This is an automated translation of the official Privacy Policy provided for informational purposes only. The only legally binding version is the original Privacy Policy, which is available here in German: Datenschutzhinweise.
We – reqms AI GmbH (“reqms AI” or “we”) – would like to inform you about how we process your personal data in accordance with the EU General Data Protection Regulation (“GDPR”).
Our data protection information is structured in modules. It consists of general information for any processing of personal data and processing situations (I.) and special information, the content of which only refers to the processing situation specified therein (II. ff.).
1) Controller
The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is
reqms AI GmbH
Pilgrimstraße 6, 50674 Cologne
E-Mail: contact@assistant-engine.com
2) Legal basis for the processing of personal data
We process some of your personal data on the basis of the following legal principles:
a) Consent of the data subject
Insofar as we obtain the consent of the data subject for a specific purpose, Art. 6 (1) sentence 1 lit. a GDPR is the legal basis.
b) Fulfilment of contractual obligations
Insofar as the processing is necessary for the fulfilment of a contract to which you are a party, Art. 6 (1) sentence 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
c) Legal requirements and obligations
Insofar as processing is necessary to fulfill a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 lit. c GDPR is the legal basis.
d) Safeguarding legitimate interests
Insofar as the processing is necessary to safeguard our legitimate interests or those of a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis.
3) Storage period and deletion of personal data
Personal data is deleted or blocked as soon as there is no longer any legal basis for processing it.
4) Recipients of personal data
Internally, personal data is only processed by the departments that require it to fulfill their processing purposes. This also applies to the processors, service providers and vicarious agents we use. All departments and persons who work with personal data are bound to data secrecy and made aware of the sensitive handling of such data.
Personal data will only be passed on to third parties if this is in accordance with data protection regulations. In particular, persons employed to carry out our business operations (e.g. banks, payment service providers, tax advisors, service providers for IT and IT services) and government agencies/authorities may receive your personal data if this is necessary to fulfill a legal obligation.
Data processing in third countries
Our services may require the processing of personal data in countries outside the EU/EEA (“third countries”) by our processors. If personal data is processed in a country that does not have a level of data protection that meets European standards and that has not been confirmed by an adequacy decision in accordance with Art. 45 (3) GDPR by the EU Commission, we have concluded EU standard contractual clauses with the processors concerned in order to establish appropriate safeguards within the meaning of Art. 46 GDPR. You can find a copy of the EU standard contractual clauses here: .
We will notify you in the following if your data is processed in a third country.
5) Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to us as the controller:
a) Right of access
Pursuant to Art. 15 GDPR, you have the right to request information about the personal data processed by us. In particular, you can request
b) Right to rectification
Pursuant to Art. 16 GDPR, you have the right to have your personal data rectified and/or completed if it is inaccurate or incomplete. We must carry out the rectification without undue delay.
c) Right to restriction of processing
Pursuant to Art. 18 GDPR, you have the right to obtain restriction of processing of your data if you contest the accuracy of the data or the processing is unlawful.
If the processing has been restricted, you will be informed by us before the restriction is lifted.
d) Right to erasure
According to Art. 17 GDPR, you have the right to have your personal data erased, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
e) Right to notification
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
f) Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
g) Right to object
In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data, provided that the processing is carried out on the basis of Art. 6 (1) sentence 1 lit. e or lit. f GDPR.
h) Right to revoke the declaration of consent under data protection law
Pursuant to Art. 7 (3) GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
i) Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
We are responsible for our website assistant-engine.com and its sub-pages (“website”). Personal data is processed when you use our website. We provide detailed information below about the data processing that takes place.
1) Provision of the website and creation of log files
When you visit our website, we automatically collect data and information from the user’s device (so-called log files).
Processor
To provide our website, we use the processor Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen (Germany), with whom we have concluded a data processing agreement and who processes personal data exclusively on our behalf. No third-country processing of personal data takes place through them.
Processed information & duration of processing
The following information is processed:
The log files are deleted within 14 days at the latest.
Purpose of processing & legal basis
The data is required to display the website on the user’s end device, to ensure its functionality and to analyze any malfunctions. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems.
The legal basis is Art. 6 (1) (1) (f) GDPR. The collection of log files is essential for the operation of the website. Consequently, there is no right of objection on the part of the user.
2) Use of cookies
We do not use cookies on our website. This means that when you visit our website, no text files are stored on the user’s device that collect or store information about how the user uses the website.
The provision and use of our App Assistant Engine (“App”), which can be accessed via the website or an API, may result in the processing of personal data.
1) Provision of the app and creation of log files
When you access our app, we automatically collect data and information from the user’s device (so-called log files).
Processor
To provide our website, we use the processor Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen (Germany), with whom we have concluded a data processing agreement and who processes personal data exclusively on our behalf. No third-country processing of personal data takes place through him.
Processed information & duration of processing
The following information is processed:
The log files are deleted within 14 days at the latest.
Purpose of processing & legal basis
The data is required to display the website on the user’s end device, to ensure its functionality and to analyze any malfunctions. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The collection of log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.
2) Use of cookies
We use cookies in our app. These are text files that are stored in or by the Internet browser on the system of the user’s terminal device when visiting a website.
Processed information & duration of processing
Each cookie contains a characteristic string of characters that enables the browser to be clearly identified the next time the website is accessed, and thus the respective user device.
Information on which necessary cookies are used for which specific purposes, the recipients of the related data, and the duration of the processing can be found here:
Location | app.assistant-engine.com |
Name | XSRF-TOKEN |
Purpose | The XSRF-TOKEN cookie is used to secure Laravel web applications by helping to prevent Cross-Site Request Forgery (CSRF) attacks. It ensures that a malicious site cannot make a request on behalf of the authenticated user without their consent. |
Expiration | 120 minutes |
Type | Essential |
Location | app.assistant-engine.com |
Name | assistant_engine_session |
Purpose | The assistant_engine_session cookie is used to store a unique session identifier for the user. Laravel uses this session identifier to associate the user with their session data stored on the server. This allows the application to remember the user’s state, preferences, or login information across different requests. |
Expiration | 120 minutes |
Type | Essential |
Purpose & Legal Basis
Some of our website’s functions cannot be performed without the use of cookies. For example, it may be necessary to use so-called counting cookies to prevent overloading the website. Session cookies may also be required to maintain the website’s selected language setting for future visits. In addition, mandatory cookies also serve to enable our system to recognize whether the user has consented to the placement of cookies in his browser or has restricted them (so-called opt-out cookies). These technically necessary cookies are not used to determine the identity of the user or to create user profiles.
The legal basis for the storage of mandatory cookies is Section 25 (2) no. 2 TTDSG.
The legal basis for the processing of the personal data generated in the process is Art. 6 (1) sentence 1 point (f) GDPR.
The use of these cookies is absolutely necessary for the operation of the website. Consequently, there is no right of objection on the part of the user.
3) Registration with the app
Registration is required to use our app.
Information processed & duration of processing
As part of the registration process, you will be asked to provide the following personal data, which is required for registration and subsequent use of the account:
In addition, we process the following personal data associated with your account for the duration of the contractual relationship:
The personal data will be deleted if the user contract ends due to termination, you delete your account with us and insofar as there are no further legal retention periods for the data.
Purpose & legal basis
The processing of personal data is carried out to fulfill our contractual obligations on the basis of the user contract concluded with you (Art. 6 para. 1 sentence 1 lit. b GDPR).
Insofar as personal data of employees is processed for the stated purpose (e.g. name-related e-mail addresses), the processing is carried out on the basis of our overriding legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO, as this data is necessary to offer you, as our contractual partner, the desired services.
4) Payment service provider Stripe
We use the payment service provider “Stripe” (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process payments initiated through our app. When Stripe provides services as a payment service provider (PSP), Stripe itself is the controller within the meaning of the GDPR. Payment processing via credit card or SEPA direct debit is done directly through Stripe. We do not process this data for our own purposes.
It may be necessary for us and Stripe to exchange such data related to your respective booking in order to process payment processing differences. These data transfers are each carried out on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Please note that Stripe, as a financial services provider and data controller with respect to the processing of financial transaction data, may also pass on your personal data to credit reference agencies, affiliated companies and subcontractors if this is necessary to fulfill contractual obligations or on the basis of a legitimate interest or if the data is processed by a processor. It is possible that Stripe may also transfer personal information to affiliated companies outside the EU or EEA (e.g. in the USA).
Your data will be transmitted to Stripe in encrypted form and processed by Stripe for the sole purpose of payment processing. Stripe is legally obliged to process and verify this data.
For more information about data protection in connection with this payment service provider, please refer to Stripe’s privacy policy:
In the event that you pay for goods or services, we will also pass on your data to our service providers in the areas of banking, taxes and tax advice, as well as – within the scope of legal requirements – to the tax authorities.
The following information applies to all communication with us.
If the communication takes place within a customer relationship or another contractual relationship, the data processing is also governed by the additional information under “V. Additional information for contractual partners”.
1) Telephone
You can contact us by telephone.
Information processed & duration of processing
In addition to your telephone number, we process the personal data that you provide to us during the call.
The data will be deleted as soon as the matter has been resolved with you, provided that there is no other reason for processing.
Purpose of processing & legal basis
The personal data is processed by us exclusively for the purpose of processing the request and in the event of follow-up questions.
If the communication is aimed at concluding a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
In all other cases, the legal basis is Article 6 (1) (1) (f) GDPR. Your interest does not outweigh our interest in answering your request; since you are calling us, answering your question is also in your interest, and you are aware that we have to process your personal data in order to answer your request.
2) E-mail
You can contact us by email. We would like to point out that there are possibilities for third parties to gain insights into email communication. If it is important to you that the information you provide is not exposed to the risk of illegal access by third parties, we therefore recommend using a different means of communication. However, if you contact us by email, we assume that you also wish to continue the exchange via this communication channel.
Processing information & duration of processing
In addition to your email address, we process the personal data that you provide to us within the email communication.
The data will be deleted as soon as the matter has been resolved with you, provided that there is no other reason for processing it.
Purpose of processing & legal basis
We process personal data exclusively for the purpose of processing the request and in the event of follow-up questions.
If the communication is aimed at concluding a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
In all other cases, the legal basis is Art. 6 (1) 1 lit. f GDPR. Your interest does not override our interest in answering your request; since you are writing to us, it is also in your interest to answer it, and you are aware that we have to process your personal data to answer your request.
3) Video calls
We also use video calls for communication.
Processor
To carry out video telephony, we use the “Microsoft Teams” service from Microsoft Corporation ( One Microsoft Way, Redmond, Washington 98052, USA) as our processor. We have concluded a data processing agreement with the processor. It is possible that the processor may process personal data in a third country in order to ensure smooth video telephony. Microsoft Corporation has therefore concluded EU standard contractual clauses with the sub-processor to provide suitable guarantees within the meaning of Art. 46 GDPR.
Processed information & duration of processing
The following communication data is processed during video telephony:
The personal data will be deleted as soon as the matter has been resolved with you and provided that there is no other reason for processing it.
Purpose of processing & legal basis
We process personal data exclusively for the purpose of processing the request and in the event of follow-up questions.
If the communication is aimed at concluding a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
In all other cases, the legal basis is Art. 6 (1) 1 lit. f GDPR. Your interest does not override our interest in answering your request; since you are writing to us, it is also in your interest to answer it, and you are aware that we have to process your personal data in order to answer your request.
The following information applies to you in addition, provided that we have a contractual relationship.
Processed information & duration of processing
Which of your data is processed in detail depends on the tasks within the contractual relationship. We use the personal information solely for the purpose for which it was provided to us. These are, for example, personal details (name, address and other contact details, date and place of birth). In addition, this may also include order data (e.g. payment orders), data from the fulfillment of our contractual obligations (e.g. sales data in payment transactions), information about your financial situation (e.g. creditworthiness data), advertising and sales data, as well as other data comparable with the categories mentioned.
The personal data will be deleted as soon as the contractual relationship with you has ended and provided that there is no other reason for processing it.
Purpose of processing & legal basis
The processing is carried out primarily for the purpose of establishing and executing the contractual relationship; the legal basis is Art. 6 (1) sentence 1 lit. b GDPR.
In addition, we also process your data in part on the basis of our legitimate interest, namely for the purpose of contact and communication management, economic efficiency controls, contract and project management, and to ensure the operation of information and telecommunications systems. The legal basis is Art. 6 (1) (1) (f) GDPR.
In addition, we as a company are bound by various legal obligations that must be complied with under applicable laws and regulations. The legal basis for processing for the purpose of complying with legal requirements and obligations is Article 6(1)(1)(c) GDPR. These include, for example, tax law retention requirements.
Accelerate Your AI Integration