The use of the www.aimaidehlp.com and www.aimaidhelp.app sites and their Android and iOS mobile applications is subject to the following privacy policy.

1      Responsibility of the Controller

The responsible party for the purposes of the GDPR and other national privacy laws and other privacy policies is

IPG Immobilienprojekt GmbH, Ohmstr. 18, 80802 Munich, Germany

E-mail: [email protected]

Phone: +49 89 21 18 70 40

If you have any questions concerning data protection and would like to exercise your rights as a data subject, please send an email to: [email protected].

2      Processing

2.1  Accessing the Website – Accessing Data

When the website is accessed, log data is stored in so-called server log files without any personal reference. These are used for statistical evaluation for the purpose of operating and optimising the website. In addition, the data is collected for security reasons, i.e. to detect and investigate cases of misuse. This is our legitimate interest according to Art. 6 par. 1 lit. f) DGPR.

We collect the following information:

• Web page visit
• Date and time of access
• Amount of data sent in bytes
• Source / reference from which you have reached the page (“referrer”)
• Browser type and operating system
• Your IP address

Server log files are kept for 14 days maximum and then automatically deleted unless we suspect a criminal offence has occurred. Access to the log files is restricted to our server administrators.

2.2  Website access – Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc (“Google”), see section 3.1 for more information.

Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse your use of the website. The information about your use of this site will be transmitted to and saved on a Google server in the USA. In accordance with Article 6(1)(f) DSGVO, this is also our legitimate interest. However, if IP anonymisation is activated on this website, Google will first truncate your IP address within the member states of the European Union or other signatory states to the European Economic Area Agreement. Only in special circumstances is the full IP address transferred to a Google server in the USA where it is truncated. IP anonymisation is enabled on this website. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be combined with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, if you do this, you may not be able to use the full functionality of this website. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that you may not be able to use the full functionality of this website if you do not wish to be tracked by the cookie. You may also refuse the use of cookies by selecting the appropriate settings on your browser, including the inclusion of your IP address, and the processing of data by Google:

http://tools.google.com/dlpage/gaoptout?hl=de .

2.3  Google Tag Manager

This website uses Google’s Google Tag Manager service to manage website tags. We have data processing agreement with Google (see 3.1 Google Inc.). The Google Tag Manager is a utility service and, as a cookie-less domain, does not store personal data but only processes technically necessary data. The Google Tag Manager is responsible for loading other components that may also collect data. The Google Tag Manager does not access this information. For more information about the Google Tag Manager, please see Google’s privacy policy.

Please note that under US law, such as the Cloud Act, US authorities, such as intelligence agencies, may be able to access personal data that is inevitably exchanged with Google when this service is integrated due to the Internet Protocol (TCP).

2.4  Contact by e-mail, contact form and registration forms

We will store your data for the purpose of processing your enquiry and in the event of any follow-up questions if you contact us by e-mail or contact form. This is also our legitimate interest pursuant to Art. 6(1)(f) DSGVO; in particular, in the case of enquiries via the contact form, the processing of your data is also justified by the initiation of a contract (Art. 6(1)(b) DGPR).

We use the services of Google Inc. (“Google”) to send and receive emails, for more information see section 3.1.

When you contact us by e-mail or contact form, the following information is processed

• Contact Name
• Contact email address
• Message text

When you contact us via the registration form (free trial), we collect the following information

• Contact person’s name
• Company name
• Contact email address
• Name of the property
• Number of rooms in the property
• Website of the property
• Website of the company

When you contact us via the registration form (full subscription), we store the following information

• Company name
• Company website
• Company address
• the details of the company as specified
• Name of the property
• Number of rooms in the property
• Website of the property
• Name of contact person
• Position of the contact person
• E-mail address of contact person

Personal data will only be stored and used to process your enquiry or registration if you have given your consent or if this is legally admissible without your specific consent.

Personal data is deleted when it is no longer required for contact purposes, i.e. when your enquiry has been sufficiently processed. Exceptions are cases where longer storage is required by law.

2.5   Scheduling and video conferencing

In order to schedule, organise and conduct video calls, it is necessary to record the data of the participants in order to tailor the content of the video call to the respective participants. Therefore, we have a legitimate interest in processing the data concerned (Art. 6 I lit. f DGPR).

We use the service provider Calendly for scheduling and organisation and the service provider ZOOM for conducting the call. For more information, please click here:

https://calendly.com/de/dpa

https://explore.zoom.us/de/gdpr/

The information below is part of the processing:

• Contact name
• Contact email address
• Company or property name
• Information sent

2.6  Direct Marketing

We contact potential and existing customers to promote our services. In doing so, we only process data that has been made available to us for this purpose and for which we have received the express consent of the data subject for direct marketing (Art. 6 para. 1 lit. a DSGVO) or if there is a legitimate interest and the balancing of interests has shown that the interest and the fundamental rights and freedoms of the data subject do not outweigh (Art. 6 I lit. f DSGVO, Recital 47 DSGVO).

We use HubSpot to send direct marketing and manage the associated contact data, see 3.2 for more information.

Your professional contact information including your firm, position within the firm, professional telephone number and email address is routinely retained.

2.7  AI Maid Help Android & iOS Apps

We don’t collect any personal data when using these Apps.

3     Service Providers

3.1  Google Inc.

For various services, including sending and receiving emails and analysing website visits (“Google Analytics”), we use services provided by Google Inc. based in California, USA. For this purpose, we have entered into an order processing agreement with the company in accordance with Article 28. In addition, the company guarantees us adequate protection of the data when transferred to third countries. By concluding a contract with the Standard Contractual Clauses (SCC) stipulated by the EU Commission, an adequate protection of personal data is guaranteed.

In addition, Google Inc. has signed and certified itself to the Privacy Shield agreement between the European Union and the United States. Google is committed to complying with the standards and rules of European data protection law. You can find more information in the entry linked below:https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

3.2  HubSpot

To manage contacts, addresses and contract data, we use the service provider Hubspot. We have concluded a Data Processing Agreement with this provider pursuant to Article 28 GDPR, and storage within the EU/EEA is expressly contractually guaranteed. However, in order to fulfil the contract, the provider uses other companies within its group as sub-contractors, including companies based in the USA. Binding Corporate Rules (BCRs) were established and accepted under Article 47 GDPR. In addition, an adequate level of data protection is ensured for all data transfers through the conclusion of data protection contractual clauses (Standard Contractual Clauses, SCC) prescribed by the EU Commission.

Further information can be found here:

https://legal.hubspot.com/de/dpa

3.3  Chargebee

For subscription management and invoicing, we use the service provider Chargebee. We have a data processing agreement in place with this service provider in accordance with Article 28 of the GDPR and storage within the EU/EEA is also expressly guaranteed by contract. However, to fulfil the contract, they sub-contract other companies within their group, including companies based in the USA. Binding Corporate Rules (BCRs) were established and accepted under Article 47 GDPR. In addition, there is an adequate level of data protection for all data transfers through the conclusion of contractual clauses on data protection (Standard Contractual Clauses, SCC) as prescribed by the EU Commission.

Further information can be found here:

https://www.chargebee.com/privacy/dpa/

3.4  Freshdesk

For the management of customer support requests (helpdesk) and the provision of the “knowledge base”, we use the service provider Freshdesk by Freshworks. We have a data processing agreement in place with this service provider in accordance with Article 28 of the GDPR and storage within the EU/EEA is also expressly guaranteed by contract. However, to fulfil the contract, they sub-contract other companies within their group, including companies based in the USA. Binding Corporate Rules (BCRs) were established and accepted under Article 47 GDPR. In addition, there is an adequate level of data protection for all data transfers through the conclusion of contractual clauses on data protection (Standard Contractual Clauses, SCC) as prescribed by the EU Commission.

Further information can be found here:

https://www.freshworks.com/data-processing-addendum/

3.5  Dogado GmbH

We use the services of Dogado GmbH, based in Dortmund, Germany, with whom we have a data processing agreement, for the provision of hosting services. There is no transfer of personal data to third countries outside the EU/EEA.

4     Your rights as a data subject

Current legislation gives you certain rights in relation to your personal data. To exercise these rights, contact us by email at [email protected] or by postal mail to the address in section 1, stating your name and address.

Below is an overview of your rights.

4.1  Right of confirmation by the data subject

You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, the you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 (GDPR) relating to the transfer.

4.2  Right to rectification

You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. ²Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.3  Right to erasure (“Right to be forgotten”)

Under Article 17(1) of the GDPR, you shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• You withdraw your consent on which the processing was based under Art. 6 (1) par. 1 a) DGPR or Art. 9 (2) a) DGPR and there is no other legal basis for the processing.
• You object to the processing in accordance with Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing under Art. 21 (2) DGPR.
• The personal data have been processed unlawfully.
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). of the GDPR.

Where the controller has made the personal data public and is obliged pursuant to Article 17 par 1 of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

4.4  Right to restrict processing

You shall have the right to obtain from the controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• you objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.

4.5   Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

• the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
• the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

4.6  Right of objection

You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

4.7  Automated individual decision-making including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Automated decision-making based on the personal data collected does not take place.

4.8  Right to revoke consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

4.9  Right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, work or where the alleged breach took place, if you consider that the processing of personal data concerning you is unlawful.

5     Data Security

We strive to ensure the security of your personal data within the scope of applicable data protection laws and technical possibilities.

Your personal data is transmitted to us in encrypted form. This applies to both your registration and your customer login. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission on the Internet (i.e. when communicating by e-mail) may have security gaps. Complete protection against third-party access is not feasible.

To protect your data, we take technical and organisational security measures in accordance with Art. 32 DGPR, which we continuously amend to the latest technological standards.

We also do not guarantee that our service will be available at all times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully and regularly backed up.

6     Transfer of data to third parties, no data transfer to non-EU countries

As a general rule, we only use your personal data within our organisation.

If and to the extent that we involve third parties in the fulfilment of contracts (such as service providers), they will only receive personal data to the extent that the transfer is necessary for the respective service.

In the event that we outsource certain parts of the data processing (“outsourced processing”), we contractually require the outsourced processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

A transfer of data to entities or persons outside of the EU, other than in the cases referred to in paragraph 2 of this policy, will not take place and is not contemplated.

7     Cookies

By clicking on the cookie banner in the bottom left-hand corner of your browser, you can change your cookie preferences at any time.