communications data (e.g., device information, IP addresses) in the USA.

The legal basis is Art. 6(1) sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can withdraw consent at any time, e.g., by contacting us using the contact details provided in this privacy policy. Withdrawal does not affect the lawfulness of processing before withdrawal.

The legal basis for transfers to a country outside the EEA is the standard contractual clauses. The security of data transferred to a third country is ensured by the standard data protection clauses (Art. 46(2)(c) GDPR) adopted by the European Commission, which we have agreed with the provider.

Data is deleted when the purpose for which it was collected no longer applies and no retention obligation exists. Further information can be found in the provider’s privacy policy: https://policies.google.com/privacy?hl=en-US.

4. Data Processing on Social Media Platforms

We maintain presences on social networks to present our organization and services. The operators of these networks regularly process user data for advertising purposes. Among other things, they create profiles based on users’ online behavior, e.g., to display advertising on the network pages and elsewhere on the internet that matches users’ interests. For this purpose, network operators store information about user behavior in cookies on users’ devices. It cannot be excluded that the operators combine this information with other data. Further information and details on objecting to processing by the operators can be found in the privacy policies listed below. Operators or their servers may also be located in non-EU countries where data is processed. This may pose risks for users, e.g., making it more difficult to enforce their rights or due to access by public authorities.

If users contact us via our profiles, we process the data provided to answer their inquiries. This is our legitimate interest; the legal basis is Art. 6(1) sentence 1 lit. f GDPR.

4.1. Facebook

We maintain a profile on Facebook. Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy: https://www.facebook.com/policy.php. You can object to data processing via ad settings: https://www.facebook.com/settings?tab=ads. We are joint controllers for processing the data of visitors to our profile based on an arrangement pursuant to Art. 26 GDPR with Facebook. Which data is processed is explained here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects may exercise their rights against us and Facebook. Under our arrangement, however, we are obliged to forward requests to Facebook; accordingly, contacting Facebook directly may lead to a quicker response.

4.2. Instagram

We maintain a profile on Instagram. Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy: https://help.instagram.com/519522125107875.

4.3. YouTube

We maintain a profile on YouTube. Operator: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy?hl=de.

4.4. Twitter

We maintain a profile on Twitter. Operator: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Privacy policy: https://twitter.com/de/privacy. You can object via ad settings: https://twitter.com/personalization.

4.5. LinkedIn

We maintain a profile on LinkedIn. Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. You can object via ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5. Changes to This Privacy Policy

We reserve the right to amend this privacy policy with effect for the future. The current version is always available here.

6. Questions and Comments

If you have any questions or comments regarding this privacy policy, you can contact us using the contact information provided above.

Wenn du möchtest, passe ich das direkt für deine Webseite (Headings, Listenstile) an oder ergänze noch eine klare Cookie-Policy/Consent-Texte im selben Stil.