Privacy Statement

Last updated: 15 July 2025

1. Scope of this Privacy Statement

This Privacy Statement applies to all natural persons whose personal data are processed by AvaTo Solutions GmbH, including:

  • Clients and prospective clients,

  • Visitors to our websites and digital platforms,

  • Participants in events, webinars, or surveys organized by us,

  • Recipients of newsletters or marketing communications, and

  • Any individuals who contact or interact with AvaTo Solutions GmbH.

This Privacy Statement does not apply to employees, contractors, or job applicants, who are covered by separate internal privacy notices.

2. Categories of Personal Data We Process

Depending on your interaction with us, we may process the following categories of personal data:

a) Data you provide directly, such as

  • Name, contact details (address, email, phone number),

  • Company information and job title,

  • Content of messages, forms, or correspondence,

  • Payment or invoicing details (if applicable).

b) Data collected automatically, including

  • IP address and browser type,

  • Date, time, and duration of website visits,

  • Pages viewed and navigation behavior,

  • Device identifiers and approximate geographic location.
    See our [Cookie Policy] for more information.

c) Data obtained from third-party or public sources, such as

  • Public company registers,

  • Professional networking platforms (e.g., LinkedIn),

  • Partner organizations or event co-hosts.

3. Purposes of Processing

We process personal data for the following purposes:

  1. Providing and managing our services:
    To perform contractual or pre-contractual obligations, including communication, project management, invoicing, and client support.

  2. Legal and regulatory compliance:
    To fulfill obligations under applicable laws, such as tax, accounting, or regulatory requirements.

  3. Client communication and relationship management:
    To maintain contact with clients and business partners, share updates about our services, and invite you to relevant events or webinars.

  4. Marketing and newsletters:
    To send information that may be of professional interest to you, based on your consent or our legitimate interest. You can unsubscribe at any time.

  5. Website performance and security:
    To ensure the stability, functionality, and security of our website, detect potential misuse, and improve the user experience.

  6. Event organization and feedback:
    To manage event participation and evaluate satisfaction through voluntary surveys.

  7. Physical security:
    When you visit our offices, we may record visitor details and operate security cameras in public areas for safety reasons.

4. Legal Bases for Processing

We process personal data only where a valid legal basis exists under Article 6 of the GDPR. These may include:

  • Consent (Art. 6(1)(a) GDPR): when you have voluntarily given consent for a specific purpose (e.g. newsletters).

  • Contract (Art. 6(1)(b)): when processing is necessary to perform or prepare a contract with you.

  • Legal obligation (Art. 6(1)(c)): when required by law, such as record-keeping or tax compliance.

  • Legitimate interests (Art. 6(1)(f)): when processing is necessary for our legitimate business purposes, provided these do not override your fundamental rights.

You can withdraw your consent at any time with future effect by contacting us (see Section 10).

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law.
When data is no longer needed, it will be securely deleted or anonymized.

6. Data Sharing and Third Parties

We may share personal data with third parties in limited and controlled situations, such as:

  • Service providers (e.g. IT hosting, cloud software, email or CRM providers) acting as processors under our instructions,

  • Project partners and authorities when necessary to fulfill a client contract,

  • Event co-organizers (limited to relevant contact details),

  • Public authorities or courts, where legally required,

  • Professional advisors (legal, accounting, or compliance purposes).

All third parties are bound by confidentiality and data protection obligations. We never sell personal data to third parties.

7. International Data Transfers

If personal data is transferred to recipients outside the European Economic Area (EEA), we ensure appropriate safeguards are in place — such as the EU Standard Contractual Clauses (SCCs) or other legally recognized mechanisms — to maintain a level of protection equivalent to that in the EU.

8. Data Security

AvaTo Solutions GmbH implements appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
These measures include access controls, encryption, network security, and employee confidentiality training.
Where external service providers are used, they are carefully selected and contractually bound to comply with equivalent security standards.

9. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access – to know what data we hold about you,

  • Right to rectification – to correct inaccurate or incomplete data,

  • Right to erasure (“right to be forgotten”),

  • Right to restriction of processing,

  • Right to data portability,

  • Right to object to processing based on legitimate interest,

  • Right to withdraw consent at any time.

To exercise these rights, please contact us using the details below. We aim to respond promptly and within the legal time limits.

If you believe that we have not handled your data lawfully, you may also lodge a complaint with the competent supervisory authority, such as the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI) or your local authority.

10. Contact Details

AvaTo Solutions GmbH
[Address line in Germany]
Email: contact@avato-solutions.com
Website: https://www.avato-solutions.com

11. Updates to This Privacy Statement

We may update this Privacy Statement periodically to reflect changes in our business processes, technology, or legal requirements.
The latest version will always be available on our website. Material changes will be communicated through the site or, where appropriate, directly via email.

Committed to transparency, trust, and the protection of your personal data.