Legal Disclaimers & Data Protection


The protection of your personal data is a high priority for aversan. It is important to us to inform you what personal data we collect, how your data is used, and how you can influence the process.


We make information available on our websites which we select and check carefully and on a regular basis. However, we expressly point out that we do not assume any warranties for the correctness, completeness or up-to-dateness of the information offered on those websites. In particular, Aversan assumes no liability for content which is expressly or impliedly identified as third-party content. Aversan is not responsible for ensuring that such content is complete, correct, current, and lawful and that it does not inadmissibly interfere with the legal interests of any third parties. This applies in particular to any external links on the websites – we cannot accept any responsibility for their content.

We reserve the right to change, add to or remove any information on our websites without prior notice.

Aversan is not liable for any loss of data in connection with the use of documents, of information, of our websites, or any services accessible on those websites. Aversan is also not liable if you cannot use or access such documents, information, our websites or any services accessible on those websites.

Intellectual Property

The content featured on our websites is protected by copyright, including the design and “look & feel” of the site. No part of the content may be reproduced, printed, translated, digitally processed, archived, or made accessible to third parties under a different URL without the express written consent of Aversan Inc. Links to our websites are permitted only if the displayed Aversan website becomes the sole content in the browser window.

The Aversan symbol is a registered trademark of Aversan Inc. Other application, product, or company designations mentioned may be trademarks or business references of third parties. The use of such trademarks and business references is not permitted without the express prior permission of Aversan Inc. or the respective owner.

  • ITIL® is a Registered Trade Mark of the Cabinet Office in the United Kingdom and other countries.
  • IT Infrastructure Library® is a Registered Trade Mark of the Cabinet Office in the United Kingdom and other countries.
  • ISO® is a Registered Trade Mark of the International Organization for Standardization (ISO).
  • COBIT® is a Registered Trade Mark of the Information Systems Audit and Control Association (ISACA).
  • TOGAF® is a registered trademark of The Open Group in the United States and other countries.
  • ISACA® is a registered trademark of Information Systems Audit and Control Association.

Compliance and Code of Conduct

At Aversan, we firmly believe that the cornerstone of our success lies in fostering a company-wide culture characterized by integrity, ethics, and personal responsibility. As the ethical landscape governing business operations and workplace conduct becomes increasingly intricate, our Code of Conduct serves as the guiding compass for our behavior.

Compliance is paramount to us, encompassing adherence to legal provisions, internal policies, and ethical principles. Aversan operates within the Compliance Management System tailored to our organization.

Instances of legal or regulatory violations, as well as breaches of Aversan’s internal rules and regulations, can be reported through our internal channels.

This reporting mechanism extends to concerns related to human rights, environmental risks, and violations within our global supply chain. Such matters may impact the actions of our employees within Aversan and those of our suppliers and business partners.

General Terms of Contract

The General Terms of Contract of Aversan can be found here: 

Appendix to the data protection notice "Notice for all visitors of this website"

Please include your consent ID and date when contacting us regarding your consent

Your consent applies to the following domains:
Your current state: Allow all.

Your consent ID:


Consent date: Thursday, May 23, 2024 at 01:48:45 PM GMT+5:30

The data controller is, unless stated otherwise, Aversan Inc. If you have any questions regarding privacy you can contact or our Data Protection Officer at the aforementioned postal address

Note that where you have a business relationship with any Aversan entity other than Aversan Inc (including without limitation as a client, service provider, applicant, or if you have signed up for a newsletter at any Aversan entity other than Aversan Inc, such other Aversan entity is the controller of that data. If you have any questions regarding protection of your data controlled by any such Aversan entity, you can find contact details through our contact us page.

With regard to any of the activities listed below, you have the following rights under Canadian data protection laws:

  • To request information about the categories of personal data processed, the purposes of the processing, any recipients of the data, and the envisaged storage period.
  • To request rectification of incorrect or incomplete data.
  • To withdraw consent at any time with effect for the future.
  • To object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation.
  • To request the erasure of data in certain cases, especially if the data is no longer necessary in relation to the purposes for which it was collected or is unlawfully processed, or if you withdraw your consent or object to processing.
  • To demand the restriction of data processing under certain circumstances where erasure is not possible or the erasure obligation is disputed.
  • To data portability, i.e., to receive the data you provided to us in a commonly used and machine-readable format such as CSV, and to transfer the data to others where necessary.
  • To file a complaint with the responsible supervisory authority regarding data processing. This could be, for instance, the national data protection authority relevant to your jurisdiction.

If you have a business relationship with a company within the Aversan Group other than Aversan Inc., you have the rights set forth in part three (“Data Subject Rights”) of the Binding Corporate Rules Privacy, in addition to the rights to which you are entitled by law. This means that where you have a business relationship with any Aversan entity other than Aversan Inc., you have – in addition to any rights you may have under applicable local law – the rights set out in Part Three (“Rights of Data Subjects”) of the Binding Corporate Rules Privacy in relation to that Aversan entity.

  • To processors, i.e., companies we engage to process data within the legally defined scope (Art. 28 GDPR), such as service providers and agents. In this case, Aversan remains responsible for protecting your data. We engage companies particularly in the following areas: IT, marketing, finance, HR, logistics, and printing.
  • To cooperation partners who, on their own responsibility, provide services for you or in conjunction with your Aversan contract. This applies if you order services from these partners through us, if you consent to the involvement of the partner, or if we involve the partner based on legal permission.


 Owing to legal obligations: In certain cases, we are legally obliged to transfer certain data to a state authority that requests it.

As a general rule, your data will be processed in Canada. If, in exceptional cases, your data is also processed in countries outside of Canada (so-called “Third Countries”, many of which do not provide a level of privacy adequate to that in Canada), this is done only:

  • If you have explicitly given your consent (Art. 49 (1) lit. a GDPR),
  • If it is necessary for us to provide you with services (Art. 49 (1) lit. b GDPR),
  • Or if it is prescribed by law (Art. 49 (1) lit. c GDPR).

Furthermore, your data is processed in Third Countries only if certain measures ensure a suitable level of privacy (e.g., through the EU Commission’s adequacy decision or through suitable guarantees, Art. 44 et seq. GDPR).

Within the Aversan Group, privacy and data security worldwide are subject to the Binding Corporate Rules Privacy (BCRP) of the Group Aversan, which have been approved by the relevant data protection authorities.

Collection of Technical Characteristics in the Provision of the Website

When you visit our web pages, the web server temporarily records the domain name or your computer’s IP address, date/time of request, HTTP request header data (especially user agent), the file requested (file name and URL) by the client, the HTTP response code, and the website from which you are visiting us.

The recorded data is used solely for data security purposes, particularly to protect against attempted attacks on our web server. We do not use it to create individual user profiles, nor do we share this information with third parties. It is erased after seven days at the latest. We reserve the right to statistically analyze anonymized data records. We have a legitimate interest in this.

Links to Social Media Networks

Some web pages include buttons for social media networks (such as Facebook, Twitter, YouTube, Xing, and LinkedIn) that you can use to recommend the services of Aversan to others.

To ensure you retain full control of the data, the buttons provide direct contact between the respective social network and the visitor only once you actively click on the button (one-click solution).

When the social media plug-in is activated or links in the pictogram are used, also for the purpose of sharing content, the following data can be forwarded to the social media provider: IP address, browser information, operating system, screen resolution, installed browser plug-ins (such as Adobe Flash Player), previous website if you followed a link (referrer), URL of the current website, etc. The next time you visit the website, the social media plug-ins are again provided in the default disabled mode, ensuring that no data is transferred during a repeat visit to the website. For more information about social media plug-ins and about the purposes for which data is processed, along with other privacy-relevant information, please refer to the privacy statements of the companies responsible and to the one-click solution.

Will My Usage Habits be Evaluated, e.g., for Advertising Purposes or Tracking?

We want you to enjoy using our web pages and take advantage of our content and services. We have an economic interest in this. We analyze your usage habits based on anonymized or pseudonymized data so you can find the content that interests you and so we can make our web pages user-friendly. Reach measurement provides statistics on a website’s usage intensity and the number of users, along with comparable figures for all the connected services. We, or companies commissioned by us to process data, create usage profiles to the extent permitted by law. This information cannot be traced back to you directly.

When you visit our website, the web server temporarily records the domain name or IP address of your computer, information on the device, operating system, and browser used, geo-information down to a maximum of city level; the URL called up with the associated page title and optional information on the page content; the website from which the called individual page was reached (referrer site); the subsequent pages that were called from the called web page within an individual web page; the time spent on the web page; further interactions (clicks) on the web page such as entered search terms, downloaded files, and videos viewed. This information is pseudonymized or anonymized. Pseudonymized data is deleted after 24 hours although we reserve the right to evaluate anonymized data even beyond this period. We have a legitimate interest in this.


Upon your consent, we also use preference and analytics cookies. The cookie banner displayed when you visit our websites (or linked further below on this page) provides you with further information on those cookies, their respective purposes and storage periods, and gives you the opportunity to manage your consent. Should you wish to contact us regarding your consent, kindly provide us with the ID and date of your consent (that can also be found further below on this page).

Cookies that are required to deliver the web service and use key functions (“Necessary Cookies”) cannot be rejected. Further information on Necessary Cookies, their respective purposes, and storage periods can also be found in the cookie banner. The legal basis for processing Necessary Cookies is to deliver the services you requested.

Further information on cookies and consent can be found in the appendix on this page.

Services From Other Companies (Third-Party Providers)

We have integrated services from third-party providers that provide their services independently. If you consent to those services and visit our websites, data is collected and sent to those third parties and may be used by those third parties for their own commercial purposes, including aggregation with data from other sources. The legal basis for processing is your consent. The scope, purpose, and legal basis on which further processing is carried out for the respective third party’s own purposes can be found below.

To show you videos on our websites, we use the service YouTube, provided by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). YouTube collects data to provide users with better services – from determining basic information such as your language through to more complex services such as advertising.

What data is collected and how it is processed depends on how you use YouTube and your privacy settings. If you are not signed into a Google account, the data collected is stored with unique identifiers associated with your browser or device. This can, for instance, ensure that the language settings are retained during all browser sessions. If you are signed in to a Google account, data is also collected that is stored in your Google account.

The data is transferred to Google’s computers and stored there. Google may transfer data to Google LLC in the U.S.A.

Learn more about and object to Google’s data processing [here](

On our websites, we provide a wide range of newsletters, mailings, and downloads. With your consent at the time of registration or download, the data from the relevant input form will be transmitted to us and stored to provide you with the requested information and potentially further information (e.g., current studies, events, trends, and solutions) in the future.

To tailor this information to your respective interests in the most relevant way possible, and also based on your consent at the time of registration or download, we use technologies in our newsletters and mailings called “web beacons” and cookies on our website when you follow a link. Web beacons are tiny graphics with a unique identifier. Their function is similar to that of cookies, and they are used to track users’ online behavior. We use these to identify which emails have been opened by recipients and which content is relevant. We combine data collected by web beacons with the personal data of our customers. We use cookies to record future visits of a registered user to our websites, the topics viewed, the IP address, the geographical location, the type of browser, and the duration of the visit. If you wish to manage your cookie consent, go to the cookie banner linked further below.

After registering, you will receive a confirmation email to the email address provided. Only after you have clicked on the link contained in this email is the registration completed (so-called “double opt-in procedure”).

You can revoke your consent at any time via a link at the bottom of each email or by sending a message to We will then delete your personal data immediately.

If you have downloaded gated content related to our products until 23.06.2026, we will store your data for a maximum of two years after you last contacted us. Your right to revoke your consent as set out above remains unaffected.

Registrations and a user’s consent for newsletters, mailings, or downloads are logged and can be stored for a longer period as proof of such consent. We have an overriding legitimate interest in this.

We use the “Facebook Insights” functions of Facebook, Inc. (“Facebook”) on our Facebook and Instagram pages and the “Page Insights” function of LinkedIn Corporation (“LinkedIn”) on our LinkedIn page (collectively referred to as the “Social Networks”) to obtain anonymized statistical data about the use of and visitors to our Facebook, Instagram, and LinkedIn pages. The legal basis is our legitimate interest in public relations and communication in general and, in particular, the optimization of our Facebook, Instagram, and LinkedIn presences, and to select groups that we want in particular to see our communication.

Via “Facebook Insights,” we receive information about the use of our Facebook and Instagram pages, particularly anonymized information about visitor profiles, including demographic and geographic evaluations. These usage statistics may also be created by Facebook across devices if you use Facebook or Instagram on multiple devices (e.g., in the browser and in the app). When you are a LinkedIn member and you visit, follow, or engage with our LinkedIn page, LinkedIn creates similar statistics, particularly with data that was provided by you to LinkedIn, such as job function, country, industry, seniority, company size, and employment status data from your profile. Additionally, LinkedIn will process information on how you have interacted with our company page, e.g., whether you are a follower.

With respect to our Facebook and Instagram pages, Aversan and Facebook, Inc., are jointly responsible for these statistics under applicable privacy law. We have concluded an agreement pursuant to privacy regulations with Meta on such joint controllership. The essence of this agreement and more detailed information on Facebook Insights can be found on Facebook’s official page. With respect to our LinkedIn page, Aversan and LinkedIn Corporation are jointly responsible for these statistics under applicable privacy law. We have concluded an agreement pursuant to privacy regulations with LinkedIn on such joint controllership. The essence of this agreement and more detailed information on Page Insights can be found on LinkedIn’s official page. Facebook and LinkedIn, respectively, assume essential obligations based on those respective agreements, particularly to inform data subjects and to safeguard data subject rights. You can also find out how to assert your data subject rights, in particular the right to request information and the right to object to the processing of the Insights data.

Independently of this, please note that the Social Networks may process further data from you on their own sole responsibility, e.g., through cookies. Whether and to what extent this is generally the case can be seen on Facebook, Instagram, and LinkedIn’s official privacy pages.

You can set the extent to which Facebook collects data on your user behavior when visiting Facebook and Instagram pages as a registered user of Facebook and as a registered user of Instagram. You can also find more options for managing data processing by Facebook and Instagram, including an objection form, under the options for general settings for Facebook and Instagram. LinkedIn provides choices about the collection, use, and sharing of a member’s data, from deleting or correcting data a member includes in its profile and controlling the visibility of its posts to advertising opt-outs and communication controls. LinkedIn offers member settings to control and manage the personal data it has about the member.

All Social Networks may transfer personal data to countries outside Canada and rely on either a decision that the country has an adequate level of privacy or on standard contractual clauses to achieve such an adequate level of privacy.

Please note that communication via all Social Networks is potentially insecure. You can always contact us via other means.

We process applicants’ data only for the application procedure and its administrative handling. As a general rule, we delete your data at the latest 6 months after the end of the application procedure. We may store your data longer to the extent your application leads to an employment relationship and the data is required for that employment relationship. The legal basis for this is Art. 6 (1) b GDPR (decision on the establishment or, respectively, performance of an employment contract).

All personal data on this website will only be transmitted in encrypted form. The identity of the server is known, and it is secured against unauthorized access by third parties. Effective algorithms check whether the data reaches its respective recipient completely and unchanged.

If you wish to contact us by e-mail, please note that due to the technical conditions of the Internet, confidentiality cannot be guaranteed for these messages. E-mails can also be changed by third parties or get lost.