Privacy Statement – Avitech GmbH respects your privacy

Information obligations pursuant to Art. 12, 13 ff. EU GDPR

Avitech GmbH respects your privacy and is committed to protecting the security of your personal information. This Privacy Statement informs you of our Privacy Policy and practices, and of the choices you can make about the way your information is collected online and how that information is used. We have structured our websites so that, in general, you can visit Avitech on the Web without identifying yourself or revealing any personal information. This notice is made readily available by us on our home page and at the bottom of every Avitech Web page.

1. Name and address of the controller

Your contact partner as the controller within the meaning of the European General Data Protection Regulation (“EU GDPR”) and other national data protection laws of the member states and other data protection regulations is:

Avitech GmbH
Bahnhofplatz 3
88045 Friedrichshafen

Commercial Register: Ulm Local Court HRB 728293
VAT id. no.: DE 223719716
Managing Director: Jon Joseba Goyarzu Caño
(hereinafter referred to as “we” or “us”)

2. Name and address of the Data Protection Officer

Avitech GmbH attaches great importance to the protection of your personal data. In order to reflect this importance, we have raised the awareness of this issue among our employees and appointed an employee as our Data Protection Officer. Our Data Protection Officer has the expertise and competence to carry out this function.

Please contact our Data Protection officer directly regarding any data protection and data security issues at Avitech GmbH:
Michael Mainz
E-mail: dataprotection[at]avitech.aero
Phone: +49 (0) 7541 282-335

3. General information about data processing

a. Scope of processing of personal data

We only process your personal data insofar as this is necessary for the performance of our services. Your personal data will be processed regularly only on the basis of your consent. An exception is made in those cases in which it is not possible to obtain prior consent for practical reasons or the processing of your personal data is permitted by law.

b. Legal basis for the processing of personal data

If we obtain consent from you for the processing of personal data, Art. 6 Para. 1 Letter a EU GDPR will act as our legal basis.

When we process personal data which is necessary for the performance of a contract between you and us, Art. 6 Para. 1 Letter b EU GDPR will act as our legal basis. This also applies for processing operations which are necessary in order to take steps prior to entering into a contract.

If the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 Para. 1 Letter c EU GDPR will act as our legal basis.

If the processing of personal data is necessary in order to protect the vital interests of yourself or of another natural person, Art. 6 Para. 1 Letter d EU GDPR will act as our legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and your interests, fundamental rights and freedoms do not override the first-mentioned interest, Art. 6 Para. 1 Letter f EU GDPR will act as the legal basis for the processing.

c. Deletion of data and storage period

Your personal data will be deleted or blocked as soon as the purpose for its storage no longer exists. It can also be stored if this is provided for by the European or national legislators in EU regulations, laws or other regulations to which we are subject. The data will also be blocked or deleted if a retention period prescribed by the aforementioned standards expires, unless the continued storage of the data is necessary for the conclusion or performance of a contract.

4. Provision of website and creation of log files

This website uses Matomo, and open source, self-hosted software, in order to collect anonymous usage data for this website.

The data on the behaviour of visitors is collected in order to detect any problems such as pages not found, search engine problems or unpopular pages. As soon as the data (number of visitors who view the error pages or view only one page, etc.) is processed, Matomo generates reports for the website operators so that they can react to these. (Layout changes, new content, etc.)

Matomo processes the following data:

  • Cookies
  • Anonymised IP addresses with the last 2 bytes removed (i.e. 198.51.0.0 instead of 198.51.100.54)
  • Pseudoanonymised location (based on the anonymised IP address)
  • Date and time
  • Title of the page being viewed
  • URL of the page being viewed
  • URL of the previous page (if the page allows this)
  • Screen resolution
  • Local time
  • Files that were clicked and downloaded
  • External links
  • Page generation time
  • Country, region, city (with low accuracy based on IP address)
  • Main language of the browser
  • User agent of the browser
  • Interactions with forms (but not their content)
  • Server logs

The processing of personal data is based on the principle of legitimate interests

Processing data helps us to identify what is working and what is not on our website. For example, it helps us to identify if the content is well received or if we can improve the structure of the website. Our team benefits from and can react to this. By allowing the processing of data, you will therefore benefit from a website which will get better and better.

Without this data, we would not be able to provide you the service. Your data will be used exclusively to improve the use of the website.

a. Legal basis for the data processing

The legal basis for the processing of your personal data relating to the provision of the website and the creation of log files is provided by Art. 6 Para. 1 Letter f EU GDPR.

b. Purpose of the data processing

The temporary storage of your personal data by us is necessary in order for the website to be delivered to your computer. For this purpose, your personal data has to be stored for the duration of the session.

Your personal data is stored in log files in order to ensure the functionality of the website. We also use your personal data to optimise the website and ensure the security of our IT systems. Your personal data is not analysed in this connection for marketing purposes.

In these purposes also lies our legitimate interest in data processing pursuant to Art. 6 Para. 1 Letter f EU GDPR.

c. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your personal data is collected for the provision of the website, this is the case as soon as the respective session has ended.

If your personal data is stored in log files, these will be deleted after seven days at the latest. The data may be stored for a longer period. In this case your personal data will be deleted or distorted so that it can no longer be assigned to the client viewing the website.

d. Opt out and deletion

The collection of your personal data for the provision of the website and the storage of your personal data in log files are essential for the operation of the website. As a consequence you cannot opt out.

5. Use of cookies

a. Legal basis for the data processing

The legal basis for the processing of your personal data relating to the use of the technically necessary cookies is provided by Art. 6 Para. 1 Letter f EU GDPR.

b. Purpose of the data processing

Technically necessary cookies are used to simplify use of our website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that your internet browser is recognised after a change of page. The user data collected by technically necessary cookies is not used to create user profiles.

In this purpose also lies our legitimate interest in the processing of your personal data pursuant to Art. 6 Para. 1 Letter f EU GDPR.

c. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected; this is in particular the case when the cookies are deactivated.

d. Opt out and deletion

Cookies are stored on your computer and transmitted by your computer to our website. You therefore also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, you may no longer have full use of all of the functions of this website.  

6. Contact form and contact by e-mail

a. Legal basis for the data processing

The legal basis for the processing of your personal data transmitted when you contact us via the contact form or by e-mail is provided by Art. 6 Para. 1 Letter f EU GDPR. If you contact us via the contact form or by e-mail for the purpose of concluding a contract, Art. 6 Para. 1 Letter b EU GDPR will also provide a legal basis for the processing of your personal data.

b. Purpose of the data processing

If you contact us via the contact form or by e-mail, your personal data will be processed solely for the purpose of processing the contact.

c. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via the contact form or by e-mail, this will be the case when the respective conversation with you has finished. The conversation will be finished when it can be deduced from the circumstances that the issue concerned has been settled finally between you and us.

d. Opt out and deletion

You can opt out from the processing of your personal data collected when you contact us via the contact form or via e-mail at any time with effect for the future. In such a case the conversation between you and us will not be continued. All personal data stored in the course of the contact will in this case be deleted.

7. Legal defence and enforcement

a. Legal basis for the data processing

The legal basis for the processing of your personal data relating to legal defence and enforcement is provided by Art. 6 Para. 1 Letter f EU GDPR.

b. Purpose of the data processing

The purpose of processing your personal data in the course of legal defence and enforcement is to defend against unwarranted claims and the legal enforcement of claims and rights. In this purpose lies our legitimate interest in data processing pursuant to Art. 6 Para. 1 Letter f EU GDPR.

c. Length of time your personal data is stored

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

d. Opt out and deletion

The processing of your personal data in the course of legal defence and enforcement is essential for the legal defence and enforcement. As a consequence you cannot opt out.

8. Recipient categories

In our company your personal data is received by those positions and departments which need it to fulfil the aforementioned  purposes. In addition, we use different service providers in some cases and transmit your personal data to other trusted recipients.
These may be:

  • Banks
  • IT service providers
  • Lawyers and courts 

9. Rights of the data subject

If your personal data is processed by us, you are the data subject within the meaning of EU GDPR and you may demand from us the following rights:

a. Right to information

You can demand to receive confirmation from us about whether personal data concerning yourself is processed by us.

If such processing takes place, you can demand from us the following information:

(1) the purposes for which the personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data has been disclosed or is yet to be disclosed;
(4) the planned length of time the personal data concerning yourself will be stored or, if it is not possible to provide precise information concerning this, criteria for determining the length of storage time;
(5) the existence of a right to correction or deletion of the personal data concerning yourself, a right to the restriction of processing by us or a right to object to this processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information about the origin of the data, if the personal data is not collected from you;
(8) the existence of automated decision-making including profiling according to Art. 22 Paras. 1 and 4 EU GDPR and – at least in these cases– meaningful information on the logic involved and the consequences and intended effect of such processing for you.

You have the right to demand information about whether the personal data concerning yourself is transferred to a third country or an international organisation. In this connection, you can demand to be informed of the appropriate safeguards relating to the transfer pursuant to Art. 46 EU GDPR.

b. Right to correction

You have the right to demand that we correct and/or complete data, if the processed personal data concerning yourself is incorrect or incomplete. We have to correct the data immediately.

c. Right to restrict the processing

In the following circumstances you can demand that we restrict the processing of the personal data concerning yourself:

(1) if the accuracy of the personal data concerning yourself is contested by you, for a period enabling us to verify the accuracy of the personal data;
(2) if the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of use of the personal data;
(3) if we no longer need the personal data for processing purposes, but you need this to enforce, exercise or defend legal rights, or
(4) if you have objected to the processing pursuant to Art. 21 Para. 1 EU GDPR and it is not yet clear our legitimate reasons override your own reasons.

If the processing of the personal data concerning yourself has been restricted, this data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing has been restricted in the above circumstances, you will be informed by us before the restriction is lifted.

d. Right to deletion

i. Obligation to delete

You can demand that we delete immediately the personal data concerning yourself, and we have to delete personal data immediately, if one of the following reasons applies:

(1) The personal data concerning yourself is no longer required for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent upon which the processing is based pursuant to Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a EU GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 Para. 1 EU GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Para. 2 EU GDPR.
(4) The personal data concerning yourself was processed unlawfully.
(5) The deletion of the personal data concerning yourself is required to meet a legal obligation under Union law or the law of the member states which we are subject to.
(6) The personal data was collected in relation to information society services pursuant to Art. 8 Para. 1 EU GDPR.

ii. Informing third parties

If we have published personal data concerning yourself and are accordingly required to delete it pursuant to Art. 17 Para. 1 EU GDPR, we will take appropriate measures, including of a technical nature, taking into account the available technology and implementation costs, to inform the persons responsible for the data processing that you as the data subject have asked them to delete all links to this personal data or copies or replications of this personal data.

iii. Exceptions

The right to deletion does not exist if the processing is necessary:

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 Para. 2 Letters h and i and Art. 9 Para. 3 EU GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Para. 1 EU GDPR in so far as the right referred to in Para. a is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

e. Right to be informed

If you have exercised the right to correction, deletion or restriction of processing against us, we have to inform all recipients of the personal data concerning yourself of this correction or deletion of the data or the restriction of processing, unless this proves to be impossible or involves unreasonable expense.

You have the right to demand that we inform you of these recipients.

f. Right to data portability

You have the right to receive the personal data concerning yourself that you have provided us in a structured, common and machine-readable format. You have the right to transfer this personal data that you have provided us to another controller without any hindrance from us, if

(1) the processing is based on consent pursuant to Art. 6 Para. 1 Letter a EU GDPR or Art. 9 Para. 2 Letter a EU GDPR or a contract pursuant to Art. 6 Para. 1 Letter b EU GDPR and
(2) the processing is performed with the help of automated processes.

In exercising this right, you also have the right to have the personal data concerning yourself transferred directly from us to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability will not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercising of official authority vested in us.

g. Right to object

You have the right to object at any time for reasons relating to your particular situation to the processing of personal data concerning yourself which is performed on the basis of Art. 6 Para. 1 Letters e or f EU GDPR; this also applies to profiling based on these provisions.

We will no longer process the personal data concerning yourself, unless we can provide proof of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the enforcement, exercising or defence of legal rights.

If personal data concerning yourself is processed for direct advertising purposes, you have the right to object at any time to the processing of personal data concerning yourself for the purpose of such advertising; this also applies to profiling, if it is related to such direct advertising.

If you object to processing for direct marketing purposes, the personal data concerning yourself will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right to object by automated means using technical specifications.

h. Right to withdraw the declaration of consent required under data protection law

You have the right to withdraw your declaration of consent required under data protection law at any time. The lawfulness of the processing that has taken place based on the consent up until the withdrawal will not be affected by the withdrawal.

i. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. This will not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and us,
(2) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 Para. 1 EU GDPR, unless Art. 9 Para. 2 Letter a or g EU GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests have been taken.

Regarding the cases stated in (1) and (3), we will take suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

j. Right to complain to a supervisory authority

Without prejudice to any other administrative or non-judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged breach, if you are of the view that the processing of the personal data concerning yourself is in breach of the EU GDPR.

The supervisory authority responsible for us is:

The State Data Protection and Freedom of Information Officer for Baden-Württemberg (Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg)
Königstrasse 10 a
70173 Stuttgart
poststelle[at]ldi.bwl.de
https://www.ldi.nrw.de
Phone: +49 (0) 711 615541-0
Fax: +49 (0) 711 615541-15

The supervisory authority with whom you have filed a complaint will inform you of the progress and results of the complaint including the possibility of judicial remedy pursuant to Art. 78 EU GDPR.

If you have any questions, please do not hesitate to contact our Data Protection Officer (See chapter 2)