Privacy Policy

Preamble

This privacy policy informs you about which categories of personal data (hereinafter also referred to as "data") we process, for which purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us on this website (hereinafter "online service").

The terms used are not gender-specific.

Last updated: April 25, 2026

Preamble
Controller
Overview of Processing Operations
Relevant Legal Bases
Security Measures
Transmission of Personal Data
General Information on Data Retention and Deletion
Rights of Data Subjects
Provision of the Online Service and Web Hosting
Blogs and Publication Media
Contact
Changes and Updates
Glossary

Controller

Tim Dielenschneider
Thomas-Dehler-Weg 3
51109 Köln
Germany

Email: hello@echonet-ai.com

Imprint: https://echonet-ai.com/legal/

Overview of Processing Operations

The following overview summarises the categories of data processed, the purposes of processing, and the data subjects concerned.

Categories of Processed Data

Contact data.
Content data.
Usage data.
Meta, communication and procedural data.
Log data.

Categories of Data Subjects

Users (website visitors).
Communication partners.

Purposes of Processing

Provision of our online service and usability.
IT infrastructure.
Security measures.
Communication and response to inquiries.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the GDPR legal bases on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations of your or our country of residence or domicile may apply. Where more specific legal bases are relevant in individual cases, we will inform you of these in this privacy policy.

Consent (Article 6(1)(a) GDPR) — The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Legal obligation (Article 6(1)(c) GDPR) — Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Article 6(1)(f) GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The BDSG contains in particular special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated individual decision-making including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with the legal requirements and taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons.

The measures include in particular safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input of, transfer of, securing of availability of, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to threats to data. We also take the protection of personal data into account during the development and selection of hardware, software, and procedures, in line with the principles of data protection by design and by default.

Securing online connections via TLS/SSL encryption (HTTPS): To protect data transmitted via our online service from unauthorised access, we use TLS/SSL encryption. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transferred between the website and the user's browser (or between two servers), thereby protecting the data from unauthorised access. The use of a TLS/SSL certificate is indicated by HTTPS in the URL, signalling to users that their data is being transmitted securely.

Transmission of Personal Data

In the course of our processing of personal data, the data may be transmitted to or disclosed to other entities, companies, legally independent organisational units, or persons. Recipients of this data may include, for example, service providers tasked with IT functions or providers of services and content embedded in a website. In such cases, we comply with the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

General Information on Data Retention and Deletion

We delete the personal data we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal bases for the processing exist. This applies in cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for the legal pursuit of claims or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

Where multiple retention periods or deletion deadlines apply to a single piece of data, the longest period always prevails. Data that is no longer retained for the originally intended purpose, but only on the basis of statutory requirements or other reasons, is processed exclusively for the reasons that justify its retention.

Retention and deletion of data under German law: The following general retention and archiving periods apply under German law:

10 years — Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the work instructions and other organisational documents necessary for their understanding (Section 147 (1) No. 1 in conjunction with (3) of the German Fiscal Code (AO), Section 14b (1) of the German VAT Act (UStG), Section 257 (1) No. 1 in conjunction with (4) of the German Commercial Code (HGB)).
8 years — Accounting documents, such as invoices and cost vouchers (Section 147 (1) Nos. 4 and 4a in conjunction with (3) sentence 1 AO and Section 257 (1) No. 4 in conjunction with (4) HGB).
6 years — Other business records: received commercial or business letters, copies of dispatched commercial or business letters, and other documents insofar as they are of relevance for taxation purposes, e.g. hourly wage slips, operating cost statements, calculation documents, price tags, as well as payroll records insofar as they are not already accounting documents and till receipts (Section 147 (1) Nos. 2, 3, 5 in conjunction with (3) AO, Section 257 (1) Nos. 2 and 3 in conjunction with (4) HGB).
3 years — Data necessary to consider potential warranty and damages claims or similar contractual claims and rights, and to handle related inquiries, based on prior business experience and customary industry practice, is stored for the regular statutory limitation period of three years (Sections 195, 199 of the German Civil Code, BGB).

Start of the period at year-end: Where a period does not expressly start on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the deadline is the moment when termination becomes effective or the legal relationship otherwise ends.

Rights of Data Subjects

As a data subject under the GDPR, you have various rights, which arise in particular from Articles 15 to 21 GDPR:

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw any consent given at any time.
Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access that data along with further information and a copy of the data in accordance with the legal requirements.
Right to rectification: You have the right, in accordance with the legal requirements, to obtain the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to obtain the erasure of data concerning you without undue delay, or alternatively to obtain the restriction of processing of the data.
Right to data portability: You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to have it transmitted to another controller.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Provision of the Online Service and Web Hosting

We process the data of users in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

Categories of processed data: Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, parties involved); log data (e.g. log files relating to logins or the retrieval of data, or access times); content data (e.g. textual or visual messages and contributions, as well as related information such as authorship or time of creation).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of our online service and usability; IT infrastructure (operation and provision of information systems and technical equipment such as computers and servers); security measures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing methods, procedures and services used:

Provision of the online service on rented storage: To provide our online service, we use storage space, computing capacity, and software that we rent or otherwise obtain from a server provider (also known as a "web host"); Legal basis: Legitimate interests (Article 6(1)(f) GDPR).
Collection of access data and log files: Access to our online service is logged in the form of so-called "server log files". Server log files may include the address and name of the retrieved web pages and files, the date and time of retrieval, the volume of data transferred, notification of successful retrieval, browser type and version, the user's operating system, the referrer URL (the previously visited page), and as a rule the IP address and the requesting provider. Server log files may be used for security purposes, e.g. to prevent server overload (in particular in the case of abusive attacks, so-called DDoS attacks), and to ensure server load and stability; Legal basis: Legitimate interests (Article 6(1)(f) GDPR). Deletion of data: Log file information is stored for the retention period set by our web host and then deleted or anonymised. Data whose further retention is required for evidentiary purposes is excluded from deletion until the relevant incident has been finally resolved.
Email transmission and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as further information regarding email transmission (e.g. the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that, as a rule, emails on the internet are not sent in encrypted form. Emails are usually encrypted in transit, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of emails between sender and our receiving server; Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Blogs and Publication Media

We use a blog or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only insofar as is necessary for its presentation, for communication between authors and readers, or for security reasons. Otherwise, we refer to the information regarding the processing of visitors to our publication medium provided in this privacy policy.

Categories of processed data: Content data (published articles and related metadata such as authorship and publication date); usage data (e.g. page views and time spent, types of devices and operating systems used); meta, communication and procedural data (e.g. IP addresses, timestamps).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing and legitimate interests: Provision of our online service and usability; security measures.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing methods, procedures and services used:

Comments, contributions, and surveys: This online service currently does not offer any comment, contribution, or survey functionality. Accordingly, no related data is processed, no IP addresses are stored for these purposes, and no cookies are set to prevent multiple voting. Should such functionality be added in the future, this privacy policy will be updated accordingly before processing begins; Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Contact

If you contact us by email (e.g. via a mailto link on this website), the personal data you transmit (in particular your email address and, where applicable, your name and any other information you voluntarily provide) is stored and processed exclusively for the purpose of handling your inquiry. Processing is based on our legitimate interest in efficiently responding to inquiries (Article 6(1)(f) GDPR) and, where your inquiry is aimed at the conclusion or performance of a contract, on Article 6(1)(b) GDPR.

Your data will be deleted as soon as the processing of your inquiry has been completed and no statutory retention obligations prevent deletion. Data is not transferred to third parties unless this is necessary to fulfil our contractual or legal obligations.

Categories of processed data: Contact data (e.g. email addresses); content data (e.g. content of the inquiry).
Data subjects: Communication partners.
Purposes of processing: Communication; response to inquiries; organisational and administrative procedures.
Legal basis: Legitimate interests (Article 6(1)(f) GDPR); pre-contractual measures and performance of a contract (Article 6(1)(b) GDPR).

Changes and Updates

We ask that you regularly inform yourself about the contents of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing operations we carry out make this necessary. We will inform you as soon as the changes require any action on your part (e.g. consent) or any other individual notification.

Where we provide addresses and contact information of companies and organisations in this privacy policy, please note that addresses may change over time and we ask you to verify the information before contacting them.

Glossary

This section provides an overview of the terminology used in this privacy policy. Where the terminology is defined by law, the statutory definitions apply. The following explanations are intended primarily to aid understanding.

Content data: Content data comprises information generated in the course of creating, editing, and publishing content of all kinds. This category may include text, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, authorship details, and publication dates.
Contact data: Contact data is essential information that enables communication with persons or organisations. It includes, among other things, telephone numbers, postal addresses, and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
Controller: "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Log data: Log data is information about events or activities that have been logged in a system or network. Such data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used for the analysis of system problems, for security monitoring, or for the creation of performance reports.
Meta, communication and procedural data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. It can include details such as file size, creation date, the author of a document, and modification histories. Communication data captures the exchange of information between users across various channels, such as email traffic, call logs, messages on social networks, and chat histories, including the parties involved, timestamps, and transmission paths. Procedural data describes the processes and operations within systems or organisations, including workflow documentation, logs of transactions and activities, and audit logs used for tracking and verifying procedures.
Personal data: "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether collection, evaluation, storage, transmission, or deletion.
Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information showing how users use applications, which features they prefer, how long they spend on certain pages, and which paths they navigate through an application. Usage data may also include the frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analysing user behaviour, optimising user experiences, personalising content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.

Based on a template from Datenschutz-Generator.de; substantively adapted to this online service.