Privacy Policy

Controller

The controller responsible for data processing on this website is:

aivalto GmbH
Hauptstraße 151
10827 Berlin

The controller decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

Withdrawal of your consent to data processing

Some data processing operations are only possible with your express consent. You may revoke your consent at any time. An informal notification by email is sufficient. The lawfulness of the data processing carried out before the revocation remains unaffected.

Right to lodge a complaint with the competent supervisory authority

As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a data protection violation. The competent supervisory authority for data protection questions is the data protection commissioner of the German federal state in which our company is based. A list of data protection commissioners and their contact details can be found at: bfdi.bund.de.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Right to information, rectification, blocking, erasure

You have the right at any time, within the framework of applicable legal provisions, to free information about your stored personal data, its origin, recipients and the purpose of data processing and, where applicable, a right to rectification, blocking or erasure of this data. You can contact us at any time via the contact options listed in the imprint regarding this and other questions on the subject of personal data.

SSL / TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address bar in your browser and the padlock symbol in the browser bar.

Server log files

The website provider automatically collects and stores information in server log files that your browser automatically transmits to us. These are:

• Page visited on our domain
• Date and time of the server request
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Data processing when contacting us

When you contact us by email, phone or via the booking tool (see next section), we process the personal data you provide solely for the purpose of handling your enquiry. No data is passed on to third parties. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Appointment booking with Microsoft Bookings

On our contact page we provide an external link to book an initial call via Microsoft Bookings ("Bookings with me"), a feature of Microsoft 365. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

The link opens the booking page in a new browser tab. Data is only transmitted to Microsoft once you actively click the link and choose a slot on the booking page. We deliberately do not embed the booking interface directly on our site — no data is transferred to Microsoft until you click.

During booking, Microsoft typically collects and processes the following personal data:

• Name
• Email address
• Optional message / notes
• Selected slot (date and time)
• Technical connection data (IP address, browser information, session cookies of the booking interface)

This data is made available to us to process your booking request and stored in our Microsoft 365 calendar. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures at your request).

We use Microsoft 365 in an EU-based tenant. As a globally active provider, Microsoft may process data within the EU/EEA as well as in third countries — in particular the United States. Such transfers take place on the basis of the EU Standard Contractual Clauses and Microsoft's self-certification under the EU-US Data Privacy Framework. We have a data processing agreement with Microsoft in the form of the Microsoft Data Protection Addendum (DPA) for Online Services.

Details on Microsoft's data processing can be found in the Microsoft Privacy Statement: privacy.microsoft.com/en-us/privacystatement.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us make our service more user-friendly, effective and secure.

Some cookies are "session cookies". Such cookies are automatically deleted at the end of your browser session. Other cookies remain on your device until you delete them yourself. These cookies help us to recognise you when you return to our website.

Using a modern web browser you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are automatically deleted when the program is closed. Disabling cookies may lead to limited functionality of our website.

Setting cookies that are necessary for carrying out electronic communication processes or for providing certain functions you have requested is based on Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services.

Consent to analytics cookies

Cookies and services that are not technically necessary — in particular the web analytics with Google Analytics described below — are only loaded with your express consent. You grant or refuse this consent via the cookie banner. You can change your selection at any time via the "Cookie settings" link in the footer. The legal basis is Art. 6 para. 1 lit. a GDPR.

Web analytics with Google Analytics

Our website uses — with your consent — features of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies that are stored on your device and enable analysis of your use of the website. Information generated by cookies about your use of our website is generally transmitted to a Google server and stored there.

Processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.

IP anonymisation

We use Google Analytics with IP anonymisation enabled. Your IP address is shortened by Google within member states of the EU or other contracting states of the Agreement on the European Economic Area before transmission.

Objection to data collection

You can revoke your consent at any time via "Cookie settings" in the footer; Google Analytics will then no longer be loaded. You can also use the browser plugin to disable Google Analytics, available at tools.google.com/dlpage/gaoptout.

Data processing agreement

We have concluded a data processing agreement with Google. Details on Google's handling of user data can be found in Google's privacy policy: support.google.com/analytics/answer/6004245.