Privacy Policy

Effective Date: May 15, 2025

Table of Contents

• Responsible Party
  
  

• Data Protection Officer Contact
  
  

• Overview of Data Processing
  
  

• Applicable Legal Bases
  
  

• General Information on Data Storage and Deletion
  
  

• Provision of Online Services and Web Hosting
  
  

• Use of Cookies
  
  

• Registration, Login, and User Account
  
  

• Single Sign-On Login
  
  

Responsible Party

Roland Mössner
Kirchgasse 10
71696 Möglingen
Email: rolandmossner81@gmail.com

Data Protection Officer Contact

rolandmossner81@gmail.com

Overview of Data Processing

The following overview summarizes the types of data processed, the purposes of processing, and references the affected individuals.

Types of Processed Data

• Inventory Data
  
  

• Contact Data
  
  

• Content Data
  
  

• Usage Data
  
  

• Meta, Communication, and Procedural Data
  
  

• Log Data
  
  

Categories of Affected Individuals

• Users
  
  

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations
  
  

• Security measures
  
  

• Organizational and administrative procedures
  
  

• Registration procedures
  
  

• Provision of our online services and user-friendliness
  
  

• Information technology infrastructure

Applicable Legal Bases

The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection laws may apply in your or our country of residence or establishment. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1) sentence 1 lit. a GDPR)
  The data subject has given consent to the processing of their personal data for one or more specific purposes.
  
  

• Performance of a Contract and Pre-Contractual Requests (Art. 6(1) sentence 1 lit. b GDPR)
  Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  
  

• Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR)
  Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  
  

National Data Protection Regulations in Germany

In addition to the GDPR, national data protection laws in Germany apply, notably the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG includes special provisions on the right to information, the right to deletion, the right to object, processing of special categories of personal data, processing for other purposes, transmission, as well as automated individual decision-making including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Note on the Applicability of GDPR and Swiss Data Protection Act (DSG)

These privacy notices serve to provide information in accordance with both the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that the terminology of the GDPR is used here for broader spatial application and clarity. For example, the terms used in the Swiss DSG such as "processing" of "personal data," "overriding interest," and "particularly sensitive personal data" correspond to the GDPR terms "processing" of "personal data," "legitimate interest," and "special categories of data." However, the legal meaning of these terms continues to be determined according to the Swiss DSG within its scope of application.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies in cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal claims or the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing activities.

If multiple retention periods or deletion deadlines are given for a datum, the longest period always applies.

If a period does not explicitly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the effective date of termination or other ending of the legal relationship.

Data that is no longer needed for the original purpose but is retained due to legal requirements or other reasons is processed solely for the reasons justifying its retention.

Additional Information on Processing Procedures, Processes, and Services:

Retention and Deletion of Data: The following general retention periods apply for retention and archiving under German law:

• 10 years — Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the work instructions and other organizational documents necessary for their understanding (§ 147 (1) No. 1 in conjunction with (3) AO, § 14b (1) UStG, § 257 (1) No. 1 in conjunction with (4) HGB).
  
  

• 8 years — Accounting documents, such as invoices and expense receipts (§ 147 (1) No. 4 and 4a in conjunction with (3) sentence 1 AO as well as § 257 (1) No. 4 in conjunction with (4) HGB).
  
  

• 6 years — Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, e.g., hourly wage slips, cost accounting sheets, calculation documents, price lists, as well as payroll accounting documents insofar as they are not already accounting documents, and cash register receipts (§ 147 (1) Nos. 2, 3, 5 in conjunction with (3) AO, § 257 (1) Nos. 2 and 3 in conjunction with (4) HGB).
  
  

• 3 years — Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to handle related inquiries, based on previous business experience and common industry practice, is stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Provision of the Online Service and Web Hosting

We process users’ data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

Types of Data Processed:

• Usage Data (e.g., page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions)
  
  

• Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, involved persons)
  
  

• Log Data (e.g., log files concerning logins or data retrieval or access times)
  
  

Affected Persons:
Users (e.g., website visitors, users of online services)

Purpose of Processing:

• Provision of our online service and user-friendliness
  
  

• Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.)
  
  

• Security measures
  
  

Storage and Deletion:
Deletion in accordance with the section “General Information on Data Storage and Deletion.”

Legal Basis:
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR)

Additional Information on Processing Procedures, Processes, and Services:

Collection of Access Data and Log Files:
Access to our online service is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed websites and files, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider.

Server log files are used both for security purposes, such as to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure server utilization and stability.

Legal Basis:
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR)

Data Deletion:
Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes are exempt from deletion until the final resolution of the respective incident.

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies may be used for various purposes, such as ensuring functionality, security, and convenience of online services, as well as for creating analyses of visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about its scope and which cookies are used.

Legal Basis for Data Protection:
Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of the respective services and processes.

Storage Duration:
The following types of cookies are distinguished based on storage duration:

• Temporary Cookies (Session Cookies):
  Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  
  

• Permanent Cookies:
  Permanent cookies remain stored after closing the device. For example, login status can be saved, and preferred content can be displayed directly when the user visits a website again. User data collected via cookies may also be used for reach measurement. Unless we explicitly inform users about the type and storage duration of cookies (e.g., when obtaining consent), users should assume these are permanent and may be stored for up to two years.
  
  

General Information on Revocation and Objection (Opt-Out):
Users can revoke their given consent at any time and also object to processing according to legal requirements, including via their browser privacy settings.

Types of Data Processed:
Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

Affected Persons:
Users (e.g., website visitors, users of online services).

Legal Bases:

• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR)
  
  

• Consent (Art. 6(1) sentence 1 lit. a GDPR)
  
  

Additional Information on Processing Procedures, Processes, and Services:

Processing of Cookie Data Based on Consent:
We use a consent management solution that obtains user consent for the use of cookies or the procedures and providers named within the consent management solution. This process is used to collect, log, manage, and revoke consents, especially regarding the use of cookies and similar technologies used to store, read, and process information on users’ devices.

Within this procedure, user consents for the use of cookies and related information processing, including specific processing activities and providers named in the consent management procedure, are obtained. Users can also manage and revoke their consents.

Consent declarations are stored to avoid repeated requests and to provide proof of consent according to legal requirements. Storage occurs server-side and/or in a cookie (so-called opt-in cookie) or through similar technologies to assign consent to a specific user or device.

If no specific details about consent management providers are available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details about the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used.

Legal Basis:
Consent (Art. 6(1) sentence 1 lit. a GDPR)

Registration, Login, and User Account

Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account based on contractual obligations. The data processed particularly includes login information (username, password, and an email address).

When using our registration and login functions and the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests as well as those of the users to protect against misuse and unauthorized use.

These data are generally not shared with third parties unless required to assert our claims or if there is a legal obligation to do so.

Users can be informed by email about matters relevant to their user account, such as technical changes.

Types of Data Processed:

• Inventory Data (e.g., full name, residential address, contact information, customer number, etc.)
  
  

• Contact Data (e.g., postal and email addresses, telephone numbers)
  
  

• Content Data (e.g., textual or image messages and posts, including related information such as authorship or creation date)
  
  

• Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions)
  
  

• Log Data (e.g., log files related to logins or data retrieval or access times)
  
  

Affected Persons:
Users (e.g., website visitors, users of online services)

Purposes of Processing:

• Provision of contractual services and fulfillment of contractual obligations
  
  

• Security measures
  
  

• Organizational and administrative procedures
  
  

• Provision of our online services and user-friendliness
  
  

Storage and Deletion:
Deletion in accordance with the section “General Information on Data Storage and Deletion.” Data are deleted after account termination.

Legal Bases:

• Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR)
  
  

• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR)
  
  

Additional Information on Processing Procedures, Processes, and Services:

• Registration with Pseudonyms:
  Users may use pseudonyms instead of real names as usernames.
  Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
  
  

• Deletion of Data after Account Termination:
  When users terminate their accounts, their data related to the user account will be deleted, subject to legal permission, obligation, or user consent.
  Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Single Sign-On Login

"Single Sign-On" (SSO) or "Single Sign-On Authentication" refers to procedures that allow users to log in to our online service using a user account from an SSO provider (e.g., a social network). Prerequisite for SSO authentication is that users are registered with the respective SSO provider and enter the required access data into the designated online form or are already logged in with the SSO provider and confirm the login via a button.

Authentication occurs directly with the respective SSO provider. In this process, we receive a user ID indicating that the user is logged in under this ID with the SSO provider, along with an ID for us that cannot be used for other purposes (the so-called "user handle"). Whether additional data is transmitted to us depends solely on the SSO procedure used, the data sharing permissions granted during authentication, and what data users have made available in the privacy or other settings of their SSO account. Depending on the SSO provider and the user's choices, this may include data such as email address and username. The password entered during the SSO process with the provider is neither visible to us nor stored by us.

Users are asked to note that the data stored with us may automatically be synchronized with their SSO provider account, but this is not always possible or actually carried out. For example, if users change their email addresses, they must update them manually in their account with us.

We may use SSO login, if agreed with users, within or before contract fulfillment, based on user requests or consent; otherwise, we rely on legitimate interests of both parties for an effective and secure login system.

If users decide to no longer use the link between their user account and the SSO provider for SSO login, they must disconnect this link in their SSO provider account. To delete their data with us, users must cancel their registration with us.

Types of Data Processed:

• Inventory Data (e.g., full name, address, contact details, customer number, etc.)
  
  

• Contact Data (e.g., postal and email addresses, phone numbers)
  
  

• Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions)
  
  

• Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, involved persons)
  
  

Affected Persons:
Users (e.g., website visitors, users of online services)

Purposes of Processing:

• Provision of contractual services and fulfillment of contractual obligations
  
  

• Security measures
  
  

• Login procedures
  
  

• Provision of our online service and user-friendliness
  
  

Storage and Deletion:
Deletion according to the section “General Information on Data Storage and Deletion.” Data deleted after termination.

Legal Bases:

• Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR)
  
  

• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR)
  
  

Additional Information on Processing Procedures, Processes, and Services:

• Apple Single Sign-On:
  Authentication services for user logins, provision of single sign-on features, management of identity information, and application integrations; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.apple.com/de/
  Privacy Policy: https://www.apple.com/legal/privacy/de-ww/
  
  

• Google Single Sign-On:
  Authentication services for user logins, provision of single sign-on features, management of identity information and application integrations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.google.de
  Privacy Policy: https://policies.google.com/privacy
  Basis for cross-border transfers: Data Privacy Framework (DPF)
  Opt-out: Settings for ad display: https://myadcenter.google.com/