Data erasure and storage duration
We delete your personal data as soon as the legal basis for processing it no longer applies. In some cases, however, legal bases may also exist in parallel or a new legal basis may apply when a legal basis ceases to apply, such as the obligation to store certain data to fulfil a statutory retention obligation.
III. Data processing for the provision of the website
In order for us to display the website to you, it is necessary to process certain information. This already takes place when you access our website. We also offer various functionalities on our website that require further data processing.
When you visit our website, your browser sends various pieces of information, so-called server log files, to our server. We need these to establish and maintain the connection. The data also includes your IP address, which we treat as personal data. The following data is also collected:
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Operating system used
The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files are deleted when they are no longer required for business reasons , for example to prevent or investigate an attack on our website.
IV. Use of our software application
The software enables you to manage and maintain the employment data necessary for payroll and to digitize and automate key payroll, financial and human resources processes. We provide our software application as a processor within the meaning of Art. 28 GDPR - you or your clients are controllers of the data processing within the meaning of Art. 24 GDPR. The processing of personal data in the software application is therefore governed by a data processing agreement with you in accordance with Art. 28 (3) GDPR.
The data processing includes the usage data of the authorised users of the platform as well as the master data and the relevant financial employment data of your employees and freelancers or the mandates you manage payroll processes for. We use this data to support you with the automation of payroll functions that could include (but not limited to): the calculation of gross and net salary via internal or third-party human resource or payroll applications; the storage of current and historical employee financial, salary and employment data; generating accounting book entries; and the payment of salaries. For this purpose, our software has interfaces with the most common software systems for personnel administration and accounting.
Technical cookies are used to provide you with additional functionalities or a more convenient use of the website, e.g. by saving your country or language settings. Technical cookies are also usually deleted automatically when you close your browser (session cookies), but in other cases only after a longer period of time (persistent cookies). The storage period can be viewed in your
browser. The legal basis is your cookie consent in accordance with § 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a) GDPR.
Content Delivery Networks
We use several content delivery networks to display content on the website. This serves to improve the functionality and performance of the website.
Our website uses authentication cookies to enhance user experience and security. These cookies are small text files stored on your device when you visit our website. They serve the primary purpose of maintaining your session's security and integrity as you navigate through our website.
The specific personal data collected by these cookies include:
User ID: A unique identifier assigned to your session.
Session Data: Information about your current website session, ensuring that your interaction with the site remains secure.
Timestamps: Date and time records of when you access our website.
IP Address: Your internet protocol address, used to ensure secure communication between your device and our servers.
This data is stored on servers located in a primary data center in Frankfurt (Germany) with a failover to a second data center in Dublin (Republic of Ireland) ensuring compliance with GDPR. The storage and processing of this data are strictly for the purpose of maintaining the security and functionality of our website.
Deactivating the tool:
You have the option to deactivate the use of authentication cookies. However, please be aware that disabling these cookies will affect the security and functionality of our website. To deactivate:
Access your browser settings.
Navigate to the section managing website data and cookies.
Locate and choose the option to block or disable cookies for our website.
Our website displays badges by Drata Inc., 4660 La Jolla Village Dr. Suite 100 San Diego, CA 92122, USA. Drata use the cookies “__cf_bm” & “_cfuvid” via our site, provided by their third party service provider Cloudflare Inc. More information about privacy at Drata is available here: https://drata.com/privacy
Cookies for usage analysis
Analysis and tracking cookies are used to record and evaluate your usage behaviour when you use our services or visit our website. For example, we learn how often certain functionalities are used or content is read, or whether you came to us via an advert placed by us. We use this data to further improve the usability of this website and the attractiveness of our services.
The legal basis is your cookie consent in accordance with § 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a) GDPR. You can prevent the storage of cookies. In addition to the option of preventing them in the settings of your browser software, the individual cookies usually offer a separate option to block or deactivate them. This is shown below in each case.
Data processing for usage analysis takes place during your visit to our website and only up to the time of your effective objection.
Our website employs cookies for usage analytics through Amplitude Analytics. This tool helps us understand how users interact with our website, enabling us to improve user experience and offer more relevant content.
The data collected by Amplitude Analytics includes:
User Interaction Data: Records of how users interact with various elements on our website, such as page visits, clicks, and time spent on pages.
Device Information: Type of device, operating system, and browser used to access our website.
Location Data: General location information derived from your IP address.
Unique User Identifier: An anonymized ID assigned to each user to track interactions over multiple sessions.
This information is stored on Amplitude's servers located in Frankfurt, Germany. Amplitude Analytics processes this data in compliance with GDPR, ensuring the protection of your personal information.
Deactivating the tool:
You have the option to opt-out of usage analytics tracking. To deactivate Amplitude Analytics cookies:
Visit our website’s cookie settings page.
Locate the section for usage analytics or Amplitude Analytics.
Toggle off the option to prevent data collection for analytics.
Alternatively, you can set your browser to block cookies or use third-party tools to prevent tracking by analytics services.
VI. Possibility of objection and removal
If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or revoke your consent at any time. Your objection or revocation only has effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can contact firstname.lastname@example.org at any time to exercise your right of objection or cancellation. If you object to processing based on our legitimate interest, we may nevertheless continue the processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
VII. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of Art. 4 No. 1 GDPR. As a data subject, you have the following rights in relation to your personal data. To exercise these rights, you can contact us using the contact details provided above.
Right to access in accordance with Art. 15 GDPR
You have a right to information about your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.
Right to rectification in accordance with Art. 16 GDPR
You have the right to obtain the rectification of inaccurate personal data and the completion of incomplete personal data without undue delay.
Right to erasure in accordance with Art. 17 GDPR
You have the right to request the erasure of your personal data if one of the grounds specified in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.
Right to restriction of processing in accordance with Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if one of the reasons stated in Art. 18 GDPR applies, in particular at your request instead of deletion of the data.
Right to data portability in accordance with Art. 20 GDPR
In accordance with the provisions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to lodge a complaint with the competent supervisory authority, Art. 77 GDPR
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you.
VII. Recipients of data
The processing of your personal data in the context of the website is also partly carried out by processors, in particular the hosting of the website and the use of analysis tools. These are involved exclusively on the basis of an agreement on order processing in accordance with Art. 28 (3) GDPR.
IX. Data transfer to third countries
The personal data that we collect from you on the website may be transferred to third countries outside the European Economic Area. This is generally done on the basis of the standard contractual clauses of the European Commission or, if applicable, on the basis of an adequacy decision for the respective third country; in the case of the USA, this is the EU-U.S. Data Privacy Framework.
Status: January 2024