We delete your personal data as soon as the legal basis for processing it no longer applies. In some cases, however, legal bases may also exist in parallel or a new legal basis may apply when a legal basis ceases to apply, such as the obligation to store certain data to fulfil a statutory retention obligation.

In order for us to display the website to you, it is necessary to process certain information. This already takes place when you access our website. We also offer various functionalities on our website that require further data processing.

When you visit our website, your browser sends various pieces of information, so-called server log files, to our server. We need these to establish and maintain the connection. The data also includes your IP address, which we treat as personal data. The following data is also collected:

The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files are deleted when they are no longer required for business reasons , for example to prevent or investigate an attack on our website.

The software enables you to manage and maintain the employment data necessary for payroll and to digitize and automate key payroll, financial and human resources processes. We provide our software application as a processor within the meaning of Art. 28 GDPR - you or your clients are controllers of the data processing within the meaning of Art. 24 GDPR. The processing of personal data in the software application is therefore governed by a data processing agreement with you in accordance with Art. 28 (3) GDPR.

The data processing includes the usage data of the authorised users of the platform as well as the master data and the relevant financial employment data of your employees and freelancers or the mandates you manage payroll processes for. We use this data to support you with the automation of payroll functions that could include (but not limited to): the calculation of gross and net salary via internal or third-party human resource or payroll applications; the storage of current and historical employee financial, salary and employment data; generating accounting book entries; and the payment of salaries. For this purpose, our software has interfaces with the most common software systems for personnel administration and accounting.

We use cookies on our website for various purposes. A cookie is a small text file containing information that is transmitted by your browser and stored on your computer. These cookies do not contain any personal data. You can also control the use of cookies in your browser and delete cookies yourself at any time. If the cookies listed below have their own option to delete or block them, this is shown in the respective description. Cookies may be required to establish a connection or to improve the use of the website. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The use of technically essential cookies and the associated data processing is based on our legitimate interest in providing our website. Technically essential cookies are usually deleted automatically when you close your browser (session cookies), in other cases only after some time (persistent cookies). The storage duration of persistent cookies is determined by the provider and can be viewed by you in your browser, for example.

Technical cookies are used to provide you with additional functionalities or a more convenient use of the website, e.g. by saving your country or language settings. Technical cookies are also usually deleted automatically when you close your browser (session cookies), but in other cases only after a longer period of time (persistent cookies). The storage period can be viewed in your

browser. The legal basis is your cookie consent in accordance with § 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a) GDPR.

Our website uses so-called web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") to display fonts. When you call up a page, your browser loads the required web fonts into your browser in order to display texts and fonts correctly. To do this, your browser establishes a connection with Google, which informs Google that our web pages have been accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our websites. If your browser does not support Google Fonts or Web Fonts, a standard font will be used by your device. You can find more information about Google Fonts and Google's privacy policy at the following Internet addresses:

https://fonts.google.com/

http://www.google.de/policies/privacy/

We use several content delivery networks to display content on the website. This serves to improve the functionality and performance of the website.

Our website uses cookies from Auth0 by Okta, 100 First Street, 6th Floor, San Francisco, CA 94105, USA ("Auth0") to handle user authentication.

Our website uses authentication cookies to enhance user experience and security. These cookies are small text files stored on your device when you visit our website. They serve the primary purpose of maintaining your session's security and integrity as you navigate through our website.

The specific personal data collected by these cookies include:

Deactivating the tool:

You have the option to deactivate the use of authentication cookies. However, please be aware that disabling these cookies will affect the security and functionality of our website. To deactivate:

Our website displays badges by Drata Inc., 4660 La Jolla Village Dr. Suite 100 San Diego, CA 92122, USA. Drata use the cookies “__cf_bm” & “_cfuvid” via our site, provided by their third party service provider Cloudflare Inc. More information about privacy at Drata is available here: https://drata.com/privacy

Analysis and tracking cookies are used to record and evaluate your usage behaviour when you use our services or visit our website. For example, we learn how often certain functionalities are used or content is read, or whether you came to us via an advert placed by us. We use this data to further improve the usability of this website and the attractiveness of our services.

The legal basis is your cookie consent in accordance with § 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a) GDPR. You can prevent the storage of cookies. In addition to the option of preventing them in the settings of your browser software, the individual cookies usually offer a separate option to block or deactivate them. This is shown below in each case.

Data processing for usage analysis takes place during your visit to our website and only up to the time of your effective objection.

Our website employs cookies for usage analytics through Amplitude Analytics. This tool helps us understand how users interact with our website, enabling us to improve user experience and offer more relevant content.

The data collected by Amplitude Analytics includes:

Deactivating the tool:

You have the option to opt-out of usage analytics tracking. To deactivate Amplitude Analytics cookies:

Alternatively, you can set your browser to block cookies or use third-party tools to prevent tracking by analytics services.

Please note that opting out of analytics tracking will not affect your website experience but will prevent us from collecting data that helps us improve our services. You can find more information about Amplitude and Amplitude's privacy policy at the following Internet addresses:

https://amplitude.com/

https://amplitude.com/privacy

If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or revoke your consent at any time. Your objection or revocation only has effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can contact privacy@project-b.dev at any time to exercise your right of objection or cancellation. If you object to processing based on our legitimate interest, we may nevertheless continue the processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

If your personal data is processed, you are a data subject within the meaning of Art. 4 No. 1 GDPR. As a data subject, you have the following rights in relation to your personal data. To exercise these rights, you can contact us using the contact details provided above.

You have a right to information about your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

You have the right to obtain the rectification of inaccurate personal data and the completion of incomplete personal data without undue delay.

You have the right to request the erasure of your personal data if one of the grounds specified in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.

You have the right to request the restriction of the processing of your personal data if one of the reasons stated in Art. 18 GDPR applies, in particular at your request instead of deletion of the data.

In accordance with the provisions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you.

The processing of your personal data in the context of the website is also partly carried out by processors, in particular the hosting of the website and the use of analysis tools. These are involved exclusively on the basis of an agreement on order processing in accordance with Art. 28 (3) GDPR.

The personal data that we collect from you on the website may be transferred to third countries outside the European Economic Area. This is generally done on the basis of the standard contractual clauses of the European Commission or, if applicable, on the basis of an adequacy decision for the respective third country; in the case of the USA, this is the EU-U.S. Data Privacy Framework.

Status: January 2024