Privacy Policy

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

2. Data Protection Officer

For data protection inquiries, please contact us directly:

3. General Information on Data Processing

3.1 Scope of Personal Data Processing

We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only after user consent. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of data is permitted by law.

3.2 Legal Basis for Personal Data Processing

When we obtain consent from the data subject for personal data processing operations, Art. 6(1)(a) GDPR serves as the legal basis for processing personal data.

For processing personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.

When processing personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

When processing is necessary for the purposes of legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis for processing.

3.3 Data Deletion and Retention Period

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject.

We apply the following specific retention periods:

• Server log files: 7 days
• Contact form data: 6 months after inquiry completion
• Automation questionnaire: 12 months
• Calendly booking data: 24 months
• Google Analytics data: 14 months
• Business correspondence: 6 years (commercial retention obligation)
• Accounting-relevant data: 10 years (tax retention obligation)

Deletion occurs automatically through the respective services and systems after the stated periods expire, unless a legal retention obligation prevents deletion. Cookie data is automatically removed through browser settings.

3.4 Data Processing Agreements

We maintain current data processing agreements in accordance with Art. 28 GDPR with all third-party providers who process personal data on our behalf. A list of our data processors can be found in Section 14 of this privacy policy.

4. Website Provision and Log File Creation

4.1 Description and Scope of Data Processing

Each time you visit our website, our system automatically collects data and information from the calling computer system. The following data is collected:

• Browser type and version information
• User's operating system
• User's internet service provider
• User's IP address (anonymized)
• Date and time of access
• Websites from which the user's system reached our website
• Websites accessed by the user's system through our website

4.2 Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

4.3 Purpose of Data Processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files is done to ensure website functionality. The data also serves to optimize the website and ensure the security of our information technology systems.

4.4 Storage Duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for website provision, this occurs when the respective session ends. In the case of data storage in log files, this occurs after a maximum of 7 days.

5. Contact Forms and Email Contact

5.1 Description and Scope of Data Processing

On our website, we provide various contact forms that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input form is transmitted to us and stored. This data includes:

• First and last name
• Email address
• Company/Organization
• Phone number (optional)
• Message content
• Time of submission

Alternatively, contact is possible via the provided email address. In this case, the personal data transmitted with the email is stored.

5.2 Legal Basis for Data Processing

The legal basis for processing the data is Art. 6(1)(a) GDPR when user consent is present. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

5.3 Purpose of Data Processing

Processing of personal data from the input form serves solely to handle the contact. In the case of contact via email, this also constitutes the required legitimate interest in processing the data. Other personal data processed during the sending process serves to prevent misuse of the contact form and ensure the security of our information technology systems.

5.4 Storage Duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form input mask and those sent via email, this occurs when the respective conversation with the user ends. The conversation ends when circumstances indicate that the matter has been conclusively resolved. Additional personal data collected during the sending process is deleted after a maximum of 7 days.

5.5 Consent

By submitting the contact form, you consent to the processing of your data for handling your inquiry. You can withdraw this consent at any time. The withdrawal does not affect the lawfulness of processing carried out until then.

6. Automation Questionnaire

6.1 Description and Scope of Data Processing

To analyze your automation potential, we offer a structured questionnaire. The following data is collected and processed:

• Company information (name, industry, size)
• Contact details (name, email, phone, position)
• Information about current business processes
• Description of recurring tasks
• Technical infrastructure information
• Automation objectives
• Budget and timeframe specifications

6.2 Legal Basis for Data Processing

Processing is based on your consent according to Art. 6(1)(a) GDPR and for carrying out pre-contractual measures according to Art. 6(1)(b) GDPR.

6.3 Purpose of Data Processing

The data serves to analyze your specific automation potential, create individual solution concepts, and prepare consultation meetings. No data is shared with third parties.

6.4 Storage Duration

Data is stored for the duration of the business relationship. After project completion or if no contract is concluded, data is deleted after 12 months, unless legal retention periods apply.

7. AI Automation Services

7.1 Description of Data Processing

As part of our AI automation services, we process customer data exclusively within the framework of data processing according to Art. 28 GDPR. Special features of our service:

• All AI models are operated exclusively on your own infrastructure
• No transfer of customer data to external cloud providers
• Complete data sovereignty with the customer
• GDPR-compliant implementation by design

7.2 Legal Basis for Data Processing

Processing is carried out to fulfill our contractual obligations according to Art. 6(1)(b) GDPR and in accordance with the provisions for data processing according to Art. 28 GDPR.

7.3 Technical and Organizational Measures

We have implemented comprehensive technical and organizational measures:

• End-to-end encryption of all data transmissions
• Secure authentication and access control
• Regular security audits and penetration tests
• Data protection impact assessment for all AI implementations
• Local data processing without external dependencies

8. Cookies and Similar Technologies

8.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in or by the internet browser on the user's computer system. We use the following categories of cookies:

• Technically necessary cookies: These cookies are required for the basic functionality of the website
• Functional cookies: These cookies store your settings (e.g., language selection)
• Analytics cookies: These cookies help us improve the website (only with your consent)

8.2 Legal Basis for Data Processing

Technically necessary cookies are set based on our legitimate interest according to Art. 6(1)(f) GDPR. All other cookies are only set with your express consent according to Art. 6(1)(a) GDPR.

8.3 Cookie Management

You can manage your cookie settings at any time via our cookie banner or in your browser's privacy settings. Details can be found in our separate cookie policy.

8.4 Consent Documentation

We document all cookie consents with timestamps and maintain these records for accountability purposes according to Art. 5(2) GDPR. Consent data is stored locally in your browser and used for verification when needed.

9. Data Subject Rights

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

9.1 Right of Access (Art. 15 GDPR)

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. Where such processing exists, you may request information from the controller about: processing purposes, categories of processed data, recipients of the data, planned storage duration, and other information according to Art. 15 GDPR.

9.2 Right to Rectification (Art. 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller, provided that the processed personal data concerning you is inaccurate or incomplete.

9.3 Right to Erasure (Art. 17 GDPR)

You may request that the controller delete personal data concerning you without undue delay, provided that one of the legal reasons applies and the processing is not necessary. We guarantee processing of your deletion request within 30 days.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

Under the legal requirements, you may request restriction of processing of personal data concerning you.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format or to request transmission to another controller.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR.

9.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9.8 Automated Individual Decision-Making Including Profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into or performance of a contract between you and the controller.

We do not use automated decision-making on our website. Our AI automation solutions operate exclusively on your own infrastructure and are under your own control.

9.9 Exercising Your Rights

To exercise your rights, please contact us at contact@ailoopwise.com. We respond to your requests within 30 days. To simplify the process, we are currently developing a self-service portal for exercising your data subject rights.

9.10 Right to Lodge a Complaint (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

10. Data Security and Encryption

We implement technical and organizational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in accordance with technological developments.

• SSL/TLS encryption for all data transmissions
• Secure server infrastructure in Germany
• Regular security updates and audits
• Access control and authentication
• Data backup and disaster recovery

11. International Data Transfers

Generally, processing of your personal data takes place within the European Union. However, when using certain services, data transfers to third countries may occur:

11.1 Data Transfers to the USA

The following service providers may process data in the USA:

• Vercel Inc. (Hosting Provider) - Data processing based on EU Standard Contractual Clauses and EU-US Data Privacy Framework
• Calendly LLC (Appointment Booking System) - Data processing based on EU Standard Contractual Clauses (2021) and UK Addendum
• Google LLC (Analytics) - Data processing based on EU Standard Contractual Clauses with IP anonymization enabled

All mentioned providers have committed to GDPR compliance and offer appropriate guarantees for the protection of your data.

11.2 Your Rights Regarding International Data Transfers

You have the right to obtain information about the appropriate safeguards in connection with the transfer. Contact us at contact@ailoopwise.com for further details.

With our AI automation services, all data remains exclusively on your own infrastructure, thereby avoiding international data transfers.

12. Third-Party Providers and Data Processors

We work with the following third-party providers who process personal data on our behalf:

13. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your return visit.

14. Contact for Data Protection Matters

For questions about data protection, exercising your rights, or this privacy policy, please contact: