Information for applicants, customers, interested parties, suppliers, and service providers in accordance with Articles 13 and 14 of the GDPR can be found here.
As of August 2025
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Major-Hirst-Straße 11 0151 | 11312462 | For https://www.4aces-tech.de/ Major-Hirst-Straße 11 0151 | 11312462 |
The data protection officer of the controller is:
DataGAP GmbH
Bessemerstr. 82
12103 Berlin
Germany
Phone: 030 57710513
Email: datenschutz@4aces.de
1. Scope of processing personal data
We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data is carried out regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is required by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for processing.
3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. The right to information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
If this is the case, you have the right to access this data and to receive the following information:
2. Right to rectification (Article 16 GDPR)
If your personal data is incorrect or incomplete, you have the right to request that it be corrected or supplemented without delay.
3. Right to restriction of processing (Art. 18 GDPR)
If one of the following conditions is met, you have the right to request a restriction on the processing of your personal data:
4. Right to erasure ("right to be forgotten") (Art. 17 GDPR)
You have the right to request the immediate deletion of your personal data if one of the following reasons applies:
Please note that the above reasons do not apply if processing is necessary:
5. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.
6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
7. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR. A list of the locally competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the visiting computer.
The following data is collected:
This data is stored in our system's log files. This data is not stored together with other personal data relating to the user.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.
3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.
In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of users are deleted or anonymized so that it is no longer possible to assign them to the accessing client.
5. Right to object
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. The user may object to this. Whether the objection is successful must be determined by weighing up the interests involved.
1. Description and scope of data processing
When you visit our website, we use technical tools for various functions, in particular cookies, which may be stored on your device.
We only use cookies that are technically necessary for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.
We use the "Borlabs Cookie" opt-in tool for this purpose.
The following data is stored and transmitted by the technically necessary cookies:
We do not use cookies on our website that are not technically necessary. Cookies that are not technically necessary are text files that do not solely serve the functionality of the website, but also collect other data.
2. Purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
We require the technically necessary cookies for the following applications:
Cookies that are not technically necessary are used to improve the quality of our website by enhancing the user experience and thus our reach and profitability. By setting these cookies, we unlock content from other platforms.
3. Legal basis for data processing
The provisions of the German Telecommunications and Telemedia Data Protection Act (TDDG) apply to the storage of information on the end user's terminal equipment and/or access to information already stored on the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, cookies are stored on and accessed from your terminal device on the basis of Section 25 (2) No. 2 TDDG. This storage and access to the information on your terminal device serves to facilitate your use of our website and to offer you our services as you wish. Some functions of our website do not work without the use of these cookies and therefore cannot be offered. Cookies are generally deleted after the end of the session (e.g., logging out or closing the browser) or after a specified period of time. Information about different storage periods for cookies can be found in the following sections of this privacy policy.
Insofar as cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. In this case, the basis for storing and accessing information is § 25 (1) TDDG in conjunction with Art. 6 (1) lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or grant it again retrospectively by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by adjusting the settings of your browser software. Please note that the browser settings you make will only apply to the browser you are using. If personal data is processed on your terminal device following the storage of and access to the information, the provisions of the GDPR apply. You can find information on this in the following sections of this privacy policy.
1. Description and scope of data processing
Our website features a contact form that can be used to contact us electronically. If a user chooses to do so, the data entered in the input mask will be transmitted to us and stored.
We use the"Gravity Forms"tool from Rocketgenius, 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500, United States of America, for this purpose.
The following data is stored when the message is sent:
2. Purpose of data processing
The processing of personal data from the input mask of the contact form or via the email address provided serves solely to process the contact request.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. Legal basis for data processing
The legal basis for processing the data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. Our legitimate interest is to respond to your inquiry, which you send to us via the contact form, in the best possible way. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Right to object
If the user contacts us via the input mask in the contact form, they can object to the storage of their personal data at any time.
The objection must be sent by email to kontakt@4aces.de or kontakt@4aces-tech.de .
All personal data stored in the course of establishing contact will be deleted in this case.
6. Hazard warning
Your personal data may also be transferred to the USA. There is no adequacy decision pursuant to Art. 45 (3) GDPR for the USA. We would like to point out that data transfer without an adequacy decision entails certain risks, which we would like to inform you about below:
US intelligence services use certain online identifiers (such as IP addresses or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you that could be used to trace the data transferred here back to you.
Providers of electronic communications services headquartered in the United States are subject to surveillance by US intelligence services pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, electronic communications service providers headquartered in the United States are required to provide personal data to US authorities pursuant to 50 U.S. Code § 1881a, without any potential legal recourse. Even encryption of data in the data centers of electronic communications service providers cannot provide adequate protection, as electronic communications service providers have a direct obligation to grant access to or disclose imported data in their possession, custody, or control. This obligation may also expressly extend to the cryptographic keys without which the data cannot be read.
The fact that this is not merely a "theoretical risk" is demonstrated by the judgment of the ECJ of July 16, 2020 (Case C 311/18, "Schrems II").
1. Scope of processing personal data
An application form is available on our website, which can be used for electronic applications. If an applicant chooses this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
Alternatively, you can also send us your application by email. In this case, we will record your email address and the data you provide in the email.
After sending your application, you will receive confirmation of receipt of your application documents by email from us.
Your data will not be passed on to third parties. The data will be used exclusively for processing your application.
2. Purpose of data processing
The processing of personal data from the application form is used solely for the purpose of processing your application. In the event of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the application form and to ensure the security of our information technology systems.
3. Legal basis for data processing
The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 (1) (b) Alt. 1 GDPR and § 26 (1) (1) BDSG.
The legal basis for processing data within the applicant pool is the applicant's express declaration of consent, Art. 6 (1) (a), Art. 7 GDPR. You may revoke your consent at any time with future effect.
4. Duration of storage
After completion of the application process, the data will be stored for up to three months. Your data will be deleted at the latest after three months. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
1. Scope of data processing
We take advantage of the opportunity to showcase our company on career-oriented networks. We maintain a company presence on the following career-oriented networks:
LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
On our site, we provide information and offer users the opportunity to communicate.
The company profile is used for job applications, information/PR, and active sourcing.
We have no information regarding the processing of your personal data by the companies jointly responsible for the corporate website. Further information can be found in the privacy policy at:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
If you perform an action on our company website (e.g., comments, posts, likes, etc.), you may be making personal data (e.g., your real name or photo from your user profile) public.
2. Legal basis for data processing
The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) (f) GDPR. Our legitimate interest in this regard is to respond to your inquiry in the best possible way and to provide you with the requested information. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
3. Purpose of data processing
Our corporate website serves to inform users about our services. Users are free to publish personal data through their activities.
4. Duration of storage
We store your activities and personal data published via our company website until you revoke your consent. In addition, we comply with the statutory retention periods.
5. Right to object
You may object to the processing of your personal data that we collect in connection with your use of our company website at any time and assert your rights as a data subject as set out in section IV of this privacy policy. To do so, please send us an informal email to the email address provided in this privacy policy.
Further information on exercising your rights can be found here:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
The website is hosted on servers by a service provider commissioned by us.
Our service provider is:
Pixel X e.K.
Kuhstrasse 26-27
38100 Braunschweig
Germany
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:
This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest in processing this data is to display our website without errors and to optimize its functions.
The website server is geographically located in Germany.
