HR

Privacy Policy

Information pursuant to Art. 13 GDPR

Last updated: April 13, 2026

1. Controller

The controller responsible for data processing on this website is:

DzEuS Digital UG (haftungsbeschränkt) i.G.
wird vor Go-Live eingetragen
41061 Mönchengladbach
E-Mail: [email protected]

2. Hosting

This website and application are hosted on a dedicated server of VSYS.host B.V., Kingsfordweg 151, 1043 GR Amsterdam, Netherlands. The server location is Amsterdam (EU). All data remains within the European Union. No transfer to third countries takes place. Legal basis: Art. 6(1)(f) GDPR.

3. Collection and Storage of Personal Data

We only collect personal data when you voluntarily provide it to us (e.g., via the contact form) or when it is technically necessary (server logs with anonymized IP addresses, cookies for session management).

4. Cookies

Our website uses only technically necessary cookies (session, CSRF protection, consent status). No tracking cookies, no Google Analytics, no social media pixels. Legal basis: Art. 6 para. 1 lit. f GDPR.

5. Contact

When you contact us via email or contact form, your name, email address, and message text are stored to process your inquiry. Legal basis: Art. 6 para. 1 lit. a and b GDPR. Deletion after completion of processing or upon request.

6. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21) at any time. Contact: via the contact form on the homepage. Right to lodge a complaint with the competent data protection authority: LDI NRW.

7. Analytics

We do not use any analytics tools, tracking cookies, or third-party statistics. No personal data is collected for usage analysis. The server operator only stores standard access logs (IP address, timestamp, requested URL) for a maximum of 7 days for attack detection and error diagnosis. After this period, logs are automatically deleted.

8. Security

We use TLS 1.3 encryption, Content Security Policy with Nonce, HSTS, encrypted backups, and strict access controls. Technical and organizational measures pursuant to Art. 32 GDPR.

9. Cloudflare (CDN, WAF, Security)

This website and application (app.handwerkrechnung.de) use services of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare acts as a Content Delivery Network (CDN), Web Application Firewall (WAF), and DDoS protection layer. IP addresses, HTTP headers, and usage patterns are processed. Cloudflare is certified under the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and fast website delivery). Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

10. Cloudflare Turnstile (Bot Protection)

To protect our login and registration forms from automated access (bots), we use Cloudflare Turnstile, a service provided by Cloudflare, Inc. Turnstile analyzes browser characteristics and user behavior in the background to verify that a request originates from a human. User interaction is typically not required. The following data is transmitted to Cloudflare: IP address, browser fingerprint (user agent, language settings, timezone), interaction patterns, and potentially Cloudflare cookies from previous visits. Data transfer to the USA is based on the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting against abuse). More information: https://www.cloudflare.com/privacypolicy/

11. Stripe (Payment Processing)

For payment processing, we use Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. When completing a paid subscription, payment data (credit card number, IBAN, name, billing address) is transmitted directly to Stripe and processed there. We do not receive or store complete payment data ourselves. Legal basis: Art. 6(1)(b) GDPR (contract performance). Stripe privacy policy: https://stripe.com/privacy

12. Email Processing

Transactional emails (registration confirmation, password reset, invoice delivery) are sent via our own mail server mail.gexiro.com, operated on the same infrastructure as the application. No external email service providers are used. Recipient email addresses are used solely for delivery of the respective email and are not shared with third parties. DKIM signing per RFC 6376 is active.