Privacy policy of Project B GmbH

The basis of effective data protection is comprehensive information about the collection, processing and use of your data ("data processing"). We would therefore like to inform you, 
  • When and for which actions we process data
  • Which data we process and for what reasons
  • Who receives data
  • What rights you have in relation to data processing by us.

This privacy policy only governs the use of personal data on our website including the subpages and our software platform Project B. If you leave our website via a link or visit our presence on a social media platform, you also leave the scope of this privacy policy. 

The transmission of information to or from this website is secured with TLS encryption.

You can access, print or download this privacy policy permanently and at any time at the address

  1. Contact information
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is

Project B GmbH
Karlsplatz 3
80335 Munich


  1. General information on data processing

  1. Scope of the processing of personal data
The provision of the website requires the processing of various information. In addition, the scope of data processing depends on your use of the functionalities of the website or whether you consent to the processing of data. 

You are not obliged to provide us with personal data. However, if the provision of this data is technically required in order to access our website, refusing to do so will mean that you will not be able to access and use our website. 

As a visitor to our websites, you are not subject to automated decision-making within the meaning of Art. 22 GDPR.

  1. Legal basis for the processing of personal data
The legal basis for the processing of personal data is presented below. 

Processing reason

Processing reason

Legal basis in the GDPR

Contract fulfilment or implementation of pre-contractual measures

Art. 6 (1) b)

Processing only takes place to the extent necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, we only process data to this extent.

Legitimate interest

Art. 6 (1) f)

Processing takes place insofar as we have a legitimate interest and no conflicting overriding interests of the data subject are apparent. The specific interest is explained in this privacy policy as part of the processing description.


Art. 6 (1) a)

Processing takes place if you have expressly consented to the type and scope of data processing. You can withdraw your consent at any time with effect for the future. However, this will not affect the processing that has taken place up to this point in time.

Legal obligation

Art. 6 (1) c)

Processing takes place insofar as this is

necessary to fulfil German or European legal obligations.

Data erasure and storage duration
We delete your personal data as soon as the legal basis for processing it no longer applies. In some cases, however, legal bases may also exist in parallel or a new legal basis may apply when a legal basis ceases to apply, such as the obligation to store certain data to fulfil a statutory retention obligation.

III. Data processing for the provision of the website

In order for us to display the website to you, it is necessary to process certain information. This already takes place when you access our website. We also offer various functionalities on our website that require further data processing.

  1. Log files
When you visit our website, your browser sends various pieces of information, so-called server log files, to our server. We need these to establish and maintain the connection. The data also includes your IP address, which we treat as personal data. The following data is also collected:
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • Device used
  • Geo-location

The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files are deleted when they are no longer required for business reasons , for example to prevent or investigate an attack on our website.

IV. Use of our software application
The software enables you to manage and maintain the employment data necessary for payroll and to digitize and automate key payroll, financial and human resources processes. We provide our software application as a processor within the meaning of Art. 28 GDPR - you or your clients are controllers of the data processing within the meaning of Art. 24 GDPR. The processing of personal data in the software application is therefore governed by a data processing agreement with you in accordance with Art. 28 (3) GDPR.

The data processing includes the usage data of the authorised users of the platform as well as the master data and the relevant financial employment data of your employees and freelancers or the mandates you manage payroll processes for. We use this data to support you with the automation of payroll functions that could include (but not limited to): the calculation of gross and net salary via internal or third-party human resource or payroll applications; the storage of current and historical employee financial, salary and employment data; generating accounting book entries; and the payment of salaries. For this purpose, our software has interfaces with the most common software systems for personnel administration and accounting.

V. Cookies
We use cookies on our website for various purposes. A cookie is a small text file containing information that is transmitted by your browser and stored on your computer. These cookies do not contain any personal data. You can also control the use of cookies in your browser and delete cookies yourself at any time. If the cookies listed below have their own option to delete or block them, this is shown in the respective description. Cookies may be required to establish a connection or to improve the use of the website. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The use of technically essential cookies and the associated data processing is based on our legitimate interest in providing our website. Technically essential cookies are usually deleted automatically when you close your browser (session cookies), in other cases only after some time (persistent cookies). The storage duration of persistent cookies is determined by the provider and can be viewed by you in your browser, for example.

  1. Technical cookies 

Technical cookies are used to provide you with additional functionalities or a more convenient use of the website, e.g. by saving your country or language settings. Technical cookies are also usually deleted automatically when you close your browser (session cookies), but in other cases only after a longer period of time (persistent cookies). The storage period can be viewed in your
browser. The legal basis is your cookie consent in accordance with § 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a) GDPR.

Google Fonts

Our website uses so-called web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") to display fonts. When you call up a page, your browser loads the required web fonts into your browser in order to display texts and fonts correctly. To do this, your browser establishes a connection with Google, which informs Google that our web pages have been accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our websites. If your browser does not support Google Fonts or Web Fonts, a standard font will be used by your device. You can find more information about Google Fonts and Google's privacy policy at the following Internet addresses:

Content Delivery Networks

We use several content delivery networks to display content on the website. This serves to improve the functionality and performance of the website.

User Authentication

Our website uses cookies from Auth0 by Okta, 100 First Street, 6th Floor, San Francisco, CA 94105, USA ("Auth0") to handle user authentication.

Our website uses authentication cookies to enhance user experience and security. These cookies are small text files stored on your device when you visit our website. They serve the primary purpose of maintaining your session's security and integrity as you navigate through our website.

The specific personal data collected by these cookies include:
  • User ID: A unique identifier assigned to your session. 
  • Session Data: Information about your current website session, ensuring that your interaction with the site remains secure.
  • Timestamps: Date and time records of when you access our website.
  • IP Address: Your internet protocol address, used to ensure secure communication between your device and our servers.
  • This data is stored on servers located in a primary data center in Frankfurt (Germany) with a failover to a second data center in Dublin (Republic of Ireland) ensuring compliance with GDPR. The storage and processing of this data are strictly for the purpose of maintaining the security and functionality of our website. 

Deactivating the tool:

You have the option to deactivate the use of authentication cookies. However, please be aware that disabling these cookies will affect the security and functionality of our website. To deactivate:
  1. Access your browser settings.
  2. Navigate to the section managing website data and cookies.
  3. Locate and choose the option to block or disable cookies for our website.


Our website displays badges by Drata Inc., 4660 La Jolla Village Dr. Suite 100 San Diego, CA 92122, USA. Drata use the cookies “__cf_bm” & “_cfuvid” via our site, provided by their third party service provider Cloudflare Inc. More information about privacy at Drata is available here:

  1. Cookies for usage analysis

Analysis and tracking cookies are used to record and evaluate your usage behaviour when you use our services or visit our website. For example, we learn how often certain functionalities are used or content is read, or whether you came to us via an advert placed by us. We use this data to further improve the usability of this website and the attractiveness of our services.

The legal basis is your cookie consent in accordance with § 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a) GDPR. You can prevent the storage of cookies. In addition to the option of preventing them in the settings of your browser software, the individual cookies usually offer a separate option to block or deactivate them. This is shown below in each case.

Data processing for usage analysis takes place during your visit to our website and only up to the time of your effective objection.

Amplitude Analytics

Our website employs cookies for usage analytics through Amplitude Analytics. This tool helps us understand how users interact with our website, enabling us to improve user experience and offer more relevant content.

The data collected by Amplitude Analytics includes:
  • User Interaction Data: Records of how users interact with various elements on our website, such as page visits, clicks, and time spent on pages.
  • Device Information: Type of device, operating system, and browser used to access our website.
  • Location Data: General location information derived from your IP address. 
  • Unique User Identifier: An anonymized ID assigned to each user to track interactions over multiple sessions. 
  • This information is stored on Amplitude's servers located in Frankfurt, Germany. Amplitude Analytics processes this data in compliance with GDPR, ensuring the protection of your personal information.

Deactivating the tool:

You have the option to opt-out of usage analytics tracking. To deactivate Amplitude Analytics cookies:
  1. Visit our website’s cookie settings page. 
  2. Locate the section for usage analytics or Amplitude Analytics. 
  3. Toggle off the option to prevent data collection for analytics. 

Alternatively, you can set your browser to block cookies or use third-party tools to prevent tracking by analytics services.

Please note that opting out of analytics tracking will not affect your website experience but will prevent us from collecting data that helps us improve our services. You can find more information about Amplitude and Amplitude's privacy policy at the following Internet addresses:

VI. Possibility of objection and removal

If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or revoke your consent at any time. Your objection or revocation only has effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can contact at any time to exercise your right of objection or cancellation. If you object to processing based on our legitimate interest, we may nevertheless continue the processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

VII. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of Art. 4 No. 1 GDPR. As a data subject, you have the following rights in relation to your personal data. To exercise these rights, you can contact us using the contact details provided above.

Right to access in accordance with Art. 15 GDPR
You have a right to information about your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

Right to rectification in accordance with Art. 16 GDPR
You have the right to obtain the rectification of inaccurate personal data and the completion of incomplete personal data without undue delay.

Right to erasure in accordance with Art. 17 GDPR
You have the right to request the erasure of your personal data if one of the grounds specified in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.

Right to restriction of processing in accordance with Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if one of the reasons stated in Art. 18 GDPR applies, in particular at your request instead of deletion of the data.

Right to data portability in accordance with Art. 20 GDPR
In accordance with the provisions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to lodge a complaint with the competent supervisory authority, Art. 77 GDPR
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you.

VII. Recipients of data

The processing of your personal data in the context of the website is also partly carried out by processors, in particular the hosting of the website and the use of analysis tools. These are involved exclusively on the basis of an agreement on order processing in accordance with Art. 28 (3) GDPR.

IX. Data transfer to third countries

The personal data that we collect from you on the website may be transferred to third countries outside the European Economic Area. This is generally done on the basis of the standard contractual clauses of the European Commission or, if applicable, on the basis of an adequacy decision for the respective third country; in the case of the USA, this is the EU-U.S. Data Privacy Framework.

Status: January 2024