Try it for free now!
En
Try it for free now!

Privacy Policy App

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section ‘Notice Regarding the Responsible Party’ in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include, for example, data you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. Where contracts can be concluded or initiated via the website, the submitted data is also processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with questions on this subject and on further questions about data protection.

Analysis Tools and Third-Party Tools

When you visit this website, your surfing behavior may be statistically analyzed. This is done primarily using so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

Microsoft Azure

We host the content of our application with the following provider: Microsoft Azure

The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hereinafter ‘Microsoft’).

For details, please refer to Microsoft’s privacy policy: https://privacy.microsoft.com/en-us/privacystatement

The use of Microsoft Azure is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable and secure presentation of our application as possible. Where the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA may take place. Microsoft is certified under the EU-US Data Privacy Framework (DPF), ensuring compliance with European data protection standards.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that this service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details and further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5666.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Notice Regarding the Responsible Party

The responsible party for data processing on this website is:

Steinpilz Risotto UG (haftungsbeschränkt)

Rosa-Heinzelmann-Str. 20

73230 Kirchheim unter Teck

Phone: +49 (0) 7021 9929943

Email: anfrage@steinpilz-risotto.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these reasons no longer apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed pursuant to Art. 9(1) GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer:

Viorica-Simona Mic

Verdandi Datenschutz GmbH

Robert-Bosch-Str 7

71229 Leonberg

Phone: +49 (0) 1522 6687466

Email: viorica.mic@verdandi-datenschutz.com

Recipients of Personal Data

In the course of our business activities, we work with various external parties. In some cases, it is necessary to transfer personal data to these external parties. We only share personal data with external parties where this is necessary for the performance of a contract, where we are legally obliged to do so (e.g., disclosure of data to tax authorities), where we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or where another legal basis permits the disclosure of data. When using processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to Data Portability

You have the right to have data which we process on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a standard, machine readable format. If you require the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

Information, Correction and Deletion

Within the framework of the applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin and recipient, and the purpose of data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time with this and other questions on the subject of personal data.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from its storage only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL and TLS Encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our websites use so-called ‘cookies’. Cookies are small data packages and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services from third party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g., for the shopping cart function) or to optimize the website (e.g., cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); this consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If further cookies and services are used on this website, you will find details in this privacy policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website for this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completed processing of your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

SendGrid

For sending emails, we use the service SendGrid. The provider is Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA.

When you contact us via the contact form or by email, your data may be processed via SendGrid servers for the technical handling of the email transmission. In particular, email address, message content, and technical metadata (e.g., time of sending, IP address) are processed.

The use of SendGrid is based on Art. 6(1)(b) GDPR (contract initiation or performance) and on our legitimate interest in reliable and secure email communication pursuant to Art. 6(1)(f) GDPR.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Further information can be found in SendGrid’s privacy policy: https://www.twilio.com/legal/privacy

Inquiries by Email, Phone or Fax

If you contact us by email, phone, or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completed processing of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Registration on This Website

You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, such as changes to the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.

The processing of data entered during registration is carried out for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Art. 6(1)(b) GDPR).

The data collected during registration is stored by us for as long as you are registered on this website and is then deleted. Statutory retention periods remain unaffected.

5. Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It is only used for managing and playing out the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in quick and uncomplicated integration and management of various tools on his website. Where the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/5780

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used, and the user’s origin. This data is summarized in a user ID and assigned to the respective device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement collected datasets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://business.safety.google/adscontrollerterms/sccs/

The company is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/5780

IP Anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

For more information about how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data may be used for personalized advertising using Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Order Processing

We have concluded a contract for order processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel of Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland. According to Meta, however, the collected data is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Meta advertisement. This allows the effectiveness of Meta advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile on Facebook or Instagram is possible, and Meta can use the data for its own advertising purposes, in accordance with Meta’s data usage policy. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

We use the function of extended matching within Meta Pixel. Extended matching allows us to transmit various types of data (e.g., place of residence, state, postal code, hashed email addresses, names, gender, date of birth, or telephone number) of our customers and interested parties that we collect via our website to Meta. This allows us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offers. Extended matching also improves the attribution of website conversions and expands custom audiences.

Insofar as personal data is collected on our website and forwarded to Meta using the tool described here, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its forwarding to Meta. The processing carried out by Meta after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for implementing the tool in a data protection-compliant manner on our website. Meta is responsible for the data security of Meta products. Data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram can be asserted directly with Meta. If you assert data subject rights with us, we are obliged to forward them to Meta.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can deactivate the remarketing function ‘Custom Audiences’ in the area Settings for Advertisements at: https://www.facebook.com/ads/preferences/entry_product=ad_settings_screen You must be logged in to Facebook to do this.

If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

The company is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/4452

Mixpanel

This website uses the web analytics service Mixpanel. The provider is Mixpanel Inc., 1 Front Street, Floor 28, San Francisco, CA 94111, USA.

Mixpanel allows us to analyze and evaluate the behavior of website visitors. Usage data such as page views, length of visit, click behavior, and technical information (e.g., browser, operating system) are processed. The data may be assigned to pseudonymous user profiles.

Mixpanel uses technologies that enable the recognition of the user (e.g., cookies or similar tracking technologies).

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Further information on data protection at Mixpanel can be found at: https://mixpanel.com/legal/privacy-policy/

6. Plugins and Tools

Google reCAPTCHA

We use ‘Google reCAPTCHA’ (hereinafter ‘reCAPTCHA’) on this website. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether data entry on this website (e.g., in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

Google acts in this context as a pure processor within the meaning of Art. 28 GDPR and will not use the data collected in this way for its own purposes. The use of the tool is based on a data processing agreement (DPA) with Google.

The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting his web offers against abusive automated espionage and SPAM. Where the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/5780

Google Fonts

This website uses Google Fonts to display fonts. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page, your browser loads the required fonts directly from Google servers. In doing so, your IP address is transmitted to Google. Google Fonts are integrated locally on our server, so no connection is made to Google servers during your visit. If, however, web fonts are loaded from external Google servers, your browser transmits your IP address to Google.

The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the typeface on his website. Where the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG; this consent can be revoked at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/5780

Sentry

We have integrated Sentry on this website. The provider is Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA (hereinafter Sentry).

Sentry is an open-source error tracking service that enables us to monitor and fix errors and crashes in web-based software in real time. For this purpose, the following types of data may be processed:

  • User identity (user ID, email, full name)
  • Tenant information (tenant ID, tenant name)
  • Network & device data (IP address, browser, OS)
  • HTTP request data (URLs, query parameters, headers, cookies, request bodies)
  • Errors & diagnostics (exceptions, error messages, user action breadcrumbs, tenentId / tenant name / user IDs during Stripe failures)
  • Performance data (page load times, API call durations)
  • User-submitted feedback (name, email, description text, optional screenshot).

We host Sentry locally on our servers, so the data is processed by us.

The use of Sentry is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the error-free functioning of its own website.

Where the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details can be found in the provider’s privacy policy at: https://sentry.io/privacy/

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

The company is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/5869

Atlassian Jira Integration

Our application integrates with Atlassian Jira for time tracking and work logging purposes. The provider is Atlassian B.V., Weesperstraat 165, 1097 DV Amsterdam, The Netherlands; for users outside Europe, the relevant entity is Atlassian Pty Ltd, 341 George St, Sydney NSW 2000, Australia.

Through this integration, the application synchronizes time entries and work logs with Jira issues and projects. When the integration is active, the following data may be transmitted between our application and Jira:

  • Logged hours / worklogs (time entries attributed to specific issues or projects)
  • Project and issue data (e.g., project names, issue titles, issue keys)

No cost rate data or personal financial information is transmitted to Jira.

The legal basis for this integration is Art. 6(1)(b) GDPR, insofar as the synchronization of time tracking data is necessary for the performance of a contract with the user or for the implementation of pre-contractual measures. In addition, processing is based on Art. 6(1)(f) GDPR — we have a legitimate interest in enabling seamless workflow integration between our application and project management tools already in use by our customers.

Data processed via the Jira integration is subject to Atlassian’s data protection practices. Atlassian may store and process data in various regions, including the USA and Australia. Where applicable, data transfers to third countries are based on the standard contractual clauses of the EU Commission or other appropriate safeguards.

We have concluded a data processing agreement (DPA) with Atlassian to ensure that personal data is processed solely in accordance with our instructions and in compliance with the GDPR.

For more information on Atlassian’s data protection practices, please refer to: https://www.atlassian.com/legal/privacy-policy

Microsoft Authentication (SSO)

Our application integrates Microsoft Single Sign-On (SSO) authentication. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

When you sign in using your Microsoft account, Microsoft processes your authentication credentials and may transmit personal data such as your name, email address, and profile information. This data is used solely for the purpose of authenticating your identity and granting access to the application.

The use of Microsoft SSO is based on Art. 6(1)(b) GDPR (contract performance or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in secure and seamless user authentication).

Data transfer to the USA may take place. This transfer is based on the standard contractual clauses of the EU Commission. Microsoft is certified under the EU-US Data Privacy Framework (DPF).

Further information on Microsoft’s data protection practices can be found at: https://privacy.microsoft.com/en-us/privacystatement

Google Authentication (Planned Integration)

We are planning to integrate Google Sign-In for authentication purposes. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

When this feature is implemented, users will be able to sign in to the application using their Google account. Google will process authentication data such as name, email address, and profile picture for identity verification purposes.

The legal basis for this processing will be Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in secure authentication). This privacy policy will be updated accordingly once the integration is live.

For more information, please refer to Google’s privacy policy: https://policies.google.com/privacy

Apple Authentication (Planned Integration)

We are planning to integrate Sign in with Apple for authentication purposes. The provider is Apple Inc., One Apple Park Way, Cupertino, California 95014, USA; for users in the EU, the relevant entity is Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

When this feature is implemented, users will be able to sign in to the application using their Apple ID. Apple processes authentication data for the purpose of verifying user identity. Apple’s privacy-focused implementation allows users to optionally hide their real email address.

The legal basis for this processing will be Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in secure and privacy-respecting authentication). This privacy policy will be updated accordingly once the integration is live.

For more information, please refer to Apple’s privacy policy: https://www.apple.com/legal/privacy/

7. OpenAI / MCP Integration

Our application uses an integration with OpenAI via a Model Context Protocol (MCP) server to provide AI-powered features. The provider is OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA; for users in the European Economic Area, the relevant entity is OpenAI Ireland Ltd.

What Data Is Transmitted

In order to provide AI-assisted functionality within the application, certain personal data may be transmitted to OpenAI via our MCP server. This may include:

  • Name
  • Email address
  • Role / job title
  • Logged working hours
  • Project information
  • Client information
  • Cost rates
  • Phone number

The data transmitted depends on the specific AI feature used within the application and is limited to what is necessary for the requested function.

Purpose and Legal Basis

The transmission of personal data to OpenAI is carried out for the purpose of providing AI-supported features and analyses within the application (e.g., intelligent time tracking, project summaries, resource planning support). The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in providing intelligent application features).

Data Transfer to the USA

OpenAI is headquartered in the USA. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. OpenAI has implemented appropriate technical and organizational measures to ensure compliance with European data protection standards.

Data Retention by OpenAI

By default, OpenAI does not use data submitted via the API to train its models. API data may be retained for a limited period for abuse and safety monitoring purposes. We have concluded a data processing agreement (DPA) with OpenAI to ensure that personal data is processed solely on our instructions and in compliance with the GDPR.

For more information on OpenAI’s data protection practices, please refer to: https://openai.com/policies/privacy-policy

8. Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content design, and modification of our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of any applicable statutory retention periods. Statutory retention perids remain unaffected.

Payment Services

We integrate payment services from third party companies on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, bank account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consents can be revoked at any time for the future.

We use the following payment services / payment service providers on this website:

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter ‘Stripe’).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found in Stripe’s privacy policy at: https://stripe.com/de/privacy

Contact
Would you like to get to know our software or have your own ideas that we can implement together? Get in touch with us – we’ll be happy to advise you and tailor our solutions to your needs.

    Number of active users:
    Monthly fee:
    EUR/Monat
    (excl. VAT)
    Price per user:
    Savings of EUR per year
    / discount
    Inquiry
    If you have any questions about our products or would like to develop your own ideas/wishes, please contact us! We are happy to assist in the development of new software solutions!

      Our strengths are your success!
      Thank you very much!
      Your message has been sent successfully
      To the homepage