Gedeckt

Privacy Policy

1. General Information

1.1 What is Personal Data

Personal data is information that reveals or can reveal the identity of the user. We adhere to the principle of data minimization and collect personal data only when absolutely necessary.

1.2 Handling of Personal Data

Personal data is used exclusively for establishing, executing, or processing the contractual relationship (Art. 6 (1) b GDPR).

Beyond this, personal data is only processed with your consent (Art. 6 (1) a GDPR).

We may use data processors to process your personal data, with whom we have concluded data processing agreements where required.

For contract fulfillment, data is shared with the email service provider (Lettermint) to the extent necessary.

Your personal data is processed within the EU.

1.3 Usage Data

When visiting the website, general technical information is collected, including IP address, time, duration of visit, browser type, and referrer URL. This usage data is not linked to your other personal data.

1.4 Registration Data

Registration is required to use the website's features. Registration data is collected through your input and used for the specified purpose.

1.5 Storage Duration

We store your personal data after the purpose has been fulfilled only as long as required by legal provisions.

2. Your Rights

2.1 Right to Information

You can request information about whether we process your personal data and, if so, you have the right to access this data.

2.2 Right to Rectification

You have the right to rectification of incorrect personal data concerning you.

2.3 Right to Erasure

You have the right to request that your personal data be deleted immediately, particularly when:

  • Your personal data is no longer necessary for the purposes for which it was collected.
  • You withdraw your consent and there is no other legal basis for processing.
  • Your data was unlawfully processed.

The right to erasure does not apply when your data is required for establishing our legal claims.

2.4 Right to Restriction of Processing

You have the right to request restriction of processing when:

  • you dispute the accuracy of the data,
  • the processing is unlawful,
  • we no longer need the data but you need it for legal claims,
  • you have objected to processing and it has not yet been determined whether our reasons override yours.

2.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

2.6 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw it at any time.

2.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority.

3. Social Login

3.1 Google OAuth

We offer the option to sign in with your Google account.

  • Data transmitted: Email address, name, Google account ID
  • Legal basis: Consent (Art. 6 (1) a GDPR)
  • Purpose: Simplified registration and login
  • Retention period: As long as the user account exists

Authentication is performed directly with Google. We only receive the basic data necessary for login.

More information: https://policies.google.com/privacy

3.2 Withdrawal of Consent

You can disconnect from social login services at any time in your account settings.

3.3 OAuth Providers

When using social login, data is transferred to the following providers:

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Data Privacy Framework certified)

This transfer only occurs when actively using the login option and is based on your explicit consent.

4. Cookies and Analytics

We use various technologies on our website. You can adjust your consent at any time via the "Cookie Settings" link.

4.1 Technically Necessary Cookies

These cookies are essential for the website to function and cannot be disabled.

  • Session cookies: To maintain your login session
  • OAuth state cookies: Temporary cookies during the login process
  • Cookie consent cookie: Stores your cookie preferences

4.2 Web Analytics (Umami)

For analyzing website usage, we use Umami Analytics, a privacy-friendly, self-hosted analytics solution.

Umami is operated on our own server in Germany. No data is transmitted to third parties.

Data collected: Page views, session duration, device type, browser. All data is anonymized.

Umami does not set cookies and does not track across websites.

Usage only occurs with your explicit consent (Art. 6 (1) a GDPR).

4.3 Cookie Settings

You can adjust your cookie settings at any time via the link in the footer.

5. Data Security

5.1 Security Measures

All data on our website is protected against loss, destruction, access, modification, and distribution through technical and organizational measures.

5.2 Sessions and Cookies

We use server-side sessions to operate the website. Without your explicit consent, no personal data is taken from sessions.

6. Third-Party Services

6.1 Use of Lettermint

Our email communication is handled via Lettermint (based in the EU).

Lettermint uses the information to send emails on our behalf. Lettermint does not use our users' data to contact them directly.

Usage is based on our legitimate interest in reliable email delivery.

Lettermint privacy policy: https://lettermint.co/privacy

6.2 Hosting and Server

Our website is hosted on a dedicated VPS server from Hetzner Online GmbH, Germany.

All data is exclusively processed and stored in Germany.

Usage is based on our legitimate interest in reliable provision of our website.

More information about Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz

7. Contact

For inquiries regarding data protection, please contact us. Controller under the GDPR:

Mr. Michael Herceg

Grieskirchner Str. 7

4600 Wels

Austria

Email: info@gedeckt.app