Privacy Policy
This English version is provided for convenience. The legally authoritative version is the German original. See our German Datenschutzerklärung for the binding policy.
Privacy Policy of Project B GmbH
The basis of effective data protection is comprehensive information about the collection, processing, and use of your data (“data processing”). We would therefore like to inform you:
When and during which actions we process data
Which data we process and for what reasons
Who receives data
Which rights you have with regard to the data processing carried out by us.
This privacy policy governs only the use of personal data on our website https://project-b.dev/ including its subpages, as well as our software platform Project B. If you leave our website via a link or visit our presence on a social media platform, you also leave the scope of this privacy policy.
The transmission of information to or from this website is secured with TLS encryption.
You can access, print, or download this privacy policy permanently at any time at https://www.project-b.dev/privacy.
I. Contact Information
The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Project B GmbH
Karlsplatz 3
80335 Munich
Email: info@project-b.dev
II. General Information on Data Processing
1. Scope of the processing of personal data
Providing the website requires the processing of various information. Beyond that, the scope of data processing depends on your use of the website’s functionalities or on whether you consent to the processing of data.
You are not obliged to provide us with personal data. However, if the provision of this data is technically required in order to access our website, a refusal will mean that you cannot access and use our website.
As a visitor to our websites, you are not subject to any automated decision-making within the meaning of Art. 22 GDPR.
2. Legal bases for the processing of personal data
The legal bases for the processing of personal data are presented below.
| Reason for processing | Legal basis in the GDPR | Explanation |
|---|---|---|
| Performance of a contract or implementation of pre-contractual measures | Art. 6(1)(b) | Processing only takes place insofar as it is necessary to exercise and fulfil the rights and obligations arising from the contract. Unless expressly stated otherwise, we process data only to this extent. |
| Legitimate interest | Art. 6(1)(f) | Processing takes place provided that we have a legitimate interest and no overriding conflicting interests of the data subject are apparent. The specific interest is explained in this privacy policy within the description of the relevant processing. |
| Consent | Art. 6(1)(a) | Processing takes place if you have expressly consented to the nature and scope of the data processing. You can withdraw your consent at any time with effect for the future. Processing carried out up to that point, however, remains unaffected. |
| Legal obligation | Art. 6(1)(c) | Processing takes place insofar as it is necessary to fulfil German or European legal obligations. |
Data deletion and storage period
We delete your personal data as soon as the reason for the processing no longer applies. In some cases, however, legal grounds may exist in parallel, or a new legal ground may apply when one legal ground ceases — for example, the obligation to retain certain data in order to comply with a statutory retention requirement.
III. Data Processing for Providing the Website
In order for us to display the website to you, the processing of certain information is required. This already takes place when you call up our website. In addition, we offer various functionalities on our website that require further data processing.
1. Log Files
When you visit our website, your browser sends various information, so-called server log files, to our server. We need these to establish and maintain the connection. This data includes your IP address, which we treat as personal data. In addition, the following data is collected:
- Date and time at the time of access
- Amount of data sent in bytes
- Browser used
- Source/referrer from which you reached the page
- Operating system used
- Device used
- Geo-location
The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files are deleted when they are no longer required for operational purposes — for example, to prevent or investigate an attack on our website.
IV. Use of Our Software Application
The software enables you to manage and maintain the employment data necessary for payroll, and to digitalize and automate essential processes in payroll accounting, finance, and human resources. We provide our software application as a processor within the meaning of Art. 28 GDPR — you or your customers are the controller of the data processing within the meaning of Art. 24 GDPR. The processing of personal data in the software application is therefore governed by a data processing agreement with you in accordance with Art. 28(3) GDPR.
The data processing includes the usage data of the authorized users of the platform, as well as the master data and the relevant financial employment data of your employees and freelancers, or of the candidates for whom you manage payroll processes. We use this data to support you in automating payroll functions, which may include, among other things: the calculation of gross and net salary via internal or external applications for human resources or payroll; the storage of current and historical financial, salary, and employment data of employees; the creation of accounting entries; and the disbursement of salaries. For this purpose, our software has interfaces to the most common software systems for human resource management and accounting.
V. Cookies
We use cookies on our website for various purposes. A cookie is a small text file containing information that is transferred by your browser and stored on your computer. These cookies do not contain personal data. You can also control the use of cookies in your browser and delete cookies yourself at any time. If the cookies listed below have their own option for deletion or blocking, this is indicated in the respective description. Cookies may be necessary to establish a connection or to improve the use of the website. You can refuse the use of cookies by making the appropriate settings in your browser; however, please note that in this case you may not be able to use the full functionality of this website. The use of technically necessary cookies and the associated data processing is based on our legitimate interest in making our website available. Technically necessary cookies are usually deleted automatically when you close your browser (session cookies), in other cases only after some time (persistent cookies). The storage period of persistent cookies is determined by the provider and can be viewed by you in your browser.
1. Technical Cookies
Technical cookies are used to provide you with additional functionalities or a more convenient use of the website, e.g. by saving your country or language settings. Technical cookies are usually also deleted automatically when you close your browser (session cookies), in other cases only after a longer period (persistent cookies). The storage period can be viewed in your browser. The legal basis is your cookie consent in accordance with Section 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR.
Google Fonts
Our website uses so-called web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to display fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. To do this, your browser establishes a connection to Google, whereby Google is informed that our web pages have been accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our websites. If your browser does not support Google Fonts or web fonts, a standard font is used by your device. You can find further information about Google Fonts and Google’s privacy policy at the following internet addresses:
https://fonts.google.com/
http://www.google.de/policies/privacy/
Content Delivery Networks (CDN)
We use several content delivery networks to display content on the website. This serves to improve the functionality and performance of the website.
User Authentication
Our website uses cookies from Auth0 by Okta, 100 First Street, 6th Floor, San Francisco, CA 94105, USA (“Auth0”) to handle user authentication.
Our website uses authentication cookies to improve the user experience and security. These cookies are small text files that are stored on your device when you visit our website. They primarily serve to ensure the security and integrity of your session as you navigate through our website.
The specific personal data that these cookies collect includes:
- User ID: A unique identifier associated with your session.
- Session data: Information about your current website session that ensures your interaction with the website remains secure.
- Timestamps: Date and time records of when you access our website.
- IP address: Your internet protocol address, used to ensure secure communication between your device and our servers.
This data is stored on servers in our primary data center in Frankfurt (Germany) with a failover to a second data center in Dublin (Republic of Ireland), which ensures compliance with the GDPR. The storage and processing of this data serve exclusively to maintain the security and functionality of our website.
Disabling the tool:
You have the option to disable the use of authentication cookies. Please note, however, that disabling these cookies will impair the security and functionality of our website.
To disable:
- Access your browser settings.
- Navigate to the area that manages website data and cookies.
- Find and select the option to block or disable cookies for our website.
Drata
Our website displays badges from Drata Inc., 4650 La Jolla Village Dr. Suite 100 San Diego, CA 92122, USA. Drata uses the cookies “.__cf_bm” & “.__cfuvid” via our site, which are provided by the third-party provider Cloudflare Inc. You can find further information on data protection at Drata here: https://drata.com/privacy
1. Cookies for Usage Analysis
Analysis and tracking cookies are used to record and evaluate your usage behavior when you use our services or visit our website. In this way, for example, we learn how often certain functionalities are used or content is read, or whether you came to us via an advertisement placed by us. We use this data to further improve the usability of this website and the attractiveness of our services.
The legal basis is your cookie consent in accordance with Section 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR. You can prevent the storage of cookies. In addition to the option of preventing them in the settings of your browser software, the individual cookies usually offer a separate option to block or disable them. This is indicated below in each case.
Data processing for usage analysis takes place during your visit to our website and only until the time of your effective objection.
Amplitude Analytics
Our website uses cookies for usage analysis by Amplitude Analytics. This tool helps us understand how users interact with our website, allowing us to improve the user experience and offer more relevant content.
The data collected by Amplitude Analytics includes:
- User interaction data: Records of how users interact with various elements on our website, such as page visits, clicks, and time spent on the pages.
- Device information: Type of device, operating system, and browser used to access our website.
- Location data: General location information derived from your IP address.
- Unique user identifier: An anonymized ID assigned to each user to track interactions across multiple sessions.
This information is stored on Amplitude’s servers in Frankfurt, Germany. Amplitude Analytics processes this data in accordance with the GDPR and ensures the protection of your personal information.
Disabling the tool:
You have the option to disable usage-analysis tracking. To disable Amplitude Analytics cookies:
- Visit the cookie settings page of our website.
- Find the area for usage analysis or Amplitude Analytics.
- Switch off the option to allow data collection for analytics.
Alternatively, you can set your browser to block cookies, or use third-party tools to prevent tracking by analytics services.
Please note that opting out of analytics tracking does not affect your website experience, but it does prevent us from collecting data that helps us improve our services. You can find further information about Amplitude and Amplitude’s privacy policy at the following internet addresses:
https://amplitude.com/
https://amplitude.com/privacy
VI. Right to Object and to Erasure
If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing at any time or to withdraw your consent. Your objection or withdrawal only takes effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is indicated there in each case. You can contact info@project-b.dev at any time to exercise your right to object or withdraw. If you object to the processing on the basis of our legitimate interest, we may nevertheless continue the processing if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
VII. Rights of Data Subjects
If your personal data is processed, you are a data subject within the meaning of Art. 4 No. 1 GDPR. As a data subject, you have the following rights with regard to your personal data. To exercise these rights, you can contact us using the contact details provided above.
Right of access pursuant to Art. 15 GDPR
You have a right of access to your personal data processed by us. This includes the mandatory information listed in Art. 15 GDPR.
Right to rectification pursuant to Art. 16 GDPR
You have the right to demand the rectification of inaccurate personal data and the completion of incomplete personal data without undue delay.
Right to erasure pursuant to Art. 17 GDPR
You have the right to demand the erasure of your personal data if one of the grounds set out in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.
Right to restriction of processing pursuant to Art. 18 GDPR
You have the right to demand the restriction of the processing of your personal data if one of the grounds set out in Art. 18 GDPR applies, in particular at your request instead of the erasure of the data.
Right to data portability pursuant to Art. 20 GDPR
Under the provisions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.
Right to lodge a complaint with the competent supervisory authority, Art. 77 GDPR
Under Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you.
VIII. Recipients of Data
The processing of your personal data within the scope of the website is also carried out in part by processors, in particular the hosting of the website and the use of analytics tools. These are involved exclusively on the basis of a data processing agreement in accordance with Art. 28(3) GDPR.
IX. Data Transfer to Third Countries
The personal data that we collect from you on the website may be transferred to third countries outside the European Economic Area. This usually takes place on the basis of the standard contractual clauses of the European Commission or, where applicable, on the basis of an adequacy decision for the respective third country; in the case of the USA, this is the EU-U.S. Data Privacy Framework.