Privacy Policy

1. Data controller

See the Impressum page for business details and contact. Impressum

2. Data protection officer

[TODO] If volume does not require a DPO: "A data protection officer is not legally required."

3. Collection and storage of personal data

a) When visiting the website

[TODO] Server logs (IP, user-agent, referer, timestamp) are stored for 7 days for security.

b) On registration

[TODO] Email, full name, password hash, optional phone, optional address and profile photo.

c) When using the marketplace

[TODO] Requests, structured form answers, messages, bids, reviews. Message and review content are AI moderated (see section 4).

4. Data recipients

[TODO] Matched providers; Microsoft Azure OpenAI for AI moderation; SMTP service for email; seven.io (DE) for SMS.

5. Transfer to third countries

[TODO] Hosting on Azure App Service Germany West Central — inside the EU. AI moderation uses Azure OpenAI in the Germany region — inside the EU. No fallback to a non-EU datacenter.

6. Cookies and similar technologies

[TODO] Only essential (auth, antiforgery, consent state) cookies are used. No analytics cookies. See the cookie policy for details. Cookies

7. Your rights as a data subject

• Access (Art. 15 GDPR)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Portability (Art. 20)
• Objection (Art. 21)
• Complaint with a supervisory authority (Art. 77)

8. Right to complain to a supervisory authority

The competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf.

9. Retention period

[TODO] Personal data is anonymised 30 days after account deletion. Audit logs are kept for 6 years for HGB / AO compliance.