Thank you for visiting our website. The protection of your personal data is important to us and we want you to feel secure when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with the content of this privacy policy and in compliance with the applicable data protection provisions of the General Data Protection Regulation (GDPR) and the other relevant provisions on data protection.  

Data protection settings

Here you can revoke your consent or add or deselect individual categories.

Table of contents

1. Name and contact details of the controller
2. Contact to the data protection officer
3. What is personal data?
4. Purposes of data processing
5. Legal basis for data processing
6. Right to object
7. Use of our website for information purposes
8. Use of our website for other services
9. hosting
10. Contact with us
11. Our newsletter
12. Security and safety
13. Cookies and similar technologies
14. Web analysis
15. Social Media
16. Other functions and content
17. Links to other websites
18. Recipients and data transfer
19. Data transfer to third countries
20. Deletion of your data
21. Your rights
22. Changes to our privacy policy
23. Data protection information according to Art. 13 / Art. 14 GDPR

1. Name and contact details of the controller

NIVUS GmbH, Im Täle 2 in 75031 Eppingen, Germany, as the operator of the website www.nivus.de is the controller within the meaning of the GDPR..

2. contact to the data protection officer

You can contact our data protection officer at datenschutz@nivus.de at any time with any data protection concerns.

3. What is personal data?

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  

4. Purposes of data processing

The scope and type of collection, processing and use of your data differs depending on whether you visit our website merely to retrieve generally available information or to make use of additional services. In principle, we process your personal data as part of our business activities for pre-contractual or contractual purposes. In addition, the exercise of our legitimate interest, your consent or compliance with legal requirements may also be the purpose of data processing by us. We will inform you about the specific purposes of data processing in the following sections.

5. Legal basis for data processing

We process your personal data in accordance with the following legal bases:

• for the fulfilment of pre-contractual or contractual obligations (Art. 6 para. 1 b) GDPR)
• on the basis of your consent (Art. 6 para. 1 a) GDPR)
• in the context of a balancing of interests (Art. 6 para. 1 f) GDPR)
• on the basis of legal requirements (Art. 6 para. 1 c) GDPR)

We will inform you about the specific legal basis for data processing in our respective processing operations

6. right to object

If we process your personal data as part of a balancing of interests due to our overriding legitimate interest (legal basis for data processing is Art. 6 para. 1 f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing (with the exception of direct advertising; in this case, we will comply with your objection immediately) if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims. Further rights of data subjects remain unaffected.

7. Use of our website for information purposes

For purely informational use of our website, it is generally not necessary for you to provide personal data. Rather, when you visit our website, we only collect the data that your internet browser automatically transmits to us, such as:

• Referrer (previously visited website)
• Requested website or file
• Browser type and browser version
• Operating system used
• Type of device used
• Date and time of access
• IP address in anonymised form
• other similar data and information used for security purposes in the event of attacks on our information technology systems.

This is usually done through the use of log files. The purpose of the processing is to ensure the functionality and compatibility of our website for technically unproblematic use, including troubleshooting and protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest in accordance with Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the proper operation of our website. The log file data is deleted when it is no longer required for the purpose of processing.

8. use of our website for other services

If you make use of further services of our company via our website, it may be necessary for you to provide personal data for this purpose. The personal data required for the provision of the service can be seen from the respective input screen or application. You can provide further information voluntarily. You can recognise which information is required and which is voluntary by the fact that the mandatory information is marked with an asterisk (*) or with the note "mandatory field". Your data is processed solely for the purpose of providing the service you have requested. The legal basis for the processing of your personal data and the information about when your personal data will be deleted can be found in the description of the specific services.

9. Hosting

We use punkt.de GmbH, Sophienstraße 187 in 76185 Karlsruhe, as the hosting service provider for our website. The personal data collected on this website is stored on the servers of the hosting provider. Our hosting provider processes this data exclusively to the extent necessary to fulfill the contractually agreed services and according to our instructions within the scope of a data processing agreement. Data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure, reliable, and efficient provision of our website. Further information can be found in the privacy policy of punkt.de at https://punkt.de/de/f/datenschutzerklaerung.html.

To secure and accelerate data transmission, the transfer of information between your browser and our web pages is routed via the Amazon Content Delivery Network (CDN). The provider is Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA. By using the CDN, Amazon may analyze the data traffic between your device and our website in order to detect and prevent attacks and to optimize performance. This includes processing website visitors’ IP addresses and other technical data (e.g., browser information, access times). Amazon may also process data on servers outside the EU, particularly in the USA. Amazon is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. Data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The use of Amazon serves to protect our overriding legitimate interests in the technically flawless and secure provision of the website. Further information can be found in Amazon’s privacy policy at: https://aws.amazon.com/de/privacy/.

10. contact us

Contact form

On our website, we offer you the opportunity to contact us using a contact form. The personal data that you provide when contacting us via a contact form will only be processed for the purpose of processing your contact via the contact form. It will only be passed on to third parties if this is necessary for the purpose of processing your contact. The legal basis for this processing is Art. 6 para. 1 b) GDPR.  Your personal data will be deleted if it is no longer required to fulfil the purpose for which you contacted us. We would like to point out that your messages may have to be stored within the framework of statutory retention obligations. In this case, the legal basis is Art. 6 para. 1 c) GDPR.

Mail

On our website, we offer you the option of contacting us by email. Please note that unencrypted communication by email is insecure. It cannot be ruled out that data transmitted in this way may be read, copied, modified or deleted by unauthorised persons. The personal data that you provide when contacting us via an e-mail enquiry will only be processed for the purpose of processing your e-mail enquiry. It will only be passed on to third parties if this is necessary for the purpose of processing this contact. The legal basis for this processing is Art. 6 para. 1 b) GDPR. Your personal data will be deleted if it is no longer required to fulfil the purpose for which you contacted us. We would like to point out that your messages may have to be stored within the framework of statutory retention obligations. In this case, the legal basis is Art. 6 para. 1 c) GDPR.

11. Newsletter

We use the Inxmail service to send newsletters. The provider is Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. We have concluded a contract with Inxmail for order data processing and thus implement the data protection requirements. You can find more details in Inxmail's privacy policy at: www.inxmail.de/datenschutz

When you visit our registration page, a direct connection to the service provider's servers is established. Your IP address will be forwarded to the service provider. The legal basis for the processing is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the professional and efficient organisation of our newsletter.

If you subscribe to our newsletter, the following data will be collected:

• IP address of the accessing computer
• Date and time of registration
• Your e-mail address
• Confirmation that you are the owner of the e-mail address provided and that you agree to receive the newsletter

This data is only collected for the purpose of sending you the newsletter and documenting our authorisation to do so. 
Your consent is obtained for the processing of the data as part of the registration process and reference is made to our privacy policy. The legal basis for the processing is Art. 6 para. 1 a) GDPR. The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR and serves as proof of consent to receive the newsletter.

You can revoke this consent at any time with effect for the future by unsubscribing from the newsletter; we provide a corresponding link in every newsletter message. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the Inxmail servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail address) remain unaffected by this.

12. security

We have taken technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. In particular, the personal data you provide in the contact form is transmitted in encrypted form. We use the TLS 1.2 (Transport Layer Security) coding system.

13. Cookies and comparable technologies

We use cookies and similar technologies as well as services of external providers on our website. These technologies serve various purposes – such as technical provision, improving user experience, analyzing visitor behavior, or integrating external content (e.g. maps, videos, fonts).

Cookies are small text files that are stored on your computer when you visit our website. Comparable technologies include so‑called web storage techniques (“local data”, “local storage”), where data is stored locally in the memory (“cache”) of your browser.
For better readability, we refer to cookies and comparable technologies collectively as “cookies.”

We use external services and cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless legally not required.

If users consent, the legal basis for processing your data is Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. The consent is revocable at any time, is clearly communicated, and contains all relevant information. Further information on external services and on individual cookies and their purposes can be found in our privacy settings.

Consent is not necessary in particular when the storage or access to information – including cookies – is absolutely essential to provide users with a digital service explicitly requested by them (i.e. our online offering).
In such cases, the legal basis is:

• performance of a contract (Art. 6(1)(b) GDPR),
• compliance with legal obligations (Art. 6(1)(c) GDPR),
• or our legitimate interest (Art. 6(1)(f) GDPR, e.g. secure and economical operation of our online offering).

You may delete cookies at any time. However, doing so may result in certain functions no longer being available. To delete cookies, please consult your browser’s help function or change your settings in the  privacy settings.

Usercentrics

This website uses the cookie consent tool of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany "Usercentrics". The purpose of the processing is to obtain and document consent to the storage of certain cookies on your end device or to the use of certain technologies and to technically enable the revocation of consent given. When you visit our website, the following personal data is transferred to Usercentrics:

• Your consent(s) or the revocation of your consent(s)
• your IP address
• Information about your browser
• Information about your end device
• Time of your visit to the website

In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. 
The legal basis for the processing of the data is § 25 para. 2 no. 2 TDDDG and Art. 6 para. 1c) and f) GDPR to fulfil our legal obligation to obtain consent to the processing of personal data in accordance with the provisions of the applicable data protection laws and to document this consent.
The data collected in this way will be stored until you effectively object to this storage, request us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. We have concluded an order processing contract with Usercentrics as our service provider in accordance with Art. 28 GDPR. 

Further information can be found in Usercentrics' privacy policy at: https://usercentrics.com/de/datenschutzerklaerung/

Information on recipients of consent
Central platform services of "gatekeepers" within the meaning of the Digital Markets Act ("DMA") are integrated on our website. Gatekeepers are obliged under Art. 5 para. 2 b) DMA to obtain consent for these central platform services. Our consent tool forwards your consent to the respective service provider so that the consent you have given in our consent tool can also apply to these services. We will inform you specifically about this in our privacy policy for the respective services.

14. web analysis

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics enables us to analyze the behavior of website visitors. This allows us to evaluate page views, interactions (e.g., clicks, scrolls, downloads, search queries, video usage), generate reports on website activity, and optimize our online offering.
Personal data collected and processed through Google Analytics includes:

• Online identifiers (e.g., cookie IDs, device IDs)
• Usage data (e.g., visited pages, session duration, interactions)
• Device and browser information (e.g., device type, operating system)
• IP address (according to Google, anonymized before storage)
• Location data (region/city derived from IP address)

Google Analytics 4 truncates IP addresses before further processing, usually within the EU/EEA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser is not merged with other Google data. However, linking with other Google services cannot be completely excluded.

Transfer of data to Google LLC in the USA cannot be ruled out. Google is certified under the EU-U.S. Data Privacy Framework.
The legal basis is your consent under Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. You may revoke your consent at any time by removing the corresponding checkbox here.

You can prevent cookie storage through your browser settings. You may also prevent Google from collecting and processing data related to your website use by installing the browser plugin at: https://tools.google.com/dlpage/gaoptout?hl=de
Please note that this does not apply to all data processing operations under Google Analytics 4 and is not a substitute for consent.
Further information:

• Terms of Use: http://www.google.com/analytics/terms/de.html
• Privacy Policy: https://policies.google.com/privacy

Information on Consent Recipients

Google Analytics is a core platform service under the Digital Markets Act (DMA). Therefore, Google is obliged under Art. 5 (2) (b) DMA to obtain your consent. This consent is acquired through our consent tool. In addition to the above data, information about your consent is transmitted to Google.

Google Ads

Our website uses Google Ads. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use Google Ads to display targeted online advertisements for our offers and to measure the success of these advertising campaigns. Google Ads allows users who have previously shown interest in our products or services to be re‑targeted on other websites or in Google Search.

The following personal data is processed by Google in connection with Google Ads:

• IP address
• browser information
• usage data
• date and time of visit
• location data
• cookie ID

The information generated by cookies is transferred by Google to a server in the USA and stored there. Google is certified under the EU‑U.S. Data Privacy Framework. The certificate is available at:
https://www.dataprivacyframework.gov/s/

The legal basis for the use of Google Ads is your consent under Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You may withdraw your consent at any time with effect for the future by removing the corresponding checkmark.
You may also prevent the storage of cookies by changing your browser settings; however, in this case, not all website features may be fully available. Cookies set previously can also be deleted at any time.

If you have given your consent, Google may link data from this service with other Google services such as Google Analytics or Google Ad Manager in order to perform cross‑device evaluations, remarketing, or conversion measurement. This is based on your consent under Article 6(1)(a) GDPR.

Further information and Google’s data protection provisions can be found at:
https://policies.google.com/privacy

Notes on recipients of consent

Google is a gatekeeper within the meaning of the Digital Markets Act (DMA). We use Google Ads in combination with other Google services to offer personalized advertising.
Google is therefore obliged under Article 5(2)(b) DMA to obtain your consent. This consent is technically collected through our consent tool in simplified consent mode, meaning your consent information is transmitted to Google along with the above‑mentioned data.

15. social media

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. 

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure an informative presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR. In necessary cases, the legal basis is also Art. 6 para. 1 a) GDPR. The analysis processes initiated by the social networks themselves may be based on other legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 a) GDPR).

Controller and assertion of rights

If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options depend largely on the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it or revoke your consent to its storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc. based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection by Facebook can be found at: https://www.facebook.com/about/privacy/

Instagram

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc. based in the USA.  Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/ Further information on data protection by Instagram can be found at: http://instagram.com/about/legal/privacy/

LinkedIn 

We use LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. However, it cannot be ruled out that your personal data will be transferred to insecure third countries such as the USA. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further information on data protection by LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

YouTube

We use the YouTube.com platform to make our own videos publicly accessible for advertising purposes. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

On our website, we link to our YouTube channel. If you click such a link, Google stores and uses your data (e.g. IP address and other personal information) to provide the service and for its own commercial purposes.

We have also embedded YouTube videos stored on https://www.youtube.com directly into our online offering. Data is only transmitted to Google after you have given your consent. This includes information such as:

• device information
• IP address
• referrer URL
• videos viewed

YouTube uses cookies to collect data and perform statistical analysis. On the basis of these statistics, Google can evaluate, for example, how often a video is viewed or whether it is played on YouTube or on other websites.

We have no influence on this data transfer. This applies regardless of whether you have a Google account or are logged in. If you are logged in, your data may be assigned to your Google account. If you do not wish this, you must log out before activating a video.

Google stores your data in usage profiles and uses them for advertising, market research, and/or needs‑based design of its website. Such analysis is carried out in particular (also for users who are not logged in) to display personalized advertising and to inform other users of your activities on our website. You have the right to object to the creation of such usage profiles. This objection must be directed to Google.

It cannot be ruled out that your personal data will also be transferred to Google LLC in the USA or that other Google services (Google APIs, Google Fonts, Google Photos, Google Static, DoubleClick) will be loaded. Google LLC is certified under the EU‑U.S. Data Privacy Framework.

The legal basis for this processing is your consent according to Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by removing the relevant checkmark.

More information on data processing by Google: https://policies.google.com/privacy

16. further functions and content

If we use additional functions and content (e.g. map or font services) on our website, by means of which we or the provider of the services process your personal data, we will inform you about this here.

Google services

We use Google services on our website. The provider of these services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It cannot be ruled out that your personal data will also be transferred to Google LLC, based in the USA, or that the use of a Google service will result in other Google services being loaded by Google itself, without us having any influence over this. Google has certified itself within the framework of the EU-US Data Privacy Framework for compliance with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.

You can find more information about data processing by Google here: https://www.google.com/policies/privacy/

Google Tag Manager

We use the Google Tag Manager service on our website, provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool used to manage website tags – small code elements used to integrate additional services (e.g. Google Analytics or reCAPTCHA). The tool triggers other tags, which may themselves collect data.
Google Tag Manager itself does not create user profiles and does not store cookies. Its function is limited to facilitating and improving the integration and management of the tools and services we use on our website.

In this privacy notice, we inform you of the services used through Tag Manager and the associated data processing activities in connection with each individual service.

Google receives only the user’s IP address through Google Tag Manager. However, it cannot be excluded that your data may also be transferred to Google Inc. in the USA. Google is certified under the EU‑US Data Privacy Framework to ensure compliance with EU data protection standards.
The certificate is available at: https://www.dataprivacyframework.gov/s/

The legal basis for the use of Google Tag Manager is your consent according to Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You may withdraw your consent at any time with effect for the future by removing the corresponding checkmark.

Further information on how Google processes data can be found at: https://policies.google.com/privacy

Friendly Captcha

We use the "Friendly Captcha" service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany, on our website. Friendly Captcha is used to check whether data is entered on our website (e.g. in a contact form) by a human or by an automated programme. For this purpose, Friendly Captcha analyses the behaviour of the visitor to the website or mobile app based on various characteristics. This analysis begins automatically as soon as the website or mobile app visitor enters a part of the website or app with Friendly Captcha activated. For the analysis, Friendly Captcha evaluates various information (browser details, URL from which a user comes (referrer), information as to whether the user has solved a puzzle created by us, anonymised IP address with conversion into a numerical value, so-called hash value). This data cannot be assigned to specific websites or persons.

The legal basis for data processing is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in protecting our online offering from abusive automated crawling and spam. You can find more information about Friendly Captcha and the associated privacy policy at https://friendlycaptcha.com/legal/.

ChatVusyon

We use ChatVusyon on our website, a chatbot function provided by avenit AG, Marlener Straße 2, 77656 Offenburg, Germany (“avenit”). We have concluded a data processing agreement with this service provider pursuant to Article 28 GDPR.

With the chatbot functions of avenit, you can ask questions and conveniently access information on our website that is of particular interest to you. Using the chatbot enables us to provide an interactive and improved user experience on our website.

To offer the chatbot, a connection is first established with the servers of our service provider. Only data that your browser automatically transmits is processed. In addition, temporary cookies are stored in your session storage, which are deleted as soon as you close your browser window. The legal basis is our legitimate interest according to Article 6(1)(f) GDPR in providing the chat function.

When you use the chat, the content you enter is also processed. ChatVusyon stores technically necessary cookies in your browser to maintain the chat history during your visit or to store your consent. These cookies are necessary for the chatbot to function and are not used for analytics or advertising.

The data is transmitted to the server of avenit and processed there to generate a response. avenit uses technologies from the service provider OpenAI, L.L.C., 3180 18th Street, San Francisco, CA, USA (“OpenAI”), meaning your input may also be transferred to and processed on OpenAI servers in the USA.

OpenAI is not certified under the Data Privacy Framework. avenit has therefore concluded Standard Contractual Clauses with OpenAI according to Article 46(2)(c) GDPR to ensure an adequate level of data protection in third countries.

OpenAI does not receive permanent access to your data and uses it exclusively to generate the response within the respective chat session. According to OpenAI, the data is not used for profiling or training purposes. The data is deleted after a maximum of 30 days unless a legal retention requirement applies.

The legal basis for this processing is your consent under Article 6(1)(a) GDPR. If your inquiry aims at concluding or performing a contract, processing additionally takes place pursuant to Article 6(1)(b) GDPR. In all other cases, processing is based on our legitimate interest under Article 6(1)(f) GDPR in providing user‑friendly access to information.

You may withdraw your consent at any time. The lawfulness of processing already conducted remains unaffected. Please note that upon withdrawal, the chatbot functions can no longer be used.

Further information can be found here:

Avenit: https://chatvusyon.ai/datenschutz
OpenAI: https://help.openai.com/en/articles/7842364-how-chatgpt-and-our-language-models-are-developed
https://openai.com/policies/privacy-policy
https://openai.com/policies/data-processing-addendum

Data is deleted — subject to statutory retention obligations — as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case when we have fully processed your inquiry.

17. Links to other websites

If we provide links to websites of other organisations, this privacy policy does not apply to the processing of personal data by that organisation. We therefore recommend that you read the data protection notices on the other websites you visit.

18. Recipients and data transfer

We have bundled certain data processing operations in our company. These can be carried out centrally by our individual divisions, e.g. for processing enquiries. External contractors and service providers (e.g. logistics companies or IT service providers) may also be used to ensure the fulfilment of our tasks and contracts. In addition, data may be passed on to recipients to whom we are obliged or authorised to pass on data on the basis of contractual or legal obligations or on the basis of your consent.

19. Data transfer to third countries

Data transfer to third countries

Data will only be transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the performance of a contract/order/business relationship, including the initiation thereof, or if this is permitted by our legitimate interest or on the basis of your consent and only in compliance with the data protection requirements prescribed for this purpose.

Note on data transfer to the USA

As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you which of the service providers we use are certified under the DPF in this privacy policy for the respective service.

20. Deletion of your data

We only process your personal data for as long as this is necessary to fulfil the respective purpose or until a legal basis for the processing (e.g. revocation of consent to data processing) no longer exists. We observe the existing statutory retention and storage periods.

21. Your rights

Sie haben das Recht:

• to receive information free of charge about the personal data we have stored about you (right to information)
• to request confirmation as to whether we are processing personal data concerning you (right to confirmation)
• to demand that we erase the personal data concerning you without undue delay, provided that the processing is no longer necessary and the other requirements of the GDPR for erasure are also met (right to erasure)
• to demand the immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
• to request the restriction of the processing of your personal data (right to restriction of processing)
• to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability)
• to object to the processing of your personal data (right to object)
• you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you (right to individual decision-making)
• to withdraw your consent to the processing of your personal data at any time with effect for the future.
• to lodge a complaint with the supervisory authority responsible for data protection if you believe that the processing of your personal data violates the GDPR (right to lodge a complaint). 

For further information on your rights, please contact our data protection officer.

22. Amendment of our privacy policy

In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, for example new services.  

23. Data protection information according to Art. 13 / Art. 14 GDPR