Privacy policy
AIxMedical Privacy Policy
Effective Date: 25 February 2025
The confidential and secure handling of personal data is of the utmost importance to us. We comply with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other European regulations. In this Privacy Policy, we aim to inform you comprehensively and transparently about the processing of your personal data.
Personal data means any information relating to you personally, for example, your name, address, email addresses, or user behavior. For further terms used below, such as “Controller” or “Processor,” please refer to the glossary of definitions in Article 4 of the GDPR.
1. Controller
The processing of personal data in connection with the use of the website operated at https://www.aixmedical.com/ or the use of our services is carried out by:
AIxMedical UG (haftungsbeschränkt)
Trevererstraße 8
D-52074 Aachen
Email: info@aixmedical.com
2. Processing of Personal Data
We process personal data only if you have given your consent or if such processing is permitted by law. The data protection legal principle of “prohibition with a reservation of permission” means that processing may only occur on the basis of consent or a statutory legal ground. The most important legal grounds relevant to us are set forth in Article 6(1) of the GDPR. These in particular cover the cases where:
- the data subject has given consent (cf. Art. 6(1)(a) in conjunction with Art. 7 GDPR),
- the processing of personal data is necessary for the fulfillment of our contractual obligations (cf. Art. 6(1)(b) GDPR),
- or the processing is based on our legitimate interests (e.g. responding to inquiries, analyzing and further developing our products, increasing economic efficiency) (cf. Art. 6(1)(f) GDPR).
3. Types of Data and Purposes of the Processing of Personal Data
a. Informational Use & Hosting of our Website
When you use our website solely for informational purposes—that is, if you do not register or transmit any information to us—we collect only the personal data that your browser automatically transmits to our servers.
When you access our website, we collect the following data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. This data is technically necessary to display our website to you and to ensure data security as well as the stability and security of our IT systems:
- IP address
- the domain name of the website from which you came
- the webpages you visited on our website
- the names of the files retrieved
- the date and time of each access
- the name of your Internet Service Provider
- and, where applicable, the operating system and browser version of your PC.
The processing of your IP address serves to protect against or trace hacking and cyber attacks. The processing of the other data is used for delivering the content of our website, ensuring the functionality of our IT systems, optimizing our website, and maintaining its proper operation. The data in the log files is always stored separately from other personal data of users. This processing is necessary to safeguard our legitimate interests and is justified by a balancing of interests in our favor.
We have a legitimate interest in ensuring that the website and the services offered therein function properly from a technical standpoint and are protected from attacks. Your legitimate interest that the aforementioned data not be used for these purposes does not outweigh our interest, since we use the data appropriately for the described processing purposes—and you also benefit from the website’s functionality.
We host this website with the provider Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin, Ireland. The data processing is carried out on the basis of our legitimate interests in securely and efficiently providing our online offering in accordance with Art. 6(1) sentence 1 lit. f GDPR.
Squarespace may, as part of the provision of its services, transfer personal data to the USA. Such data transfer is based on the “EU-US Data Privacy Framework” (DPF). Squarespace is certified under the DPF. For more information, please visit: Data Privacy Framework – Participant Overview.
Further information on Squarespace’s data processing can be found in its Privacy Policy at https://www.squarespace.com/privacy. In addition, Squarespace provides a Data Processing Agreement (DPA), available for review at https://www.squarespace.com/dpa.
b. Orders and Contact via Email or Contact Form
If you provide us with personal data via email, order form, or contact form, we use these data to fulfill the contract pursuant to Art. 6(1)(b) GDPR in order to meet our contractual obligations. This may include, in particular, names, addresses, and additional contact details, billing information, as well as any further information required for a particular training session or course, such as qualification details.
If no contractual relationship exists between you and us, our legitimate interests in processing your inquiry serve as the legal basis for processing under Art. 6(1)(f) GDPR.
Furthermore, you may voluntarily inform us of how you became aware of AIxMedical and provide remarks or additional contact details in the optional fields provided, which we may process for handling your inquiry and for follow-up purposes based on our legitimate interests pursuant to Art. 6(1)(f) GDPR.
4. Duration of Storage of Personal Data or Criteria for the Storage Period
Unless otherwise stated, we delete personal data once storage is no longer necessary for contract processing or execution, and no legitimate interests on our part or statutory retention obligations (e.g. § 147 of the Fiscal Code, § 257 of the Commercial Code) preclude deletion.
5. No Unauthorized Disclosure to Third Parties
We treat the personal data you provide with the utmost care. We transmit the data to third parties only if it is necessary for the execution and processing of concluded contractual relationships, if you have given your consent, or if the disclosure is otherwise permitted under applicable statutory provisions.
We employ various service providers as data processors (in the sense of Art. 28 GDPR) who, like us, are subject to the provisions of European data protection law.
6. Protection of Personal Data
We protect both our website and the data stored within our control against loss, destruction, unauthorized access, alterations, or publication by unauthorized persons through a combination of technical and organizational measures in accordance with the current state of the art.
The entry and transmission of personal data is encrypted using the SSL protocol (Secure Socket Layer).
a. What is SSL?
A website encrypted with SSL transmits personal data in an encrypted form to the server, making it impossible for third parties to intercept or read it. Our identity is verified by a certificate. Depending on your browser, you can recognize that a secure connection exists by the green address bar and/or the padlock. By clicking on the padlock or green address bar, you can view our online identity verification.
b. What does SSL do?
Because the transmission is encrypted, you can be assured that the data you enter can only be read by us. The green address bar indicates that you are connected to our server and not to a third-party website.
7. Use of Cookies
To make your visit to our website more attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some of the cookies we use are deleted at the end of the browser session—that is, when you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies).
When cookies are set, they collect and process certain user information—such as browser and location data as well as IP addresses—within the scope defined by the individual cookie. Should we use cookies from other companies or for analytical purposes, we will inform you about this within this Privacy Policy.
When you access our website, we request your consent via our own cookie banner, without the use of an external consent management tool. The management of cookies is carried out directly via our own domain, without third-party services. We have a legitimate interest in ensuring that our online offerings are technically flawless and that all desired functions are available to you. The storage of necessary and functional cookies on your device is therefore based on § 25(2) No. 2 of the Telecommunications-Digital Services Data Protection Act (TDDDG) as well as Art. 6(1) sentence 1 lit. f GDPR.
All other cookies are deployed on the basis of § 25(1) TDDDG and Art. 6(1) lit. a GDPR, provided you give us the corresponding consent. You may change your consent decision at any time or withdraw your consent. The cookie and consent banner can be accessed at any time via the footer of our website. The use and processing within the cookie banner are justified by Art. 6(1) sentence 1 lit. c GDPR, as we are subject to the legal obligation under § 25 TDDDG. With this tool, we as the Controller fulfill our statutory obligations under the TDDDG, the GDPR, and the case law of the Court of Justice of the European Union regarding cookies.
8. Use of Third-Party Providers
We use the following tools from third-party providers to analyze the behavior of our website visitors, to display advertising, or to offer other functions on the website.
For the use of these tools, your prior consent pursuant to Art. 6(1) sentence 1 lit. a GDPR or § 25(1) TDDDG is required. We obtain this consent via the cookie banner on the respective website. If you have consented to the use of one or more of the following services, various cookies from the third-party providers will be set. By clicking “Accept All” on our cookie banner, you also consent in accordance with Art. 49(1) sentence 1 lit. a GDPR that your data may be processed in the USA. The USA is considered by the European Court of Justice to be a country with a data protection level that is insufficient according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and surveillance purposes, possibly even without legal remedies.
Google Fonts
We use Google Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Fonts enables us to display fonts uniformly on our website. When you access our website, your browser downloads the required fonts from Google’s servers (fonts.gstatic.com) into your browser cache so that text is displayed correctly. In doing so, your IP address is transmitted to Google, as this is necessary for the provision of the fonts. According to Google, no cookies are stored, and the transmitted data is not combined with data from other Google services. The use of Google Fonts is based on our legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) in a technically secure and aesthetically appealing presentation of our website.
For further information on data protection at Google, please visit: https://policies.google.com/privacy.
We have integrated a link to our LinkedIn profile on our website. LinkedIn is a social network for professional contacts and is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The parent company is headquartered in the USA.
Please note that by clicking on the link and visiting our LinkedIn profile, data may be transmitted to LinkedIn. LinkedIn may collect information regarding the types of content that users view or interact with, as well as technical information about the devices used (e.g. IP address, operating system, browser type). If you are logged into LinkedIn, LinkedIn may associate your visit to our site with your LinkedIn profile.
We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of data from visitors used to generate “Page Insights” (statistics) for our LinkedIn profiles. This data includes information on the types of content viewed or interacted with, as well as actions taken by users. Additionally, details about the devices used (e.g. IP addresses, operating system, browser type, language settings, and cookie data) and information from user profiles (such as job function, country, industry, hierarchy level, company size, and employment status) are collected.
The processing of your personal data is based on our legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) in presenting our company in a modern and professional manner and in effective communication with users and interested parties.
For further information on LinkedIn’s data processing practices, please refer to LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
You may object to personalized advertising by LinkedIn here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
On our website, we provide a link to our Instagram profile. Instagram is a social network for sharing photos and videos and is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Please note that by clicking on the link and visiting our Instagram profile, data may be transmitted to Meta. If you are logged into Instagram, Meta may associate your visit to our site with your Instagram profile. Meta stores and processes user data for analytical and advertising purposes, particularly for the personalization of content and advertising both on and off the platform.
The processing of your personal data is based on our legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) in maintaining a modern and interactive online presence and direct communication with our users.
For further information on Meta’s processing of user data, please refer to Instagram’s Privacy Policy: https://privacycenter.instagram.com/policy/.
The legal basis for the data transfer to the USA is the EU-US Data Privacy Framework (DPF).
9. Rights of the Data Subjects
You have the following rights regarding your personal data processed by us:
- The right of access pursuant to Art. 15 GDPR,
- The right to rectification or erasure pursuant to Art. 16 GDPR respectively Art. 17 GDPR,
- The right to restriction of processing pursuant to Art. 18 GDPR,
- The right to data portability pursuant to Art. 20 GDPR,
- The right to object to processing pursuant to Art. 21 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. The competent authority is:
Data Protection Officer for North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf
Email: poststelle@ldi.nrw.de
10. Objection or Withdrawal of Consent to Processing
If you have given consent for the processing of your data, you may withdraw such consent at any time. Such withdrawal will affect the lawfulness of the processing of your personal data after you have communicated it to us.
TO THE EXTENT THAT WE BASE THE PROCESSING OF YOUR PERSONAL DATA ON OUR BALANCING OF INTERESTS PURSUANT TO ART. 6(1)(f) GDPR, YOU MAY OBJECT TO THE PROCESSING. IF YOU EXERCISE SUCH AN OBJECTION, PLEASE PROVIDE US WITH THE REASONS WHY WE SHOULD NOT PROCESS YOUR PERSONAL DATA AS WE CURRENTLY DO. IN THE EVENT OF A REASONED OBJECTION, WE WILL EXAMINE THE SITUATION AND EITHER CEASE OR ADJUST THE DATA PROCESSING, OR PROVIDE YOU WITH OUR COMPELLING PROTECTIVE REASONS UPON WHICH WE CONTINUE THE PROCESSING.
YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF ADVERTISING AND DATA ANALYSIS. YOU CAN INFORM US OF YOUR OBJECTION USING THE CONTACT DETAILS PROVIDED IN SECTION 2.
11. Questions and Comments; Amendments to the Privacy Policy
If you have any questions or comments regarding data protection, please contact our Data Protection Officer using the keyword “Data Protection.” The ongoing development of the Internet also impacts our data protection strategy. Therefore, we reserve the right to adjust this Privacy Policy from time to time in line with the underlying processes. We will inform you of any changes to this Privacy Policy via our website.