Eximio privacy policy

Introduction

With this data protection notice, we would like to inform you about the processing of personal data in the context of the use of our website.

Controller

Kordiam AI Systems GmbH

Falkenried 74a

20251 Hamburg

Germany

Email: info@eximio.ai


Data Protection Officer

Email: dpo@kordiam.io

Purpose and Legal Basis of Data Processing

When you visit our website, your browser automatically transmits certain information to our server. This data is technically necessary to display the website and ensure its stability and security. It may include:

- The IP address of the requesting device

- Date and time of access

- Browser type and version

- Operating system used

- Referrer URL (the previously visited page)

- Hostname of the accessing computer


This data is stored in server log files and automatically deleted after 7 days. It is not combined with other data or used to identify individuals.


Purpose of processing:

- Ensuring a stable and secure connection

- Technical monitoring and fault analysis

- Website performance optimization


Legal basis:

Art. 6(1)(f) GDPR - our legitimate interest in the secure and efficient operation of the website.

Cookies

When you visit our website, cookies and similar technologies may be stored on or read from your device. Cookies are small text files that your browser stores. We distinguish between technically necessary cookies and cookies or comparable technologies that are only used with your consent.

Technically necessary cookies are used to ensure the proper functioning of the website (for example, for display and security purposes via Framer, as well as to store your consent status). These cookies do not require consent.


Legal basis: Art. 6(1)(f) GDPR in conjunction with § 25(2) No. 2 TDDDG


Technologies requiring consent — including analytics tools, external fonts, and embedded services — are only loaded after your active consent via our consent banner. On eximio.ai, this includes in particular: Google Fonts, Matomo Analytics, Calendly, and Brevo. Details on the services used, the data processed, and the respective legal bases can be found in the following sections of this Privacy Policy.


Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG


You can withdraw your consent at any time with effect for the future by adjusting the settings in our consent banner. You can also view and delete any cookies already stored via your browser at any time.

Consent Banner – Cookiebot

On eximio.ai, we use a consent banner to obtain your consent for the storage of certain cookies on your device or the use of certain technologies, and to document this in compliance with data protection law.


Provider: Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany


When you visit our website, the following personal data is transmitted to the provider:

  • Opt-in and opt-out data (your consent(s) or withdrawal thereof)

  • IP address (anonymized)

  • Referrer URL

  • User agent

  • User settings

  • Consent ID

  • Time of consent

  • Consent type

  • Template version

  • Banner language

  • Geographic location


Processing takes place within the European Union. Consent data is stored for one year and then deleted without delay. A data processing agreement (DPA) under Art. 28 GDPR is in place with Usercentrics GmbH.


Cookiebot is used to obtain the legally required consents for the use of cookies and to document this in compliance with data protection law.


Legal basis: Art. 6(1)(c) GDPR in conjunction with § 25(2) No. 2 TDDDG

Further information: https://www.cookiebot.com/de/privacy-policy/

Hosting of eximio.ai – Framer

The websites eximio.ai are hosted and provided via the Framer service.


Provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands


When you visit our websites, Framer collects various log files, including your IP address. Framer is a tool for creating and hosting websites. Framer stores cookies or other recognition technologies that are necessary for displaying the page, providing certain website functions, and ensuring security (necessary cookies).


Framer processes data on servers in the Netherlands (EU). The transfer of data to the Netherlands is based on the European Commission's standard contractual clauses (Art. 46(2)(c) GDPR), insofar as Framer uses sub-processors outside the EU. A data processing agreement (DPA) under Art. 28 GDPR is in place with Framer.


The use of Framer is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible display of our website. Where consent has been requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user's device (e.g. via device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.


Further information: https://www.framer.com/legal/privacy-statement/


Standard Contractual Clauses (DPA): https://www.framer.com/legal/data-processing-addendum/


Google Fonts

Our websites embed fonts from the Google Fonts service.


Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA


EU representative: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland


When these fonts are loaded, your IP address is transmitted to Google servers, which may be located in the United States. Even though Google Fonts itself does not set cookies, the transmission of the IP address constitutes processing of personal data.


Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF), which, based on an adequacy decision of the European Commission (Art. 45 GDPR), ensures compliance with European data protection standards for data processing in the USA. Further information on Google's DPF certification can be found at: https://www.dataprivacyframework.gov


The integration of Google Fonts is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Google Fonts are only loaded after your active consent via our cookie banner. You can withdraw your consent at any time with effect for the future by adjusting the settings in our cookie banner. If your browser does not support Google Fonts or consent has not been given, a default font from your computer will be used.


Further information: https://developers.google.com/fonts/faq and https://policies.google.com/privacy

Web Analytics – Matomo (Cookie-Free)

We use Matomo Analytics in cookie-free mode to analyze website usage.


Provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (Matomo Cloud)


Processing location: servers in the EU (France)


We use Matomo without the use of cookies. No information is stored on your device. However, the embedded JavaScript tracking does access information on your device in order to collect and process the following data in anonymized form:


  • Shortened IP address (the last octet is removed before storage)

  • Pages visited and time spent

  • Referrer URL

  • Browser type, operating system, screen resolution

  • Time of access


Matomo is only loaded after your active consent via our consent banner. Without your consent, no data collection by Matomo takes place.


Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TDDDG, since the JavaScript tracking accesses information on your device.


You can withdraw your consent at any time with effect for the future by adjusting the settings in our consent banner. The lawfulness of processing carried out prior to withdrawal remains unaffected.


Data transfer: Analytics data is transmitted to InnoCraft Ltd., based in New Zealand. The transfer is based on the European Commission's adequacy decision under Art. 45 GDPR. Data is stored on Matomo servers in Europe.


Data processing agreement: A data processing agreement (DPA) under Art. 28 GDPR is in place with InnoCraft Ltd.


Purpose of processing: analysis of usage behavior to optimize our website.

Further information: https://matomo.org/privacy-policy/

Newsletter Signup – Brevo (Sendinblue)

On eximio.ai, we offer the option to sign up for our newsletter. Processing is carried out via Brevo (formerly Sendinblue).


Provider: Brevo SAS, 7 rue de Madrid, 75008 Paris, France


As part of the newsletter signup, the following data is transmitted to Brevo:

  • Email address

  • Time of registration

  • IP address at the time of registration


The data you provide for the purpose of receiving the newsletter is stored on Brevo's servers within the EU. We use the double opt-in procedure: after signing up, you will receive a confirmation email in which you must confirm your registration by clicking a link. Only then will you be added to our mailing list.


With the help of Brevo, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked, as well as whether certain predefined actions were carried out (conversion rate). If you do not want to be analyzed by Brevo, you must unsubscribe from the newsletter. We provide a corresponding unsubscribe link in every newsletter message.


A data processing agreement (DPA) under Art. 28 GDPR is in place with Brevo.


Legal basis: Art. 6(1)(a) GDPR (consent).


The data you provide for the purpose of receiving the newsletter is stored until you unsubscribe from the newsletter and is deleted from the newsletter distribution list after unsubscribing. You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in any newsletter email or by sending us a message at dpo@kordiam.io.


Further information: https://www.brevo.com/de/newsletter-software/ and https://www.brevo.com/en/legal/privacypolicy/

Calendly

Our website allows you to schedule appointments with us. We use the tool "Calendly" for appointment booking.


The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter "Calendly").


For the purpose of scheduling an appointment, you enter the requested data and your desired appointment time into the provided form. The data entered is used for planning, conducting, and, where applicable, following up on the appointment. The appointment data is stored for us on Calendly's servers; you can view Calendly's privacy policy here: https://calendly.com/privacy.

The data you enter remains with us until you request its deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies. Mandatory statutory provisions — in particular retention periods — remain unaffected.


The transfer of data to the USA is based on the European Commission's standard contractual clauses. Details can be found here: https://calendly.com/pages/dpa.


As the website operator, we have a legitimate interest in enabling straightforward appointment scheduling with prospects and customers.


Purpose of processing: straightforward appointment scheduling with prospects and customers.

Legal basis: Art. 6(1)(f) GDPR

Pipedrive

We use the CRM system "Pipedrive" (Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia) on our website. When contacting us (via the contact form), the user data is recorded and processed in Pipedrive. Pipedrive allows us to process and respond to requests and messages more quickly. For this purpose, data is transferred to Pipedrive and stored on Pipedrive servers. We use the Pipedrive CRM system from the provider Pipedrive OÜ on the basis of our legitimate interests (efficient and fast processing of user inquiries, existing customer management, new customer business).


You can access Pipedrive's privacy policy here: https://www.pipedrive.com/en/privacy. Further information on data protection at Pipedrive can also be found at https://support.pipedrive.com/de/article/pipedrive-and-gdpr.


Purpose of processing: fast and effective processing of contact inquiries


Legal basis: Art. 6(1)(f) GDPR

Social Media – LinkedIn

We operate company profiles on LinkedIn:


Eximio: https://www.linkedin.com/company/eximio-ai


Data may be processed outside the European Union in this context.


Data processing by us


All data you enter on our LinkedIn profiles (e.g. comments, messages) is published by the platform operator and used by us exclusively for public relations purposes and for up-to-date information and interaction with our visitors.


Legal basis: Art. 6(1)(f) GDPR (legitimate interest in public relations and communication)


Data processing by LinkedIn


When our profiles are accessed, LinkedIn, as the platform operator, processes data. We have neither control over nor full insight into the form this processing takes. The extent of processing depends, among other things, on whether you are yourself logged into LinkedIn. LinkedIn may also process data outside the EU; we cannot fully guarantee GDPR-compliant processing in this regard.


We operate our LinkedIn pages jointly with LinkedIn within the meaning of Art. 26 GDPR (joint controllership). This is based on LinkedIn's Joint Controller Addendum.


Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland


Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out


Purpose of processing: fast and effective processing of contact inquiries as well as public relations


Legal basis: Art. 6(1)(f) GDPR

Your Rights

Under the GDPR, you have the following rights:

- Right of access to your data (Art. 15)

- Right to rectification (Art. 16)

- Right to erasure ("right to be forgotten") (Art. 17)

- Right to restriction of processing (Art. 18)

- Right to data portability (Art. 20)

- Right to object to processing (Art. 21)

- Right to lodge a complaint with a supervisory authority (Art. 77)


If processing is based on your consent (Art. 6(1)(a)), you have the right to revoke that consent at any time with effect for the future.


To exercise your rights or ask questions about your data, please contact: dpo@kordiam.io

Updates to This Privacy Policy

We may update this privacy notice from time to time, for example due to legal changes or website updates. The current version is always available on this page.


Last updated: May 8, 2025

Kordiam AI Systems GmbH, Falkenried 74a, 20251 Hamburg, Germany

German Impressum:

Geschäftsführer: Matthias Kretschmer

Phone: +49 40 88 14 170 - 0

Email: info@eximio.ai

AG Hamburg - HRB 121060

UStID: DE280338545

Inhaltlich Verantwortlicher: Matthias Kretschmer

Datenschutzbeauftragter: dpo@kordiam.io