Privacy policy


We operate our websites in accordance with the principles set out below:

We undertake to comply with the statutory provisions on data protection and endeavour to observe the principles of data avoidance and data minimisation at all times.

1. name and address of the controller and the data protection officer

a) The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is

Aisys Media GmbH
Represented by the Managing Directors Markus Bessler and Tim J. Koros
Ludwigstr. 8a
97070 Würzburg
Germany
Phone: 0931/80 499 0
Fax: 0931/80 49 920
E-mail: info@aisys-media.de
Website: https://tedme.com

b) The data protection officer of the controller is:

SiDIT GmbH
Langgasse 20, 97261 Güntersleben, info@sidit.de

2. definitions

We have designed our privacy policy in accordance with the principles of clarity and transparency. However, if there are any ambiguities with regard to the use of various terms, the corresponding definitions can be found here. here [https://dsgvo-gesetz.de/art-4-dsgvo/] can be viewed.

3. legal basis for the processing of personal data

We only process your personal data, such as your surname and first name, your email address and IP address, etc., if there is a legal basis for doing so. According to the General Data Protection Regulation, the following regulations in particular come into consideration here:

Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their personal data for one or more specific purposes.

Art. 6 para. 1 sentence 1 lit. b GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Art. 6 para. 1 sentence 1 lit. c GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject

Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person

Art. 6 para. 1 sentence 1 lit. e GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Art. 6 para. 1 sentence 1 lit. f GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

However, we will always point out the legal basis on which your personal data is processed at the relevant points in this privacy policy.

4. disclosure of personal data

The disclosure of personal data also constitutes processing within the meaning of section 3 above. However, we would like to take this opportunity to inform you separately about the issue of disclosure to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

Data is therefore only passed on to third parties if there is a legal basis for the processing. For example, we pass on personal data to persons or companies who work for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in a relationship of instruction and control with us.

These are exclusively the following 3 companies:

  • iWelt AG, Mainparkring 4, 97246 Eibelstadt (service: server housing)
  • Hetzner Online GmbH, Industriestr. 2591710 Gunzenhausen (Service: Serverhousing)
  • LiHAS, LinuxHaus Stuttgart, owner Adrian Reyer, Hessenwiesenstraße 10, 70565 Stuttgart (service: server administration)

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to oblige them to comply with data protection regulations and thus ensure comprehensive protection of your data.

5. storage period and deletion

Your personal data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, if the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

6. SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

7. cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your end device when you visit our website. These cookies are used to store information in connection with the end device used.

When cookies are used, a distinction is made between technically necessary cookies and "other" cookies. Technically necessary cookies are those that are absolutely necessary in order to provide an information society service that you have expressly requested.

In order to make the use of our website more convenient for you, we use so-called session cookies (e.g. language and font selection, shopping basket, etc.) These session cookies fall under the category of technically necessary cookies and are automatically deleted after you leave our site. The legal basis for the cookies results from Art. 6 para. 1 sentence 1 lit. c) GDPR, a legal authorisation.

8 Collection and storage of personal data and the nature and purpose of its use

a) As a visitor to the tedme.com website

When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Browser used and, if applicable, the operating system of your computer and the name of your access provider

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the website
  • Evaluation of system security and stability

Data that allows conclusions to be drawn about your person, such as the IP address, will be deleted after 7 days at the latest. If we store the data beyond this period, this data is pseudonymised so that it can no longer be associated with you.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

b) Contractual relationship with an owner of the TEDME account

aa) Conclusion of contract

You have the option of creating a free or paid account on our website.

As part of the free account, you have the option of logging into a closed access area. Here you can view your personal data (name, email address, change password) as well as your uploaded documents. If you give a presentation using our tool, your voting results will be saved together with your name, the date and time. You can delete these at any time.

You can also delete your account at any time. Your personal data will then be deleted immediately.

As part of the establishment of the contractual relationship, only the personal data absolutely necessary for the fulfilment of the contract will be processed in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

If you choose a paid account, your data will be passed on for payment processing as follows.

The lawfulness of the transfer of data results from Art. 6 para. 1 lit. b GDPR, for the implementation of the payment method you have chosen and our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to enable user-friendly and uncomplicated payment processing.

The personal data transmitted to the online payment service provider is usually first name, surname, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in per cent, invoice information, etc.

This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.

Please note, however, that personal data may also be passed on by the online payment service provider to service providers, subcontractors or other affiliated companies if this is necessary to fulfil the contractual obligations arising from your order or if the personal data is to be processed on our behalf.

Depending on the payment method selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal will be transmitted by PayPal to credit agencies. This transmission is used to check your identity and creditworthiness in relation to the order you have placed. You can find out which credit agencies are involved here and which data is generally collected, processed, stored and passed on by the respective provider in the respective data protection declarations of the providers:

PayPal

PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/en/webapps/mpp/ua/privacy-full

bb) Customer area

(1) Project administrator (nominated by the owner of the TEDME account)

As the project administrator, we process your name, e-mail address and password. In order to be able to use our services, you will receive your personal access area. Here you have the option of uploading your presentations. In this customer area, you can view your personal data at any time as well as all your documents and records that you have uploaded yourself. You can also view and manage the analyses of votes that you have initiated.

You also have the option of inviting other people (speakers or moderators) who can use our tool independently for presentation purposes. To do this, enter the name and e-mail address of the recipient. The recipient will then receive an invitation to register. As the project administrator, you can view the voting results (content, date, time) of the individual speakers at any time in your personal access area.

The legal basis results from the fulfilment of our contractual services in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

(2) Speaker or moderator

If you receive an invitation from a project administrator by e-mail, you can log in to the closed access area with your e-mail address and a password. Here you can view your personal data (name, e-mail address, password) as well as the documents and records uploaded by the project administrator. If you give a presentation using our tool, your voting results will be saved together with your name, the date and time. This data is also available for the project administrator to view.

The organiser is responsible for processing this data.

If you wish to have your account deleted, please contact the organiser or project administrator (TEDME account holder) who created the account for you. They can delete your account.

This personal data is not processed by us for our own purposes.

The legal basis results from the fulfilment of our contractual services in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

(3) As a participant in a TEDME session (voting, questionnaires, questions to the organiser/moderator, so-called Q&A, chat)

If you take part in a vote, this is anonymous and no personal data is stored or collected.

If you complete a survey form, address questions to the organiser/moderator (so-called Q&A) or participate in a chat, only the personal data you voluntarily provide will be processed by the organiser or speaker/moderator, e.g. if you ask your own questions or give answers that contain personal data. The organiser or speaker is responsible for processing this data.

(4) As a participant in an authenticated vote/election with TEDME-Auth

We also offer our organisers the option of conducting authenticated and even authenticated secret ballots.

The project administrator (account holder) has the option of uploading the names of the participants as well as their email addresses and, if applicable, voting shares for the respective election event to the portal, editing them there and sending PINs to these email addresses. These PINs are required for authentication during voting.

(a) Authenticated voting

In an authenticated vote, the project administrator can assign the PINs issued to the email addresses and names entered. In addition, the PINs and names (or names and PINs of participants to be represented) are also displayed in the voting results.

(b) Authenticated secret ballot

In an authenticated secret ballot, the PINs created can also be assigned to the respective email addresses and names, but not to a voting result. It is only possible to recognise which PINs and names (or names and PINs of participants to be represented) have taken part in the vote as a whole.

We do not process this personal data for our own purposes. This data from the votes is processed by us as a processor within the framework of the contractual relationship for the respective project administrator, Art. 6 para. 1 sentence 1 lit. b) GDPR.

(c) Contact form / e-mail contact

We provide you with a form on our website so that you have the opportunity to contact us at any time. To use the contact form, it is necessary to provide a name for a personal form of address and a valid e-mail address so that we know who the enquiry is from and can process it.

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there and your IP address, will be processed in accordance with Art. 6 para. 1 sentence 1 lit. b and f GDPR to carry out pre-contractual measures in response to your enquiry or to safeguard our legitimate interests, namely to carry out our business activities.

You are also welcome to send us an e-mail using the e-mail address provided on our website instead. In this case, we will store and process your e-mail address and the information you provide in the e-mail in accordance with Art. 6 para. 1 sentence 1 lit. b and f GDPR to process your message.

The enquiries and the associated data will be deleted no later than 12 months after receipt, unless they are required for a further contractual relationship.

9 Rights of the data subject

You have the following rights:

a) Information
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about

  • the purposes of processing
  • the categories of personal data
  • the recipients or categories of recipients to whom your data has been or will be disclosed
  • the planned storage period or at least the criteria for determining the storage period
  • the existence of a right to rectification, erasure, restriction of processing or objection
  • the existence of a right to lodge a complaint with a supervisory authority
  • the origin of your personal data if it was not collected by us
  • the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details

b) Correction
According to Art. 16 GDPR, you have the right to immediate correction of incorrect or incomplete personal data stored by us.

c) Cancellation

In accordance with Art. 17 GDPR, you have the right to demand that we erase your personal data without undue delay, unless further processing is necessary for one of the following reasons:

  • the personal data are still necessary for the purposes for which they were collected or otherwise processed
  • to exercise the right to freedom of expression and information
  • for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • for the assertion, exercise or defence of legal claims

d) Restriction of processing

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

  • You dispute the accuracy of your personal data.
  • The processing is unlawful and you oppose the erasure of the personal data.
  • We no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims.
  • You object to the processing pursuant to Art. 21 (1) GDPR.

e) Information

If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17(1) and Art. 18 GDPR, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

f) Transmission

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to request the transfer of this data to a third party, provided that the processing is carried out using automated procedures and is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

g) Revocation

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to us at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In future, we may no longer continue the data processing that was based on your withdrawn consent.

h) Complaint

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) Objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying the particular situation. If you wish to exercise your right of cancellation or objection, simply send an email to: info@aisys-media.de

j) Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or fulfilment of a contract between you and us
  2. is authorised by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
  3. with your express consent

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in i) and iii), we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

10. amendment of the privacy policy

If we change the privacy policy, this will be indicated on the website and registered customers will be informed by e-mail.

Status 30.12.2020







We manage our web sites in accordance with the principles set out below:

We undertake to comply with statutory data protection regulations and endeavour always to take into account the principles of data avoidance and data minimisation. 

1. Name and address of the controller and the data protection officer 

a) The controller, within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other statutory data protection regulations, is: 

Aisys Media GmbH
Represented by the Managing Directors Markus Bessler and Tim J. Koros
Ludwigstr. 8a
97070 Würzburg
Germany
Phone: 0931/80 499 0
Fax: 0931/80 49 920
E-mail: info@aisys-media.de
Website: https://tedme.com


b) The data protection officer of the controller is:

SiDIT GmbH
Langgasse 20
97261 Güntersleben
e-mail:info@sidit.de
Website:https://sidit.de/ 

2. Explanation of terms

We have designed our Privacy Statement in accordance with the principles of clarity and transparency. However, should there be any ambiguity regarding the use of various terms, the corresponding definitions can be found here [https://dsgvo-gesetz.de/art-4-dsgvo/].

3. Legal basis for processing personal data

We process your personal data - such as your first and last names, your e-mail address, IP address, etc. - only if there is a legal basis for doing so. - only if there is a legal basis for doing so.The following rules, in particular, come into consideration here, in accordance with the General Data Protection Regulation (GDPR):

Art. 6(1)(a) GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Art. 6(1) (b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Art. 6(1) (c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject

Art. 6 (1)(d) GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person

Art. 6(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Art. 6(1)(f) GDPR: Processing is necessary for the purpose of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

However, we will always inform you at the appropriate points in this Privacy Statement of the legal basis on which your personal data are being processed.

4. Disclosure of personal data

Where personal data are disclosed, processing is also carried out within the meaning of section 3, above. At this point, however, we would like to inform you separately about disclosure of data to third parties. The protection of your personal data is particularly important to us. For this reason, we are especially careful when disclosing your data to third parties.

Data is only disclosed to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies acting as processors on our behalf, pursuant to Art. 28 GDPR. A processor is anyone who processes personal data on our behalf, in particular under our instruction and control.

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors in order to ensure that they comply with data protection regulations, thus providing comprehensive protection for your data.

5. Storage period and erasure

We will erase your personal data once those data are no longer necessary for the purposes for which they were collected or otherwise processed, and where the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

6. SSL encryption

This site uses SSL encryption for security reasons and to safeguard the transfer of confidential content, such as any requests you send to us as the operators of the site. An encrypted connection can be identified by the change in the address from "http://" to "https://" and by the padlock symbol in your browser's address bar.

With SSL encryption activated, the data which you transfer to us cannot be read by third parties.

7. cookies

We use cookies on our website. Cookies are small data packets created automatically by your browser and stored on your client device when you visit our website. These cookies are used to store information about the client device being used.

When cookies are used, a distinction is made between technically necessary cookies and "other" cookies. Cookies are said to be technically necessary if they are essential for providing an information society service which you have expressly requested.

In order to make the use of our services more convenient for you, we use what are known as session cookies (e.g. language and font selection, shopping basket, etc.). These session cookies come under the category of technically necessary cookies and are automatically deleted after you have left our site. The legal basis for the cookies derives from Art. 6(1)(c) GDPR, a legal permission.


8. Collection and storage of personal data, their type and intended purpose

a) When visiting the website

When you access our website, information is automatically sent to our web server by the browser being used on your client device. This information is stored temporarily in what is known as a log file. The following information is recorded without any action on your part and stored until it is automatically erased:

  • the IP address of the computer making the request, 

  • the date and time of access,

  • the name and URL of the requested file,

  • the browser used, and if applicable, your computer's operating system and the name of your access provider.


We process the above-mentioned data for the following purposes:

  • to ensure the connection to the website is established smoothly,

  • for evaluation of system security and stability, and


Data which permit you to be identified as an individual, such as the IP address, will be erased after 7 days at the latest. Any data we store beyond this period will be pseudonymised, so that they can no longer be associated with you.

The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest derives from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of identifying you as an individual.

b) Contractual relationship with an owner of the TEDME account

aa) contractual relationship

On our website, you have the option of creating a free or paid account.

Within the scope of the free account, you have the possibility to log into a closed access area. Here you can view your personal data (name, email address, change password) and your uploaded documents. If you give a presentation via our tool, your voting results will be saved together with your name, date and time. You can delete these at any time.

You can also delete your access at any time. Your personal data will then be deleted immediately.

In the context of the establishment of the contractual relationship, only the personal data that is absolutely necessary for the execution of the contract will be processed in accordance with Art. 6 (1) (b) GDPR.

If you choose a paid account, your data will still be passed on for payment processing as follows.

The legitimacy of the forwarding of the data results from Art. 6 (1) (b) GDPR, for the implementation of the payment method selected by you as well as our legitimate interests according to Art. 6 (1) (f) DSGVO to enable user-friendly and uncomplicated payment processing.

The personal data transmitted to the online payment service provider are mostly first name, surname, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in percent, invoice information, etc..

This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.

However, please note: Personal data may also be disclosed by the online payment service provider to service providers, subcontractors or other affiliated companies to the extent that this is necessary to fulfil the contractual obligations arising from your order or the personal data is to be processed on behalf.

Depending on the payment method selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal will be transferred by PayPal to credit reference agencies. This transmission serves to check your identity and creditworthiness in relation to the order you have placed. You can find out which credit agencies are involved and which data is generally collected, processed, stored and passed on by the respective provider in the respective data protection declarations of the providers:

PayPal

PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/en/webapps/mpp/ua/privacy-full

bb) Customer area

(1) Project administrator (appointed by the owner of the TEDME account)

We process your name, e-mail address and password from you as project administrator. In order to be able to use our services, you will receive your personal access area. Here you have the possibility to upload your presentations. In this customer area you can view your personal data at any time as well as all your documents and records that you have uploaded yourself. In addition, you can also view and manage the evaluations of votes that you have initiated.

You also have the option of inviting other persons (speakers or moderators) who can use our tool independently for presentation purposes. To do this, enter the name and e-mail address of the recipient. The recipient will then receive an invitation to register. As the project administrator, you can view the voting results (content, date, time) of the individual speakers in your personal access area at any time.

The legal basis arises from the performance of our contractual services in accordance with Art. 6 (1) (b) GDPR.

(2) Speaker or moderator

If you receive an invitation from a project administrator by e-mail, you can log in to the closed access area with your e-mail address and a password. Here you can view your personal data (name, e-mail address, password) as well as the documents and materials uploaded by the project administrator. If you give a presentation via our tool, your voting results will be saved together with your name, the date and time. This data is also available for the project administrator to view.

The organiser is responsible for processing this data.

If you wish to have your account deleted, please contact the organiser or project administrator (TEDME account holder) who created your account. This person can delete your account.

We do not process this personal data for our own purposes.

The legal basis results from the performance of our contractual services according to Art. 6 (1) (b) GDPR.

3) As a participant in a TEDME session (voting, questionnaires, questions to the organiser/moderator, so-called Q&A, chat).

If you participate in a voting session, this is anonymous and no personal data will be stored or collected.

If you fill in a questionnaire, ask questions to the organiser/moderator (so-called Q&A) or participate in a chat, only the personal data you voluntarily provide will be processed by the organiser or speaker/moderator, e.g. if you ask your own questions or provide answers that contain personal data. The organiser or speaker is responsible for the processing of this data.

(4) As a participant in an authenticated vote/election with TEDME-Auth

We also offer our event organisers the possibility to conduct authenticated and even authenticated secret ballots.

The project administrator (account holder) has the possibility to upload the names of the participants, as well as their e-mail addresses and, if applicable, voting shares for the respective election event into the portal, to edit them there and to send PINs to these e-mail addresses. These PINs are required for authentication during voting.

(a) Authenticated voting

n an authenticated vote, the project administrator can assign the PINs issued to the e-mail addresses and names entered. In addition, the PINs and the names (or names and PINs of participants to be represented) are also displayed with the voting results.

(b) Authenticated secret ballot

In an authenticated secret ballot, the PINs created can also be assigned to the respective e-mail addresses and names but not to a voting result. Only the PINs and names (or names and PINs of participants to be represented) that participated in the voting as a whole can be identified.

We do not process this personal data for our own purposes. This data from the votes is processed by us as an order processor within the framework of the contractual relationship for the respective project administrator, Art. 6 (1) (b) GDPR.

(c) Contact form / E-mail contact

We provide a form on our website for you to contact us at any time. In order to use the contact form, you are required to enter a name (so that we can address you in person) and a valid e-mail address which we can use to contact you, so that we know who is making the request and we are able to process it.

If you send us requests using the contact form, your data from the request form will be processed, including the contact details you provided in it and your IP address, pursuant to Art. 6 (1)(b) and (f) GDPR, for taking steps prior to entering into a contract with you in response to your request, or to exercise our legitimate interest, i.e. in the performance of our business activities.

You are also welcome to send us an e-mail using the e-mail address provided on our website. In this case, we will store and process your e-mail address and the data you provide in the e-mail, pursuant to Art. 6(1)(1)(b) and (f) GDPR, in order to process your message.

Requests and the data associated with them will be erased no later than 3 months after receipt, unless they are required for further contractual relationship purposes.

9. Rights of the Data Subject 

You shall have the following rights:

a) Right of access
Pursuant to Art. 15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:

  • the purposes of the processing

  • the categories of the personal data

  • the recipients or categories of recipient to whom your data have been or will be disclosed

  • the envisaged data storage period, or at least the criteria used to determine that period

  • the existence of the right to rectification, erasure, restriction of processing or objection

  • the existence of the right to lodge a complaint with a supervisory authority

  • the source of your personal data, where they were not collected by us

  • the existence of automated decision-making, including profiling, and where appropriate, meaningful information about the logic involved.


b) Right to rectification
In accordance with Art. 16 GDPR, you shall have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data stored by us.

c) Erasure

In accordance with Art. 17 GDPR, you shall have the right to obtain from us without undue delay the erasure of your personal data stored by us, unless further processing is required for one of the following reasons:

  • the personal data are still necessary for the purposes for which they were collected or otherwise processed;

  • to exercise the right of freedom of expression and information;

  • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;

  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the right referenced in a) is likely to render impossible or seriously impair the achievement of the objectives of that data processing, or

  • for the establishment, exercise or defence of legal claims.


d) Right to restriction of processing

Pursuant to Art. 18 GDPR, you may request the restriction of processing of your personal data, for one of the following reasons:

  • You contest the accuracy of your personal data.

  • The processing is unlawful, and you oppose the erasure of your personal data.

  • We no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.

  • You object to processing pursuant to Art. 21(1) GDPR.


e) Notification obligation

If you have requested rectification or erasure of your personal data or restriction of processing in accordance withArt.16,Art.17(1) andArt.18we shall notify all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.

f) Right to data portability

You shall have the right to obtain the personal data which you have provided to us in a structured, commonly used and machine-readable format.

You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6(1)(1)(a) orArt. 9(2)(a) or for the performance of a contract pursuant to Art. 6(1)(1)(b) GDPR.

g) Withdrawal of consent

Pursuant to Art. 7(3) GDPR, you shall have the right at any time to withdraw consent you have previously granted to us.The withdrawal of consent shall not affect the lawfulness of processing carried out based on consent before its withdrawal. We may not carry out any further processing based on your consentonce you have withdrawn it.

h) Right to lodge a complaint

Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

i) Right to object

Where your personal data are processed based on legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, you shall have the right pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right to object which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an info@aisys-media.de

j) Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:

  1. is necessary for entering into, or for the performance of, a contract between you and us,

  2. is authorised by Union or Member State law to which we are subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

  3. is based on your explicit consent.


However, such decisions shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in a) and c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.

10. Amendment of the Privacy Statement

If we amend the Privacy Statement, this will be indicated on the homepage and registered customers will be informed by e-mail.

Version of 30.12.2020