Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the "Information on the Responsible Party" section of this privacy policy.

How do we collect your data?

Some of your data is collected when you provide it to us. This may include data you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This mainly includes technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.

2. Hosting

We host the content of our website independently:

Self-Hosting (Own Hosting)

We host our website on our own servers (self-hosting). The personal data collected on this website (such as IP addresses, meta and communication data, or website access) is processed and stored on our own IT systems in Germany. There is no transfer of this basic traffic data to external web hosting providers.

The processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in the secure, independent and efficient provision of our website.

Content Delivery Network (Cloudflare)

This website uses the Content Delivery Network (CDN) of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare provides a globally distributed DNS and CDN network with DDoS protection. All traffic between your browser and our website is routed through Cloudflare's servers. In the process, Cloudflare may analyze your IP address, security and performance data, and browser metadata to detect and prevent threats. Cloudflare is certified under the EU-US Data Privacy Framework (DPF). In addition, we have agreed to the EU Commission's Standard Contractual Clauses as the basis for data transfer to the USA. The use of Cloudflare is based on our legitimate interest in a secure and efficient provision of our website (Art. 6 para. 1 lit. f GDPR). For more information, please refer to Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Information on the Responsible Party

The responsible party for data processing on this website is:

Andreas Lippold (Sole Proprietorship)
voranai
Ottenhofen 32
91613 Marktbergel
Germany

Mobile: +49 163 3475341
Email: info@voran-ai.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, deletion will occur after these reasons no longer apply.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Your Rights as a Data Subject

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing (Art. 15 GDPR), as well as a right to rectification (Art. 16 GDPR), blocking or deletion (Art. 17 GDPR) of this data. Furthermore, you have the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). In addition, in the event of data protection violations, you have a right of complaint to the competent supervisory authority (Art. 77 GDPR). For this purpose, you can contact the state data protection officer of the federal state in which you have your residence or our company is based.

4. Data Collection on This Website

Cookies

Our website uses so-called 'cookies' and similar storage technologies (e.g., local storage). Cookies are small data packets and do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you close your browser. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

The storage of cookies that are necessary for the electronic communication process or to provide certain functions you have requested is based on Art. 6 Abs. 1 lit. f DSGVO.

Technically Necessary Session Cookies

We use a technically necessary session cookie (name: "session") on our website. This cookie serves exclusively to maintain the current status of your visit, to securely manage session data and to provide basic security functions. This cookie is automatically deleted after the end of your visit or when you close your browser. The storage of this cookie is based on Art. 6 Abs. 1 lit. f DSGVO and § 25 Abs. 2 TDDDG (formerly TTDSG), as the cookie is strictly necessary for the secure and error-free provision of the website you have accessed.

Contact Form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 Abs. 1 lit. b DSGVO if your inquiry is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Abs. 1 lit. f DSGVO) or on your consent (Art. 6 Abs. 1 lit. a DSGVO) if this was requested.

Mandatory legal provisions – in particular retention periods under the German Commercial Code (HGB) or the Tax Code (AO), which generally require business correspondence to be kept for 6 to 10 years – remain unaffected.

Local Storage

To prevent data loss due to technical issues (e.g., internet outages or accidental page reloads), your form entries and uploaded files are temporarily stored in your browser's local storage. This data remains on your device and is not shared with third parties (except upon final submission). The data is automatically deleted once the form has been successfully submitted or after 24 hours at the latest. This is based on our legitimate interest in providing a user-friendly form (Art. 6 para. 1 lit. f GDPR / § 25 para. 2 TDDDG (formerly TTDSG)).

E-Mail Communication (Cloudflare and Google Mail)

When you contact us by email (e.g., to info@voran-ai.com), we use Cloudflare (Cloudflare, Inc., USA) for domain management and email routing. The emails are forwarded from there to our email account at Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and stored there. Your email address and the content of your message are processed on the servers of these providers. Data transmission to the USA is based on the Standard Contractual Clauses of the EU Commission and the EU-US Data Privacy Framework (DPF). Processing is based on our legitimate interest in reliable and secure communication (Art. 6 para. 1 lit. f GDPR / Art. 6 para. 1 lit. b GDPR for contract initiation and fulfillment).

Appointment Bookings (Calendar Integration)

To arrange and manage appointments via our website, we use two calendar systems: (1) To display available time slots, the website reads existing appointments from our Apple iCloud calendars (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) in read-only mode. No personal data is transmitted to Apple in this process. (2) When you book an appointment, the data you enter (e.g., name, email address, company, booking time) is stored in our self-hosted Nextcloud calendar on our own servers in Germany. There is no transfer of this booking data to third parties. Processing is carried out to fulfill a contract or to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

E-Mail Delivery Service (Brevo)

For sending emails from our contact and booking forms, we use the service Brevo (Sendinblue GmbH, Koepenicker Str. 126, 10179 Berlin, Germany) as our email delivery provider. When you submit a form on our website, the data you enter (e.g., name, email address, message, attachments) is transmitted via Brevo's SMTP servers for delivery. A data processing agreement (DPA) has been concluded with Brevo in accordance with Art. 28 GDPR. Brevo processes the data exclusively on our behalf and in accordance with our instructions. Processing is based on our legitimate interest in reliable and secure email communication (Art. 6 para. 1 lit. f GDPR) and, where applicable, for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR). Further information can be found in Brevo's privacy policy at https://www.brevo.com/legal/privacypolicy/.

Protection Against Abuse and Overload (Rate Limiting)

To protect our website, server infrastructure and forms from overload, spam and automated attacks (so-called brute-force attacks), we use a rate limiting system (Flask-Limiter). Your IP address is temporarily processed in the server's working memory to limit the number of requests per IP address within a certain period and to temporarily block requests if the limit is exceeded. These IP addresses are not permanently stored in databases and are automatically discarded from volatile memory after the respective blocking period expires. Processing is based on our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO) in ensuring the security, integrity and constant availability of our online service.

Handling of Applicant Data

We offer you the opportunity to apply to us via our website (e.g., via a form or email). In the context of the application process, we collect and process the personal data you provide (e.g., contact and communication data, application documents, notes from interviews), insofar as this is necessary for the decision on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship) as well as Art. 6 para. 1 lit. b GDPR (general contract initiation) and, if you have given consent, Art. 6 para. 1 lit. a GDPR.

Retention of Applicant Data

If we are unable to make you a job offer, you reject an offer, or you withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (e.g., for the purpose of providing evidence in legal disputes under the AGG). The data will then be deleted and physical application documents destroyed. Longer retention only occurs if you have given us express consent for this (e.g., for inclusion in a talent pool) (Art. 6 para. 1 lit. a GDPR).

5. Fonts and Icons

Locally Hosted Fonts (Google Fonts & Font Awesome)

This website uses the font families Google Fonts (Inter, Plus Jakarta Sans, Space Grotesk, Roboto) and the icon library Font Awesome. All font and icon files are hosted locally on our own server and are delivered directly from there. No connection to external servers of Google, Font Awesome or other third parties is established when loading these resources. Therefore, no personal data (such as your IP address) is transmitted to these providers.

Source: e-recht24.de