Privacy Policy

Diese Seite ist auch auf Deutsch verfügbar.

1. Introduction

It is very important to us to handle our visitors' and customers' data confidentially and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.

In the following, we explain how we process your data on our website. We use the clearest and most transparent language possible so that you really understand what happens with your data.

2. General information

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently sitting in front of. Such data is processed when 'something happens to it'. For example, the IP address of the browser is transmitted to our provider and automatically stored there. This is a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable regulations/laws - GDPR, BDSG and TTDSG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TTDSG supplements the provisions from the GDPR as far as the use of cookies is concerned.

2.3 The person in charge

The person responsible for data processing on this website is the controller within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the responsible person under:

Machina Eco
Jan Pawellek
Liebigstrasse 12
76135 Karlsruhe
Germany
E-mail: info@machina.eco

2.4 How data is processed on this website

As mentioned before, there are data (e.g. IP address) that are collected automatically. This data is mainly required for the technical provision of the website. If we use personal data or collect other data, we will inform you about it or ask for your consent.

Other personal data you share with us consciously.

You will find more detailed information below.

2.5 Your Rights

The GDPR provides you with comprehensive rights. These are, for example, the free information about the origin, recipient and purpose of your stored personal data. You can also request the correction, blocking or deletion of this data or complain to the competent data protection supervisory authority. You can revoke your consent at any time.

You can find out in detail what these rights are and how to exercise them in the last section of this Privacy Policy.

2.6 Our view on data protection

Data protection is more than just a chore for us! Personal data is of great value and careful handling of this data should be a matter of course in our digitalized world. In addition, you as a website visitor should be able to decide for yourself what "happens" to your data, when and by whom. Therefore, we commit ourselves to comply with all legal requirements, collect only the data necessary for us and treat them confidentially.

2.7 Disclosure and deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this.

A transfer of data only takes place on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.

We delete your data when the purpose and the legal basis for processing cease to exist and the deletion is not contrary to any other legal obligations. An overview of this is also provided by Art. 17 GDPR.

For further information, please refer to this Privacy Policy and contact the responsible person if you have any specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the hoster's servers. This includes automatically collected and stored log files (see below for more details), as well as all other data provided by the website visitors.

External hosting is used for the purpose of secure, fast and reliable provision of our website and in this context serves the fulfillment of contracts with our potential and existing customers.

The legal basis for the processing is Art. 6 (1) lit. a, b and f GDPR, as well as Section 25 (1) TTDSG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user as defined by the TTDSG.

Our hoster only processes data that is necessary for the fulfillment of its service obligation and acts as our Data Processor, which means that it is subject to our instructions. We have concluded a corresponding Data Processing Agreement with our hoster.

We use the following hoster:

Infomaniak Network AG
https://www.infomaniak.com

2.9 Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following options in Art. 6 (1) Sentence 1:

a) The person concerned has given their Consent to the processing of personal data concerning them for one or more specific purposes;

b) the processing is necessary for the performance of a Contract of which the data subject is a contracting party, or for the implementation of pre-contractual measures required at the request of the data subject;

c) the processing is necessary for compliance with a legal obligation to which the person in charge is subject to;

d) the processing is necessary in order to protect the vital interests of the data subject or another natural person;

e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) the processing is necessary for the purposes of the legitimate interests of the responsible person(s) or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override this, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

3. What happens on our website

By visiting our website, we process personal data about you.

We use SSL or TLS encryption to protect this data in the best possible way against unauthorized access by third parties. You can recognize this encrypted connection by the https:// or lock symbol in the address bar of your browser.

Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.

3.1 Data collection when visiting the website

When you visit the website, information is automatically stored in so-called server log files. This is the following information:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is temporarily required in order to be able to display our website to you. In particular, this data serves the following purposes:

System security of the website
System stability of the website
Website troubleshooting
Connecting to the website
Website presentation

The data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular the interest in the functionality of the website and its security.

If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved.

Insofar as the server log files allow the identification of the person concerned, the data is stored for a maximum period of 14 days. An exception exists if a security-relevant event occurs. In this case, the server log files are stored until the elimination and final clarification of the security-relevant event.

Otherwise, no merging with other data takes place.

3.2 Cookies

3.2.1 General

This website uses so-called cookies. This is a data record, i.e. information, that is stored in the browser of your terminal device and is related to our website.

The setting of cookies enables in particular the storage of the current session (e.g. chat histories) of the visitor.

3.2.2 Cookies that are technically necessary

We use technically necessary cookies on this website to ensure that our website functions without errors and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f GDPR.

3.2.3 Cookies that are not technically necessary

In addition, we also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer website functions that are not technically necessary.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Cookies that are not technically necessary are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3 Data processing through user input

3.3.1 Own data collection

We offer the creation of an account on our website to save conversations with AI models.

We collect the following data for this purpose: Name, e-mail address.

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose ceases to apply and it is possible in accordance with the legal requirements.

a) E-mail

When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

b) Phone

If you contact us by telephone, the call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to process your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

3.4.1 Mailjet

We use Mailjet to provide our newsletter. This service is provided by Mailjet SAS, 4 rue Jules Lefebre, 75009 Paris - France. Mailjet is a product of Sinch Email, www.sinch.com.

Through this service, the sending of newsletters can be organized and analyzed. The data entered to receive the newsletter is stored on Mailjet's servers.

With the help of Mailjet, interactions with the newsletter can be analyzed. In addition, conversion rates can be determined and newsletter subscribers can be categorized in order to adapt the newsletter to different target groups.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time by unsubscribing from the newsletter. The legality of the processing that has already taken place remains unaffected by any revocation that may have taken place.

We also use other email services from Mailjet to fulfill our contractual services and for customer administration. The legal basis for this is Art. 6 para. 1 lit. b GDPR.

Mailjet assures to store the data only on servers in Germany and Belgium.

The data will be deleted at the end of the contract between us and Mailjet, unless the website visitor revokes his/her consent beforehand. If this is the case, the data will be deleted from the distribution list.

Further information on data processing by Mailjet and answers to frequently asked questions on the subject of security and data protection can be found here: https://www.mailjet.com/legal/privacy-policy/
and here: https://www.mailjet.com/legal/security-privacy/

3.5 Analysis and tracking tools

3.5.1 Plausible

https://plausible.io/

3.6 Payment services

3.6.1 Paylike

https://paylike.de/

4. Other important information

Finally, we would like to inform you in detail about your rights and how you will be informed about changes in data protection requirements.

4.1 Your rights in detail

You can request information about whether your personal data is being processed. If this is the case, you can request further information about the type and manner of processing. A detailed list can be found in Art. 15 (1) a) to h) GDPR.

This right includes the correction of inaccurate data and the completion of incomplete personal data.

This so-called 'right to be forgotten' gives you the right, under certain conditions, to demand the deletion of personal data by the controller. This is generally the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. You can find a detailed list of reasons in Art. 17 (1) lit. a to f GDPR. Furthermore, this "right to be forgotten" corresponds with the obligation of the controller under Art. 17 (2) GDPR to take appropriate measures to bring about a general erasure of the data.

This right is subject to the conditions set out in Art. 18(1)(a) to (d).

Here, the basic right to receive one's own data in a common form and to transfer it to another data controller is regulated. However, this only applies to data processed on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and to the extent that this is technically feasible.

In general, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

In general, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects vis-à-vis you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.

4.2.4 Other rights

The GDPR includes comprehensive rights to inform third parties whether or how they have asserted rights under Art. 16, 17, 18 GDPR. However, this is only possible insofar as this is also possible or feasible with a reasonable effort.

We would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

In addition, we would like to inform you about your rights according to §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

You also have the right to complain to a data protection supervisory authority if you consider that a processing of personal data concerning you infringes this regulation.

5. What if changes take place?

The current status of this Privacy Policy is 27.07.2024. As soon as we change this Privacy Policy, we will inform you on our website.