Meinheim AI Labs – Enterprise AI Solutions & Smart Automation

Contents

Preamble
Responsible Party
Overview of Processing
Legal Bases
Security Measures
Transfer of Personal Data
International Data Transfers
Data Storage & Deletion
Your Rights (GDPR)
Website & Web Hosting
Use of Cookies
Contact & Enquiries
Complaint Rights
Changes & Updates
Definitions

1 Preamble

With the following privacy notice, we would like to inform you about which types of your personal data we process, for what purposes and to what extent. This notice applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our website and within external online presences such as our social media profiles (collectively referred to as "online offer").

2 Responsible Party

Meinheim AI Labs / Meinheim360
Responsible person: Nithin Nadakkaparambil Uthaman
Address: Gollstrasse 68, 30559 Hannover, Germany
Email: meinheimailabs@gmail.com
Website: meinheimailabs.com

3 Overview of Processing

Types of Data Processed

Contact details (name, email address, telephone number)
Content data (messages, enquiry content)
Usage data (pages visited, time on site, click paths)
Meta, communication and procedural data (IP addresses, timestamps, browser info)
Log data (server access logs)

Categories of Affected Persons

Communication partners (anyone who contacts us)
Users (website visitors and users of online services)

Purposes of Processing

Responding to enquiries and providing our services
Appointment scheduling and client communication
Operation and security of our website
Compliance with legal obligations

4 Legal Bases (GDPR Art. 6)

We process personal data on the following legal grounds:

Consent (Art. 6(1)(a) GDPR) — where you have given explicit consent, e.g. by submitting a contact form.
Contract performance (Art. 6(1)(b) GDPR) — where processing is necessary to fulfil a contract or pre-contractual steps at your request.
Legal obligation (Art. 6(1)(c) GDPR) — where we are required by law to process your data.
Legitimate interests (Art. 6(1)(f) GDPR) — where processing is necessary for our legitimate business interests, provided these are not overridden by your fundamental rights.

In addition to the GDPR, the German Federal Data Protection Act (BDSG) applies where relevant.

5 Security Measures

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure:

TLS/SSL encryption (HTTPS) for all data transmitted via our website
Access controls limiting who can access personal data
Regular security reviews of our systems and procedures
Privacy-by-design principles applied when selecting tools and services

While we take all reasonable precautions, no internet-based system is completely secure. We cannot guarantee absolute security of data transmitted online.

6 Transfer of Personal Data

We may share your personal data with third-party service providers who assist in operating our website and delivering our services. All providers are bound by data processing agreements and only permitted to use your data for specified purposes.

Calendly (Appointment Booking) USA

We use Calendly (Calendly LLC, Atlanta, GA, USA) for appointment and discovery call bookings. Your name, email address and scheduling preferences are transmitted to and processed by Calendly as a data processor on our behalf.

Legal basis:Contract performance & legitimate interests (Art. 6(1)(b)(f) GDPR)

Instagram / Meta (Social Media) Ireland / USA

Our website links to our Instagram profile (@meinheimaillabs). Clicking this link redirects you to Meta Platforms Ireland Ltd., who process data according to their own privacy policy.

Google Gmail (Email Communication) USA

When you email us at meinheimailabs@gmail.com, your message is processed via Google LLC's Gmail service acting as a data processor.

AI Chat Widget

Our website features an AI-powered chat assistant. Messages submitted are processed to generate responses. Chat conversations are not stored beyond the active session unless explicitly stated.

7 International Data Transfers

Some service providers (including Calendly and Google) are based in the USA. When personal data is transferred outside the EEA, we ensure appropriate safeguards:

EU–US Data Privacy Framework (DPF) — recognised as a secure legal framework by EU Commission adequacy decision of 10 July 2023.
Standard Contractual Clauses (SCCs) — as approved by the EU Commission, serving as an additional safeguard.

More information: dataprivacyframework.gov and EU Commission — International Data Protection

8 Data Storage and Deletion

We delete personal data as soon as the purpose no longer applies and no legal retention obligation requires further storage. Standard German law retention periods:

10 years — Books, records, annual financial statements (§ 147 AO, § 257 HGB)
8 years — Invoices and booking documents (§ 147 AO, § 257 HGB)
6 years — Business correspondence and other commercial documents (§ 147 AO, § 257 HGB)
3 years — Warranty and contractual claims (§§ 195, 199 BGB)
30 days — Server log files
Up to 2 years — Contact enquiries and communication records

If multiple retention periods apply to the same data, the longest period is decisive.

9 Your Rights Under GDPR

As a data subject you are entitled to the following rights (Art. 15–21 GDPR):

Right of access (Art. 15) — Request confirmation of whether we process your data and obtain a copy.
Right to rectification (Art. 16) — Request correction of inaccurate or incomplete data.
Right to erasure (Art. 17) — Request deletion of your data ('right to be forgotten'), subject to legal retention obligations.
Right to restriction (Art. 18) — Request that we limit how we use your data.
Right to data portability (Art. 20) — Request your data in a structured, machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent — Withdraw consent at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at: meinheimailabs@gmail.com
We will respond within 30 days. There is no charge for exercising your rights.

10 Website Operation and Web Hosting

We process user data to provide our online services, including the IP address necessary to transmit content to the user's browser or device.

Data processed: IP address, browser type, operating system, access time, pages visited, referring URL
Purpose: Providing the website, security, and server stability
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Retention: Server log files stored for a maximum of 30 days, then deleted or anonymised

11 Use of Cookies

Cookies are small text files stored on your device. We use cookies in accordance with legal requirements, obtaining consent where required.

Types of Cookies

Session cookies — Temporary; deleted when you close your browser.
Permanent cookies — Stored after closing the browser, up to 2 years unless stated otherwise.
Essential cookies — Required for the website to function; no consent needed.
Analytics cookies — Only set with your prior consent.
Third-party cookies — May be set by Calendly or other embedded services.

Managing Cookies

You can manage or withdraw cookie consent at any time through our cookie consent banner or your browser settings. Disabling certain cookies may affect website functionality.

Legal basis: Consent (Art. 6(1)(a) GDPR) for non-essential cookies; Legitimate interests (Art. 6(1)(f) GDPR) for essential cookies

12 Contact and Enquiry Management

When you contact us via our contact form, email, telephone or social media, we process the information you provide to respond to your enquiry and handle any requested actions.

Data processed: Name, email address, message content, and any other information you provide
Purpose: Responding to enquiries, managing client communication, delivering services
Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR)
Retention: Deleted in accordance with the general retention periods above

We use this data exclusively for the stated purpose and do not pass it to third parties without your consent, except where required by law.

13 Right to Lodge a Complaint

If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the competent supervisory authority.

Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Website: bfdi.bund.de

You may also contact the data protection authority of the German federal state where you reside.

14 Changes and Updates

We reserve the right to update this Privacy Notice at any time to reflect changes in our data processing practices, services or legal requirements. The status date at the top of this document indicates the most recent update. We recommend checking this page periodically.

15 Definitions of Terms

Personal data

Any information relating to an identified or identifiable natural person — including names, email addresses, IP addresses and online identifiers.

Processing

Any operation performed on personal data, including collection, storage, use, transmission or deletion.

Controller

The natural or legal person who determines the purposes and means of processing personal data — in this case, Nithin Uthaman / Meinheim AI Labs.

Contact data

Information enabling communication, such as name, email address, telephone number and postal address.

Usage data

Information about how users interact with our website, including pages visited, time on site, device type and IP address.

Log data

Records of system events including IP addresses, access times, browser information, pages retrieved and error messages.