Operator:
Aiena e.V.
E-Mail: [email protected]
Service: Image hosting portal at images.aiena.de
Last updated: 20 November 2025, 05:00 (Europe/Berlin)
1. General Information
The protection of your personal data is important to us. This Privacy Policy explains how we, Aiena e.V. (“we”, “us”, “our”), collect, process and protect personal data when you use images.aiena.de (the “Service”). We process personal data strictly in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.
2. Data Controller
The controller responsible for data processing within the meaning of Article 4(7) GDPR is:
Aiena e.V.
E-Mail: [email protected]
3. Categories of Processed Data
We may collect and process the following categories of personal data when you use the Service:
- Account Data: Username, e-mail address, password (hashed), registration date.
- Usage Data: IP address, browser type, device information, date and time of access, pages visited, and referrer URL.
- Uploaded Content Metadata: Filenames, timestamps, size, and technical file properties.
- Communication Data: Messages or e-mails you send to us (e.g. support requests, takedown notices).
- Cookies and Similar Data: Small text files and identifiers that help us provide and secure the Service.
4. Purposes of Processing
We process personal data for the following purposes:
- To operate, maintain, and improve the Service.
- To create and manage user accounts.
- To prevent abuse, spam, or unlawful use of the Service.
- To comply with legal obligations, e.g., under the Telemedia Act (TMG) or the Digital Services Act (DSA).
- To respond to user inquiries, support requests, or legal notices.
- To perform statistical or security analyses in aggregated or anonymised form.
5. Legal Bases for Processing
We process personal data in accordance with the following legal bases under Article 6 GDPR:
- Art. 6(1)(b) GDPR: Performance of a contract or pre-contractual measures (e.g., account registration and Service provision).
- Art. 6(1)(c) GDPR: Compliance with legal obligations (e.g., tax, legal retention, or law enforcement duties).
- Art. 6(1)(f) GDPR: Legitimate interests, such as ensuring IT security, preventing misuse, and analysing technical performance.
- Art. 6(1)(a) GDPR: Based on your consent, e.g., for optional cookies or communications, if applicable.
6. Data Storage and Retention
(a) Personal data will only be stored for as long as necessary to achieve the purposes outlined above or
as required by statutory retention obligations.
(b) Uploaded images and associated metadata are stored until you delete them or your account is terminated.
(c) Server logs and security data are typically retained for up to 30 days for technical and security reasons,
unless longer storage is necessary for incident investigation or legal reasons.
7. Data Sharing and Recipients
(a) We do not sell or rent your personal data.
(b) We only share data with third parties in the following limited cases:
- When required by law, court order, or official authority.
- With service providers (e.g., hosting providers, e-mail systems) who process data on our behalf under data processing agreements (Art. 28 GDPR).
- To enforce our rights or defend against legal claims, if necessary.
All third-party service providers are carefully selected and contractually bound to maintain adequate data protection and security measures.
8. Cookies and Tracking
(a) We use cookies and similar technologies that are technically necessary to provide and secure the Service.
(b) Non-essential cookies (e.g., for analytics) will only be used with your explicit consent, where applicable.
(c) You can adjust your browser settings to block cookies, but this may affect the functionality of the Service.
9. Server Logs
When you access images.aiena.de, our servers automatically log data such as your IP address, browser type, operating system, referring URL, and access time. This data is used exclusively for technical purposes (ensuring system stability, security, and troubleshooting) and deleted automatically after a short retention period, unless required for security investigation.
10. Security Measures
We implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, and destruction. These measures include encryption, restricted access, secure backups, and regular audits of our systems.
11. User Rights under the GDPR
You have the following rights under the General Data Protection Regulation (GDPR):
- Right of access (Art. 15 GDPR): Obtain information about the personal data we process about you.
- Right to rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17 GDPR): Request deletion of your data under certain conditions (“right to be forgotten”).
- Right to restriction (Art. 18 GDPR): Restrict processing of your data in specific cases.
- Right to data portability (Art. 20 GDPR): Receive your data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21 GDPR): Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time, without affecting prior lawful processing.
- Right to lodge a complaint (Art. 77 GDPR): File a complaint with a supervisory authority, especially in the EU country of your habitual residence, workplace, or alleged infringement.
12. International Data Transfers
As a rule, we store and process all data within the European Union (EU) or the European Economic Area (EEA). If, in exceptional cases, data is transferred to a country outside the EEA, we ensure adequate protection by using standard contractual clauses (SCCs) or other legal mechanisms in accordance with Articles 44–49 GDPR.
13. Third-Party Links and Embedded Content
The Service may contain links to external websites or embedded content (e.g., images, media players) operated by third parties. We are not responsible for the content or privacy practices of those third-party services. When you follow external links, their respective privacy policies apply.
14. Account Deletion and Data Removal
(a) You may request deletion of your account and associated personal data at any time by contacting
[email protected].
(b) After account deletion, we will erase or anonymise your data unless statutory retention obligations
require longer storage (e.g., under tax or IT security law).
(c) Backups containing deleted data are automatically purged after the backup retention period.
15. Changes to this Privacy Policy
We may amend this Privacy Policy if required by changes in law, technology, or Service features. The latest version is always available on images.aiena.de. Substantial changes will be announced in advance where appropriate.
16. Contact and Data Protection Queries
For any questions or requests concerning this Privacy Policy or your personal data, please contact:
Aiena e.V.
E-Mail: [email protected]
Subject: "Data Protection Inquiry – images.aiena.de"
We will respond to all legitimate requests within a reasonable period and in accordance with applicable law.