Privacy Policy

Last Updated: April 16, 2025

Introduction

Welcome to Aeoseo’s Privacy Policy. This document outlines how we collect, use, process, and protect your personal data when you interact with our services, website, and applications.

Built with care by the Aeoseo team, this privacy policy aims to provide transparent information about our data-handling practices. We respect your privacy and are committed to protecting your personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This policy applies to all processing of personal data carried out by us, whether through our website (Aeoseo.com), mobile applications, or within external online presences such as our social media profiles (collectively referred to as our “online offerings”).

The terms used are not gender-specific.

Table of Contents

Responsible Party

Aeoseo
4700 S Normandie Ave
USA

Authorized Representatives:
Timothy Powell and Lisa R. Boone

Email Address:
contact@aeoseo.com

Phone:
323-298-0431

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the data subjects.

Types of Processed Data

Categories of Data Subjects

Purposes of Processing

Relevant Legal Bases

The following provides an overview of the legal basis of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.

In addition to the data protection regulations of the GDPR, national regulations on data protection apply in many countries. These include, in the United States, various state laws such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and others that may contain specific regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, and automated decision-making in individual cases, including profiling.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of, and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Our security measures include:

Transfer of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data transfers within our organization: We may transfer personal data to other entities within our organization or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and commercial interests or occurs where it is necessary for the fulfillment of our contractual obligations or where the consent of the data subjects or legal authorization exists.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

For data transfers to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional technical measures as necessary, following the invalidation of the EU-US Privacy Shield by the Court of Justice of the European Union in the “Schrems II” decision.

Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to apply or it is not necessary for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also contain further details on the retention and deletion of data, which have priority for the respective processing operations.

Specific retention periods include:

Use of Cookies

Cookies are small text files or other storage technologies that store information on end devices and read information from end devices. For example, to store the login status in a user account, the content of a shopping cart in an e-shop, the accessed content, or the functions used of an online offer. Cookies can also be used for different purposes, such as for the functionality, security, and comfort of online offers, as well as for the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Consent is not particularly necessary if the storage and reading of information, including cookies, are absolutely necessary to provide a telemedia service expressly requested by the users (i.e., our online offer). Necessary cookies usually include those that serve functions related to the display and operability of the online offer, load balancing, security, storage of user preferences and choices, or similar purposes related to the provision of the main and ancillary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and contains information on the respective cookie use.

Notes on legal data protection bases: The legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., the economic operation of our online offer and improvement of its usability) or, if necessary, for the fulfillment of our contractual obligations when the use of cookies is required to fulfill our contractual obligations. We clarify for which purposes the cookies are processed by us in the course of this data protection declaration or as part of our consent and processing procedures.

Storage duration: The following types of cookies are distinguished regarding the storage duration:

General information on revocation and objection (Opt-Out): Users can revoke their given consents at any time and object to the processing in accordance with the legal requirements under Art. 21 GDPR. Users can also declare their objection via the settings of their browser, e.g., by deactivating the use of cookies (which can also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further information on processing processes, procedures, and services:

Business Services

We process data from our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and similar legal relationships, as well as associated measures and within the framework of communication with the contractual partners (or pre-contractual), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any updating obligations, and remedies for warranty and other performance disruptions. Additionally, we process the data to safeguard our rights and for administrative tasks associated with these obligations, as well as business organization. Furthermore, we process the data based on our legitimate interests in proper and economic business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). We only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the framework of this data protection declaration.

We inform the contractual partners about which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of the legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons. The statutory retention period for tax-relevant documents as well as commercial books, inventories, opening balances, annual financial statements, the instructions required to understand these documents, and other organizational documents and booking receipts is ten years, and for received commercial and business letters and copies of sent commercial and business letters, six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking receipt was created, furthermore, the recording was made, or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Provision of Online Services and Web Hosting

We process the data of the users to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to deliver the content and functions of our online services to the user’s browser or end device.

Further information on processing processes, procedures, and services:

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter referred to as “publication medium”). The data of the readers is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the framework of these data protection notices.

Further information on processing processes, procedures, and services:

Contact and Request Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed as far as necessary to respond to the contact inquiries and any requested measures.

Further information on processing processes, procedures, and services:

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or with legal permission. If the contents of the newsletter are specifically described during the registration, they are decisive for the users’ consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter or further information if these are necessary for the purposes of the newsletter.

Double-Opt-In Procedure: The registration for our newsletter is generally carried out in a so-called double-opt-in procedure. This means you will receive an email after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with external email addresses. The registrations for the newsletter are logged to be able to prove the registration process in accordance with the legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the email service provider are also logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blacklist (so-called “blocklist”).

The logging of the registration process is based on our legitimate interests for the purposes of proving its proper implementation. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure sending system.

Contents:

Information about us, our services, promotions, and offers.

Further information on processing processes, procedures, and services:

Advertising Communication

We process personal data for the purposes of advertising communication, which may take place via various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke given consents at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove previous authorization to contact or send for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest in permanently observing the users’ revocation or objection, we further store the data required to avoid renewed contact (e.g., depending on the communication channel, the email address, phone number, name).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate the visitor flows of our online offer and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize when our online offer or its functions or content are used most frequently or invite reuse. We can also identify which areas need optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, may be created, and information stored in a browser or an end device and read from it for these purposes. The information collected includes, in particular, visited websites and used elements, as well as technical information, such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data by us or the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP-masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear data of users (such as email addresses or names) are not stored within the framework of web analysis, A/B testing, and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the respective procedures.

Further information on processing processes, procedures, and services:

Online Marketing

We process personal data for the purposes of online marketing, which may include the marketing of advertising spaces or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, user profiles are created and stored in a file (so-called “cookie”), or similar procedures are used, in which the relevant information for the display of the aforementioned content is stored about the user. This information may include, for example, viewed content, visited websites, used online networks, but also communication partners, and technical information, such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. Generally, clear data of users (such as email addresses or names) are not stored within the framework of online marketing procedures, but pseudonyms. This means that we and the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by similar procedures. These cookies can generally be read later on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with further data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data may be assigned to the profiles. This is the case if the users, for example, are members of a social network whose online marketing procedures we use, and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by consenting within the framework of the registration.

We generally only have access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is solely used to analyze the success of our marketing measures.

Unless otherwise stated, please assume that the used cookies are stored for a period of two years.

Further information on processing processes, procedures, and services:

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. If users rate us via the participating rating platforms or procedures or provide feedback in other ways, the general terms and conditions or usage conditions and the data protection notices of the providers also apply. As a rule, the rating also requires registration with the respective providers.

To ensure that the persons providing reviews have actually used our services, we transmit the necessary data regarding the customer and the service used to the respective rating platform (including name, email address, and order number or item number) with the customer’s consent. This data is used solely to verify the authenticity of the user.

Further information on processing processes, procedures, and services:

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with the users active there or to offer information about us.

We point out that user data may be processed outside the area of the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce the rights of users.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on the usage behavior and resulting interests of users. The usage profiles can, in turn, be used to display advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, we refer to the data protection declarations and information of the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

Further information on processing processes, procedures, and services:

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the users’ IP addresses, as they could not send the content to their browsers without the IP address. The IP address is, therefore, necessary for the presentation of this content or functions. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and may include technical information about the browser and operating system, referring websites, visit times, and other details about the use of our online offer, as well as being linked to such information from other sources.

Further information on processing processes, procedures, and services:

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or if other individual notification becomes necessary.

If we provide the addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time, and we ask you to check the information before contacting us.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Definitions and Legal References

Personal Data

Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Recipient

A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not.

Third Party

A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

Freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Cookies

Small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

IP Address

A unique address that identifies a device on the Internet or a local network.

Legal Basis

The lawful grounds on which personal data may be processed, as set forth in applicable data protection law.

Legitimate Interest

The interest of a business in conducting and managing its activities to enable it to function properly and provide the best service/products. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Contact us with any questions:

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: contact@aeoseo.com Phone: 323-298-0431 Address: 4700 S Normandie Ave

This privacy policy was last updated on April 28, 2025.

close menu icon

Learn how we helped 100 top brands gain success.

Let's have a chat