Privacy policy
Last updated: 9 June 2026
Summary. We process as little personal data as possible. This website is hosted in Germany. We use no tracking tools, no profiling, no advertising cookies and no third-party analytics. Only technically necessary data is processed.
Controller
Controller within the meaning of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
Hosting and server log files
This website is hosted on servers located in the Federal Republic of Germany. No transfer to third countries outside the EU/EEA takes place.
When the site is accessed, the hosting provider processes technically necessary access data (server log files): IP address (truncated or only for the duration of the connection), date and time, URL accessed, data volume transferred, user agent and referrer. The legal basis is Art. 6 (1)(f) GDPR — legitimate interest in stable and secure operation. Logs are deleted automatically after no more than 14 days, unless security-relevant incidents require longer retention.
Cookies and tracking
We use no analytics, marketing or tracking cookies . No third-party cookies (e.g. Google Analytics, Meta Pixel, LinkedIn Insight Tag) are loaded. For this reason no cookie consent banner is required on this website.
If technically necessary cookies (e.g. for session management) are introduced in a logged-in area in future, this will be done solely on the basis of § 25 (2) no. 2 TDDDG (formerly TTDSG) without consent requirement.
Contact by email
If you contact us by email at info@aestimia.de your details (name, email address, content of the message) are processed solely to handle your request. The legal basis is Art. 6 (1)(b) GDPR (pre-contractual measures) and Art. 6 (1)(f) GDPR (legitimate interest in responding). Data is deleted after the request has been fully handled, unless statutory retention obligations apply (e.g. § 257 HGB, § 147 AO).
Contact form (once active)
A future contact form will collect only the mandatory fields needed to respond (name, email address, message). Transmission is TLS-encrypted. Processing and storage take place on our infrastructure within the EU. Legal basis: Art. 6 (1)(b) and (f) GDPR.
User account and software use
A user account is required to use the paid "Immobilio" software. We process the data needed to perform the contract (email address, authentication data, billing data, usage metadata). Legal basis is Art. 6 (1)(b) GDPR (performance of contract).
Content data you enter into the software (e.g. property data, draft reports) is processed solely to provide the functionality and is not re-used for training or advertising. Processing by our processors (including database, hosting and AI providers) takes place under contracts in accordance with Art. 28 GDPR. A list of the processors used is available on request.
Recipients and transfers to third countries
Your data is transferred to third parties only where required by law or for performance of the contract (e.g. to payment service providers for paid use). No transfer to third countries outside the EU/EEA currently takes place. If this becomes necessary in future, it will only take place on the basis of appropriate safeguards under Art. 44 ff. GDPR (EU standard contractual clauses).
Your rights as a data subject
You have the following rights:
- Access to data processed (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure ("right to be forgotten", Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent with effect for the future (Art. 7 (3) GDPR)
To exercise your rights an informal message is enough to info@aestimia.de.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR). Competent in particular is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf.
Data security
Transmission between your device and our servers is end-to-end TLS-encrypted (HTTPS). We take technical and organisational measures pursuant to Art. 32 GDPR to protect your data against unauthorised access, loss or manipulation.
Updates and changes to this policy
We update this privacy policy whenever the legal situation or our processing activities change. The current version is always available at this URL.