Privacy Policy

1. Controller

[Company Name] GmbH [Address] Germany Email: [Privacy Email]

2. Categories of Data

We process:

• Account data (name, email, role)
• Company data
• Company identifiers (VAT ID, trade register data)
• Usage data (IP, device info, logs)
• Communication data (responses, notifications)
• Uploaded documents

3. Legal Basis (Art. 6 GDPR)

Processing is based on:

• Art. 6(1)(b) GDPR – contract performance
• Art. 6(1)(f) GDPR – legitimate interest
• Art. 6(1)(c) GDPR – legal obligation

4. Hosting & International Transfers

Data is hosted in secure cloud environments within the European Union.

If data is transferred outside the EU, appropriate safeguards (e.g., Standard Contractual Clauses) are applied.

5. Data Retention

Data is retained:

• While the account is active
• In accordance with German commercial law retention obligations
• Until deletion is requested (unless legally required otherwise)

6. User Rights

Users have the right to:

• Access
• Rectification
• Erasure
• Restriction
• Data portability
• Objection

Complaints may be filed with a German supervisory authority.

7. Security Measures

We implement:

• Server-side capability-based authorization
• TLS encryption
• Role-based access control
• Audit logging
• Structured logging and monitoring