Aion Sustainability Solutions GmbH, Hönowerstraße 35, c/o InnoTechHub - HTW-Berlin, Postbox 2, 10318 Berlin, Germany Operator of the website www.aion.earth attaches great importance to the protection of the personal data of the users of the website. In the following, we would therefore like to inform you in detail about what data we collect from you when you visit our website and use our offers there, how this data is processed or used by us in the following and what rights you are entitled to in this respect.
Your personal data will only be processed by us on the basis of the statutory data protection law, i.e. the EU Data Protection Basic Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and the German Telemedia Act (TMG).
The scope of the data collected and processed by us differs according to whether you only visit our website to call up information or also make use of services offered by us via our website.
Our data protection declaration uses the terms of the EU Data Protection Basic Regulation (GDPR), which we would like to explain briefly for your convenience. You will find these and other definitions in Art. 4 GDPR.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the 4.5.2016 EN Official Journal of the European Union L 119/33 framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
We process the following categories of personal data:
If, in the course of our processing, we disclose data to other persons and companies such as web hosters, contract processors or third parties, transfer it to them or otherwise grant them access to the data, this is done on the basis of a legal authorization (e.g. if transfer of the data to third parties is required in accordance with Art. 6 para. 1 lit. b GDPR for the fulfilment of a contract), if the persons concerned have consented or a legal obligation provides for this.
The criterion for the duration of the storage of personal data is the respective legal retention period. After expiry of the period, the corresponding data will be deleted if they are no longer required for achieving the purpose, fulfilling the contract or initiating a contract.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or if we disclose or transfer data to third parties, this only takes place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special conditions of Art. 44 ff. GDPR, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection equivalent to that in the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Every time a data subject accesses our website, general data and information are stored in the log files of our system: >
When using this general data and information, we do not draw any conclusions about the data subject. There is no personal evaluation or an evaluation of the data for marketing purposes or a profile formation. The IP address is not saved in this context.
The legal basis for the temporary storage of data is Art. 6 Para. 1 lit. f GDPR. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the secure operation of our website. There is therefore no possibility for the person concerned to object.
We collect protocol data that is generated during the operation of our company's communication technology and evaluate it automatically, insofar as this is necessary to detect, limit or eliminate faults or errors in the communication technology or to defend against attacks on our information technology or to detect and defend against malware.
The legal basis for the temporary storage and evaluation of data is Art. 6 para. 1 lit. f GDPR. The storage and evaluation of the data is absolutely necessary for the provision of the website and for its secure operation. There is therefore no possibility for the person concerned to object.
The legal basis for the processing of personal data using Cookies is Art. 6 para. 1 lit. f GDPR.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating our website.
For this purpose, we or our contract processor process inventory data, contact data, content data, contract data, usage data, meta and communication data of users of our website on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for contract processing).
We do not use social media plugins on our website, but so-called social bookmarks (these are integrated as links to the corresponding services. If the user clicks on the embedded graphic, the user is forwarded to the page of the respective provider). We would like to point out that we, as the provider of our website, have no knowledge of the data transmitted to and used by the respective social media channel.
The legal basis for the processing of personal data in the context of contact requests transmitted to us is Art. 6 para. 1 lit. b or lit. f GDPR.
HubSpot is a software company from the USA. In order to legalize the transfer of data to the USA, HubSpot Inc. relies on EU standard contractual clauses: https://legal.hubspot.com/dpa
Our website uses "Mixpanel", a service of Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA. Mixpanel stores and processes information about your user behavior on our website. The use of Mixpanel serves analysis and optimization purposes, in particular to analyze the use of our website and to be able to further improve our offers and functionalities as well as the user experience. This is based on our legitimate interest in the processing of the aforementioned data by Mixpanel pursuant to Art. 6 (1) sentence 1 lit. f) GDPR.
In the process, information is collected and sent to Mixpanel that provides us with information about your usage behavior. We do not send personally identifiable information (PII) without your explicit consent. For this purpose, you will be asked for your consent when you visit our website. To store your information (consent or refusal), we set a so-called cookie, which is stored locally in the cache of your web browser on your terminal device. If you have already agreed to an extended analysis, you can revoke this at any time in the cookie settings on our site.
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent."
For more information on Mixpanel's data protection, please visit: https://mixpanel.com/privacy/.
Contacting our firm by e-mail is possible via the e-mail addresses published on our website.
If you use this contact method, the data you provide (e.g. surname, first name, address), but at least the e-mail address, as well as the information contained in the e-mail together with any personal data you may have provided will be stored for the purpose of contacting you and processing your request. In addition, the following data is collected by our system:
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.
If you use one of the contact forms provided on our website for communication purposes, it is neces-sary to enter your e-mail address and a message / description of services. Without these data, your request transmitted via the contact form cannot be processed. Entering your address first- and last-name as well as the name of your company and url of your website is optional and enables us to pro-cess your request by post if you so wishmore effectively.
In addition, the following data is collected by our system:
The legal basis for the processing of personal data in the context of e-mails sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.
We use the CRM system "HubSpot" from the provider HubSpot, Inc. HubSpot Headquarters (Cambridge, MA) 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA) on the basis of our legitimate interests (efficient and fast processing of user enquiries). For this purpose, we have concluded an order processing agreement with HubSpot with so-called standard contractual clauses, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.
If you send us a letter, the data transmitted by you (e.g. surname, first name, address) and the information contained in the letter together with any personal data transmitted by you will be stored for the purpose of contacting you and processing your request.
The legal basis for the processing of personal data in the context of letters sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.
As a data subject, you have the following rights in connection with the processing of your personal data:
1. Right of access to information
(1) The data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him/her are being processed; if this is the case, he/she shall have the right to be informed of such personal data and to receive the following information:
(2) Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
2. Right to rectification
The data subject has the right to ask the data controller to rectify incorrect personal data concerning him/her without delay. Having regard to the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
3. Right of deletion
(1) The data subject has the right to request the controller to delete personal data relating to him/her without delay and the controller is obliged to delete personal data without delay if one of the following reasons applies:
(2) Where the controller has made personal data public and is obliged to delete them pursuant to paragraph 1, he shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform controllers who process personal data that a data subject has requested them to delete all links to such personal data or to delete copies or replications of such personal data.
(3) Paragraphs 1 and 2 shall not apply insofar as the processing is necessary
4. Right to restrict processing
(1) The data subject has the right to ask the person responsible to restrict processing if one of the following conditions is met:
(2) Where processing has been restricted in accordance with paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
5. Right to data transferability
(1) The data subject shall have the right to obtain the personal data concerning him which he has supplied to a controller in a structured, standard and machine-readable format and the right to have such data communicated to another controller without interference by the controller to whom the personal data has been supplied, provided that
(2) In exercising his or her right to transfer data in accordance with paragraph 1, the data subject shall have the right to obtain that personal data be transferred directly from one controller to another controller, in so far as this is technically feasible.
The right referred to in paragraph 1 must not prejudice the rights and freedoms of other persons.
This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. Right of objection
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR, including profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.
In the context of the use of Information Society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his right of objection by means of automated procedures involving technical specifications.
7. Right of withdrawal
The data subject has the right to revoke his/her declaration of consent under data protection law at any time. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the point of revocation.
8. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she is resident, at his/her place of work or at the place where the alleged infringement occurred, if he/she considers that the processing of personal data relating to him/her is being carried out in breach of this Regulation.
We reserve the right to change these data protection provisions at any time with effect for the future. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.
Status: July 2023
The project Aiōn is funded by the Federal Ministry for Economic Affairs and Climate Action and the European Social Fund as part of the EXIST program.