1. General Information

Aethris GmbH takes the protection of personal data seriously. This Privacy Notice explains how we process personal data when you visit our website, contact us, or otherwise interact with us through this website.

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, names, email addresses, IP addresses, communication content, and technical information generated when visiting a website.

This Privacy Notice is intended to provide transparent information in accordance with the General Data Protection Regulation of the European Union (“GDPR”), in particular Articles 12, 13, 15 to 22 and 77 GDPR. The GDPR requires controllers to provide data subjects with concise, transparent, intelligible and easily accessible information about the processing of their personal data.

2. Controller

The controller responsible for the processing of personal data on this website is:

Aethris GmbH
Mozartstr. 18
41061 Mönchengladbach
Germany

Represented by:
Managing Director Konrad Gritschneder

Email: office@aethris.eu

Commercial Register: Amtsgericht Mönchengladbach
Commercial Register Number: HRB 23997

3. Contact Regarding Data Protection

For all questions regarding data protection and the exercise of your rights, you may contact us at:

Email: office@aethris.eu

Unless Aethris GmbH is legally required to appoint a data protection officer, no data protection officer has been appointed. Should such an obligation arise in the future, this Privacy Notice will be updated accordingly.

4. General Principles of Processing

We process personal data only where there is a lawful basis for doing so. Depending on the circumstances, processing may be based on one or more of the following legal bases:

• Article 6(1)(a) GDPR — consent
• Article 6(1)(b) GDPR — performance of a contract or pre-contractual measures
• Article 6(1)(c) GDPR — compliance with a legal obligation
• Article 6(1)(f) GDPR — legitimate interests pursued by us or by a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject.

Where processing is based on legitimate interests, our interests generally consist in the secure, stable and efficient operation of this website, the communication with interested parties and business partners, the protection of our legal position, and the presentation of Aethris GmbH as a corporate entity.

5. Visiting This Website

When you access this website, certain technical data is automatically processed by the server on which the website is hosted. This is necessary in order to deliver the website to your device, ensure technical stability, and maintain security.

The data processed may include:

• IP address
• date and time of access
• requested page or file
• amount of data transferred
• referrer URL
• browser type and version
• operating system
• device information
• access status or HTTP status code.

This information is generally stored in server log files.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in ensuring the functionality, security and integrity of the website, including the detection and prevention of misuse, attacks or technical errors.

Server log files are stored only for as long as necessary for the above purposes and are then deleted or anonymised, unless longer retention is required for security investigations, legal claims, or compliance with legal obligations.

This website is hosted by IONOS SE, Elgendorfer Str. 57 56410 Montabaur, Germany. The hosting provider processes personal data on our behalf for the purpose of providing, securing and maintaining this website. We have concluded a data processing agreement with the provider in accordance with Article 28 GDPR, where required.

6. Contact by Email

If you contact us by email, we process the personal data you provide in that communication. This may include your name, email address, company, position, telephone number, message content, metadata of the communication, and any other information you voluntarily provide.

We process this data in order to respond to your enquiry, communicate with you, and, where applicable, initiate, conduct or manage a business relationship.

The legal basis is Article 6(1)(b) GDPR where the communication relates to contractual or pre-contractual matters. In all other cases, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in responding to enquiries and maintaining professional communication. Where legal retention obligations apply, processing may also be based on Article 6(1)(c) GDPR.

We retain email communications for as long as necessary for the relevant purpose. Business correspondence may be retained for statutory retention periods under applicable commercial and tax law.

7. Cookies and Similar Technologies

This website may use cookies or similar technologies where technically necessary for the operation, security or display of the website.

Cookies are small text files stored on your device. Some cookies are necessary to provide essential website functions. Others, such as analytics, marketing or tracking cookies, generally require consent.

Under German law, the storage of information on a user’s device or access to information already stored on that device is governed by Section 25 of the Telecommunications Digital Services Data Protection Act — TDDDG. The former German TTDSG was renamed TDDDG in connection with the alignment of German terminology with the European digital-services framework; the core cookie rules remain relevant for website operators.

Where cookies are strictly necessary for the technical operation of this website, the legal basis for the access to or storage of information on your device is Section 25(2) TDDDG. Any subsequent processing of personal data is based on Article 6(1)(f) GDPR.

Where non-essential cookies or similar technologies are used, they are used only with your consent pursuant to Section 25(1) TDDDG and Article 6(1)(a) GDPR.

At present, this website is intended to use only technically necessary cookies, if any. No analytics, advertising or profiling cookies are intended to be used unless expressly stated in this Privacy Notice and, where required, implemented through a consent mechanism.

8. No Analytics or Tracking

We do not currently use web analytics services such as Google Analytics, Matomo, Facebook Pixel, LinkedIn Insight Tag, or comparable tracking technologies.

We do not create user profiles, do not track visitors across websites, and do not use this website for behavioural advertising.

Should we introduce analytics or tracking tools in the future, this Privacy Notice will be updated before such tools are used, and consent will be obtained where legally required.

9. No Newsletter

This website does not currently offer a newsletter subscription. If a newsletter is introduced in the future, the relevant processing operations, legal bases, consent procedure, withdrawal options and retention periods will be described separately.

10. No Automated Decision-Making

We do not use personal data collected through this website for automated decision-making within the meaning of Article 22 GDPR.

We also do not use personal data collected through this website for profiling.

11. Recipients of Personal Data

Personal data may be disclosed to service providers where this is necessary for the operation of the website or the handling of communications. Such recipients may include:

• hosting providers
• IT service providers
• email and communication service providers
• legal, tax or professional advisers, where necessary
• public authorities, where legally required.

Where service providers process personal data on our behalf, we enter into data processing agreements in accordance with Article 28 GDPR, where required.

We do not sell personal data.

12. Transfers to Third Countries

We do not intend to transfer personal data collected through this website to countries outside the European Union or the European Economic Area.

If such transfers become necessary in the future, they will take place only in accordance with the requirements of Chapter V GDPR. This may include an adequacy decision by the European Commission, standard contractual clauses, or another legally recognised transfer mechanism. The European Commission recognises adequacy decisions and standard contractual clauses as mechanisms relevant to international data transfers under EU data protection law.

13. Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected, unless statutory retention obligations or legal claims require longer storage.

In particular:

• Server log files are generally retained only for a limited period necessary for security and technical operation.
• Email enquiries are retained for as long as necessary to process and respond to the enquiry.
• Business correspondence may be retained for statutory commercial or tax retention periods.
• Data required for legal claims may be retained for the duration of applicable limitation periods.

Once the relevant purpose ceases to apply and no legal retention obligation exists, the data will be deleted or anonymised.

14. Data Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access.

These measures include, where appropriate:

• secure transmission of website data via HTTPS/TLS
• restricted access to personal data
• secure hosting and server administration
• regular technical maintenance

appropriate organisational procedures for handling enquiries and business correspondence.

No method of transmission over the internet is entirely secure. However, we endeavour to maintain a level of security appropriate to the risks involved.

15. Your Rights

As a data subject, you have the following rights under the GDPR, subject to the statutory requirements:

• the right of access under Article 15 GDPR
• the right to rectification under Article 16 GDPR
• the right to erasure under Article 17 GDPR
• the right to restriction of processing under Article 18 GDPR
• the right to data portability under Article 20 GDPR
• the right to object under Article 21 GDPR
• the right to withdraw consent at any time under Article 7(3) GDPR, where processing is based on consent
• the right not to be subject to automated decision-making in the cases covered by Article 22 GDPR.

To exercise your rights, you may contact us using the contact details provided above.

16. Right to Object

Where we process personal data on the basis of Article 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.

17. Withdrawal of Consent

Where processing is based on consent, you may withdraw your consent at any time with effect for the future.

The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

18. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection law.

You may contact the supervisory authority responsible for your place of residence, your place of work, the place of the alleged infringement, or the supervisory authority responsible for us.

For Aethris GmbH in North Rhine-Westphalia, the competent supervisory authority is generally:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany

Website: https://www.ldi.nrw.de/

19. Obligation to Provide Personal Data

When visiting this website, the processing of certain technical data is necessary for technical reasons. Without this data, the website cannot be displayed properly.

When contacting us by email, you are not legally required to provide personal data. However, without the information necessary to understand and respond to your enquiry, we may be unable to process it.

20. Changes to This Privacy Notice

We may amend this Privacy Notice from time to time, particularly if our website, technical infrastructure, services, or legal obligations change.

The version available on this website at the time of your visit applies.