Updated on Jan 01, 2025
With this privacy notice, we inform you about how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the California Consumer Privacy Act (CCPA) (read more). The entity responsible for data processing is Smart Influence GmbH (AUMALO) (hereinafter referred to as "we," "us," or "AUMALO").
If you have any questions or suggestions regarding this information or wish to assert your rights, please contact:
The term "personal data" in data protection law refers to all information relating to an identified or identifiable person. We process personal data in compliance with applicable data protection regulations, particularly the GDPR and the BDSG. We process personal data only on the basis of a legal authorization. We process personal data only with your consent (§ 15 Abs. 3 TMG or Art. 6 Abs. 1 lit. a GDPR), to fulfill a contract to which you are a party, or to take steps at your request prior to entering into a contract (Art. 6 Abs. 1 lit. b GDPR), to comply with a legal obligation (Art. 6 Abs. 1 lit. c GDPR), or when processing is necessary to protect our legitimate interests or those of a third party, provided your interests or fundamental rights and freedoms requiring the protection of personal data do not override them (Art. 6 Abs. 1 lit. f GDPR).
Unless otherwise stated in the following information, we store the data only as long as necessary to achieve the processing purpose or fulfill our contractual or legal obligations or as long as retention is required by legal limitation periods. Legal retention obligations may arise, in particular, from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data included in our accounting data for ten years and personal data included in business letters and contracts for six years. Otherwise, we will retain data related to consent that requires proof, as well as claims and complaints, for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to the processing for this purpose.
We use processors to process your data. Such processing operations include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and invoicing, marketing measures, or destruction of files and data carriers. A processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. Additionally, we may transfer your personal data to entities such as postal and delivery services, banks, tax advisors/auditors, or the tax authorities. Further recipients may arise from the following information.
Visiting websites may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. If such an adequacy decision by the European Commission is not available, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met. Unless otherwise stated below, we use the EU Standard Contractual Clauses for the transfer of personal data to processors in third countries as appropriate safeguards: EU Standard Contractual Clauses
When you exercise your rights under Articles 15 to 22 GDPR, we process the personal data you submit for the purpose of implementing these rights and to be able to provide proof thereof. Data stored for the purpose of providing information and its preparation will be processed solely for this purpose and for purposes of data protection control and will otherwise be restricted in processing in accordance with Art. 18 GDPR. These processing activities are based on the legal basis of Art. 6 Abs. 1 lit. c GDPR in conjunction with Articles 15 to 22 GDPR and § 34 Abs. 2 BDSG.
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 Abs. 1 lit. e or f GDPR, in accordance with Art. 21 Abs. 1 GDPR. If personal data concerning you is processed for direct marketing purposes, you have the right to object to such processing at any time in accordance with Art. 21 Abs. 2 and Abs. 3 GDPR.
To exercise your access, portability, deletion, or opt-out rights, please submit a verifiable consumer request to us by either:
You, or a person registered with the California Secretary of State that you authorize to act on your behalf, are the only ones who can make a verifiable consumer request regarding your personal information. You can also make a request on behalf of your minor child. You are only allowed to make these requests twice within a 12-month period and they must include sufficient information to verify your identity and describe the request in enough detail for us to understand it. We may not be able to respond to your request if we cannot confirm your identity or authority to make the request.
We will respond to your verifiable consumer request within 45 days, but if we need more time (up to 90 days), we will inform you in writing. Our response will be sent to your account if you have one with us, otherwise it will be delivered by mail or electronically as you prefer. Our response will only include information from the 12 months before your request was received. If we can't comply with your request, we will explain why. For data portability requests, we will provide the information in a format that is easily useable and can be easily transferred to another entity.
We don't charge a fee for processing or responding to your request, unless it is excessive, repetitive, or unfounded. If we do need to charge a fee, we will inform you and give you a cost estimate before completing your request.
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you goods or services, charge you different prices or rates, provide a different level or quality of goods or services, or suggest that you may receive different prices or services because you exercised your rights.
We reserve the right to change this privacy notice at any time. If we make changes, we will notify you by email or through a notice on our website homepage. If you have any questions or comments about this notice, our Privacy Statement, or would like to exercise your rights under California law, please contact us at the information provided.
When using the website, we collect information that you provide yourself. Additionally, certain information about your use of the website is automatically collected during your visit. According to data protection law, the IP address is generally also considered personal data. An IP address is assigned to every device connected to the internet by the internet provider to enable it to send and receive data.
When you use our website for informational purposes only, general information transmitted by your browser to our server is automatically stored. This includes standard information: browser type/version, operating system used, the page accessed, the previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 Abs. 1 lit. f GDPR. This processing serves the technical management and security of the website. The stored data will be deleted after fourteen days unless there is a justified suspicion of unlawful use based on concrete evidence requiring further examination and processing of the information. We are not able to identify you as a data subject based on the stored information. Therefore, the rights laid out in Articles 15 to 22 GDPR do not apply in accordance with Art. 11 Abs. 2 GDPR unless you provide additional information that allows for your identification in order to exercise your rights.
We use cookies and similar technologies ("cookies") on our website. Cookies are small text files stored by your browser when you visit a website. This allows the browser used to be identified and recognized by web servers. You have full control over the use of cookies through your browser settings. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies in general or for specific cases through your browser settings. Further information is provided by the Federal Office for Information Security: Federal Office for Information Security The use of cookies is partly necessary for the technical operation of our website and therefore allowed without user consent. Additionally, we may use cookies to provide special functions and content, as well as for analysis and marketing purposes. This may include cookies from third-party providers (so-called third-party cookies). Such technically unnecessary cookies are used only with your consent in accordance with § 15 Abs. 3 TMG or Art. 6 Abs. 1 lit. a GDPR.
If you send us a message via a contact form or the provided contact email, we will process the data you provide to answer your inquiry. If your inquiry relates to the conclusion, execution, or mediation of a contract, the legal basis for data processing is Art. 6 Abs. 1 lit. b GDPR. Otherwise, we process the data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 Abs. 1 lit. f GDPR.
We test different designs and settings of our website to further develop our website based on the results ("A/B testing"). Various versions of the website are displayed to users. We use our own cookie to track which version is shown to the user. Further information about this processing activity and the storage duration can be found in the section "Cookies." The processing is based on the legal basis of Art. 6 Abs. 1 lit. f GDPR and is necessary for our legitimate interest in optimizing our offer while minimizing the processing of personal data.
We use the Google Tag Manager by Google Ireland Limited (Ireland/EU). The Google Tag Manager enables us to manage website tags through an interface. The Google Tag Manager is a cookie-less domain that does not collect or store personal data. The Google Tag Manager only triggers other tags that may collect data without accessing that data. If a deactivation occurs on the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager. The use of Google Tag Manager occurs only with your consent in accordance with Art. 6 Abs. 1 lit. a GDPR.
We also use the marketing service Google Ads Conversions by Google Ireland Limited (Ireland/EU). Google Ads enables us to place relevant ads for users in the Google advertising network (e.g., in search results or on other websites), improve campaign performance reports, and avoid showing ads repeatedly to the same user. Each Ads customer sets a different conversion cookie. These cookies cannot be tracked across the websites of different Ads customers. A cookie ID is used to determine which ads are displayed in which browser. This prevents multiple displays of the same campaign. Additionally, cookie IDs allow the tracking of conversions, such as whether a user sees an ad and later visits the advertiser's website and makes a purchase. Further information about this processing activity and the storage duration can be found in the section "Cookies." The use of Google Marketing Services occurs only with your consent in accordance with § 15 Abs. 3 TMG or Art. 6 Abs. 1 lit. a GDPR.
For Google services, data transfer to Google Inc. in the USA cannot be excluded. Please refer to the information in the section "Data Transfer to Third Countries." Further information on data protection at Google can be found in Google's privacy policy: Google Privacy Policy
Our website contains a request form through which you can submit a mediation request to us. On partner websites, we use an iframe embedded in the partner website that transmits your data directly to us. The transfer of your data is encrypted. We process the provided data to handle your mediation request and to specify your request via phone or WhatsApp, SMS, and/or email.
To provide you with a suitable specialist company, we forward your data to specialist companies (which may also include dealers and manufacturers) that operate in your region and offer the requested service. The number of forwards is limited and determined by the request form. The specialist companies may contact you via phone or WhatsApp, SMS, or email to create an offer.
These data processing activities by us and the specialist companies are necessary to carry out pre-contractual measures based on your request. The legal basis is Art. 6 Abs. 1 lit. b GDPR.
If you request advice on loans and grants, we forward your data to suitable credit institutions or loan brokers for this purpose. The credit institutions or loan brokers may contact you via phone or WhatsApp, SMS, or email to create an offer. All fields marked as mandatory are required to process your request. Failure to provide the required data means we cannot process your request. Providing additional data is voluntary.
These data processing activities by us and the credit institutions or loan brokers are necessary to carry out pre-contractual measures based on your request. The legal basis is Art. 6 Abs. 1 lit. b GDPR.
We are present on several social media platforms with a company page. Through these, we aim to provide additional opportunities for information about our company and exchange. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile generally also constitutes personal data. This includes messages and statements made using the profile. Additionally, certain information about your visit to a social media profile is often automatically collected, which may also constitute personal data.
When you visit our Facebook page, through which we represent our company or individual products from our range, certain information about you is processed. The sole controller for the processing of personal data is Facebook Ireland Ltd (Ireland/EU). Further information on the processing of personal data by Facebook is available at Facebook Privacy Explanation. Facebook offers options to object to certain data processing; information and opt-out options are available at Facebook Settings.
Facebook provides us with anonymized statistics and insights for our Facebook page, which help us gain insights into the types of actions people take on our page (so-called "Page Insights"). These Page Insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Art. 6 Abs. 1 lit. f GDPR. We cannot associate the information obtained through Page Insights with specific Facebook profiles that interact with our Facebook page. We have entered into an agreement with Facebook on joint controllership, which defines the allocation of data protection responsibilities between us and Facebook. Details on the processing of personal data to create Page Insights and the agreement between us and Facebook are available at Facebook Page Insights Data. In relation to this data processing, you can also assert your data subject rights (see "Your Rights") against Facebook. Further information is available in Facebook's privacy policy at Facebook Privacy Explanation.
Please note that according to Facebook's privacy policy, user data may also be processed in the USA or other third countries. Facebook transfers user data only to countries for which an adequacy decision of the European Commission under Art. 45 GDPR exists or based on appropriate safeguards under Art. 46 GDPR.
For the processing of personal data when visiting our Twitter profile, the sole controller is generally Twitter Inc. (USA). Further information on the processing of personal data by Twitter Inc. is available at Twitter Privacy.
We also process information you provide to us via our company page on the respective social media platform. Such information may include the used username, contact details, or a message to us. We process this personal data regularly only if we have explicitly asked you to provide us with this data. These processing activities by us are carried out as the sole controller. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 Abs. 1 lit. f GDPR. Further data processing may occur if you have consented (Art. 6 Abs. 1 lit. a GDPR) or if it is necessary to fulfill a legal obligation (Art. 6 Abs. 1 lit. c GDPR).