Live Updates ready for Capacitor 8! Start for free
LogoCapawesome
Login

Privacy Policy

Preamble

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Last Update: 8. February 2026

Controller

Genz IT Solutions GmbH
Brückengasse 1b
78462 Konstanz
Germany

Authorised Representatives: Robin Genz

E-mail address: mail@genz-its.de

Overview of processing operations

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

  • Inventory data.
  • Employee Data.
  • Payment Data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and process data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Employees.
  • Prospective customers.
  • Communication partner.
  • Users.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Web Analytics.
  • Office and organisational procedures.
  • Conversion tracking.
  • Clicktracking.
  • Organisational and Administrative Procedures.
  • Content Delivery Network (CDN).
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Authentication processes.
  • Provision of our online services and usability.
  • Establishment and execution of employment relationships.
  • Information technology infrastructure.
  • Public relations.
  • Business processes and management procedures.

Security Precautions

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects' rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we employ TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information that is transferred between the website or app and the user's browser (or between two servers), thereby safeguarding the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions conform to the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being securely and encryptedly transmitted.

Transmission of Personal Data

In the course of processing personal data, it may happen that this data is transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include service providers tasked with IT duties or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and particularly conclude relevant contracts or agreements that serve to protect your data with the recipients of your data.

International data transfers

Data Processing in Third Countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or the disclosure or transfer of data to other individuals, entities, or companies (which becomes apparent either from the postal address of the respective provider or when explicitly mentioned in the privacy policy regarding data transfer to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which has been recognized as a secure legal framework by the EU Commission's adequacy decision of July 10, 2023. Additionally, we have concluded Standard Contractual Clauses with the respective providers, which comply with the EU Commission's requirements and establish contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: The DPF serves as the primary level of protection, while the Standard Contractual Clauses act as an additional security measure. Should any changes occur within the DPF framework, the Standard Contractual Clauses will serve as a reliable fallback option. This ensures that your data remains adequately protected even in the event of political or legal changes.

For individual service providers, we will inform you whether they are certified under the DPF and if Standard Contractual Clauses are in place. The list of certified companies and further information about the DPF can be found on the U.S. Department of Commerce's website at https://www.dataprivacyframework.gov/.

For data transfers to other third countries, appropriate safeguards apply, particularly Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.

We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.

Disclosure of Personal Data Abroad: In accordance with the Swiss Data Protection Act (Swiss DPA), we only disclose personal data abroad when an appropriate level of protection for the affected persons is ensured (Art. 16 Swiss DPA). If the Federal Council has not determined an adequate level of protection (list of states: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we implement alternative security measures.

General Information on Data Retention and Deletion

We delete personal data that we process in accordance with legal regulations as soon as the underlying consents are revoked or no further legal bases for processing exist. This applies to cases where the original purpose of processing is no longer applicable or the data is no longer needed. Exceptions to this rule exist if statutory obligations or special interests require a longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data specifically applicable to certain processing processes.

In cases where multiple retention periods or deletion deadlines for a date are specified, the longest period always prevails.

Data that is no longer stored for its originally intended purpose but due to legal requirements or other reasons are processed exclusively for the reasons justifying their retention.

Data Retention and Deletion: The following general deadlines apply for the retention and archiving according to German law:

  • 10 Years - Fiscal Code/Commercial Code - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet as well as the necessary work instructions and other organisational documents.
  • 8 Years - Accounting documents, such as invoices, booking and expense receipts.
  • 6 Years - Other business documents: received commercial or business letters, copies of dispatched commercial or business letters, and other documents to the extent that they are significant for taxation purposes.
  • 3 Years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights, based on previous business experiences and common industry practices, will be stored for the duration of the regular statutory limitation period of three years.

Data Retention and Deletion: The following general retention and archiving periods apply under Swiss law:

  • 10 Years - Retention period for books and records, annual financial statements, inventories, management reports, opening balances, accounting vouchers and invoices, as well as all necessary working instructions and other organizational documents (Article 958f of the Swiss Code of Obligations (OR)).
  • 10 Years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as for the processing of related inquiries based on previous business experiences and usual industry practices, will be stored for the statutory limitation period of ten years, unless a shorter period of five years is applicable, which is relevant in certain cases (Articles 127, 130 OR).

Rights of Data Subjects

Rights of the Data Subjects under the GDPR: As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

  • Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
  • Right of withdrawal for consents: You have the right to revoke consents at any time.
  • Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
  • Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
  • Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
  • Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
  • Complaint to the supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority.

Rights of the data subjects under the Swiss DPA:

  • Right to information: You have the right to request confirmation as to whether personal data concerning you are being processed, and to receive the information necessary for you to assert your rights under the Swiss DPA and to ensure transparent data processing.
  • Right to data release or transfer: You have the right to request the release of your personal data, which you have provided to us, in a common electronic format, as well as its transfer to another data controller, provided this does not require disproportionate effort.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, deletion, and destruction: You have the right to object to the processing of your data, as well as to request that personal data concerning you be deleted or destroyed.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries.

We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights.

  • Processed data types: Inventory data; Payment Data; Contact data; Contract data.
  • Data subjects: Service recipients and clients; Prospective customers; Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organisational procedures; Business processes and management procedures.
  • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Provision of online services and web hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

  • Processed data types: Usage data; Meta, communication and process data; Log data; Content data.
  • Data subjects: Users; Service recipients and clients.
  • Purposes of processing: Provision of our online services and usability; Information technology infrastructure; Security measures; Content Delivery Network (CDN); Provision of contractual services and fulfillment of contractual obligations.
  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Service providers used:

  • Hetzner: Services in the field of the provision of information technology infrastructure and related services. Privacy Policy.
  • Cloudflare: Content-Delivery-Network (CDN). Privacy Policy.
  • netcup: Services in the field of the provision of information technology infrastructure and related services. Privacy Policy.
  • Sentry: Monitoring system stability and identifying code errors. Privacy Policy.
  • PlanetScale: Database services and storage. Privacy Policy.

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used for different purposes, such as ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. If necessary, we obtain users' consent in advance. If consent is not required, we rely on our legitimate interests.

Storage duration: The following types of cookies are distinguished based on their storage duration:

  • Temporary cookies (session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device.
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website.

General information on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to the processing according to legal regulations, including through the privacy settings of their browser.

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Consent (Article 6 (1) (a) GDPR).

Single Sign-on Authentication

"Single Sign-On" or "Single Sign-On Authentication or Logon" are procedures that allow users to log in to our online services using a user account with a provider of Single Sign-On services (e.g. a social network). Authentication takes place directly with the respective single sign-on provider. Within the scope of such authentication, we receive a user ID with the information that the user is logged in with the respective single sign-on provider under this user ID.

  • Processed data types: Inventory data; Contact data; Usage data; Meta, communication and process data.
  • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Service providers used:

Contact and Inquiry Management

When contacting us (e.g. via mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

  • Processed data types: Contact data; Content data.
  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Chatbots and chat functions

We provide online chats and chatbot functions as a means of communication. A chat is an online conversation that is conducted with a certain degree of immediacy. If you use our chat functions, we may process your personal data.

  • Processed data types: Contact data; Content data; Usage data; Meta, communication and process data.
  • Legal Basis: Consent (Article 6 (1) (a) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Service providers used:

  • Crisp: Chatbot and assistance software and related services. Privacy Policy.

Newsletter and Electronic Communications

We send newsletters, emails, and other electronic notifications exclusively with the consent of the recipients or based on a legal basis. If the contents of the newsletter are specified during registration for the newsletter, these contents are decisive for the users' consent.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to demonstrate previously given consent.

  • Processed data types: Inventory data; Contact data; Meta, communication and process data; Usage data.
  • Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
  • Opt-Out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt.

Service providers used:

Profiles in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights.

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Platforms used:

Management, Organization and Utilities

We use services, platforms and software from other providers for the purposes of organizing, administering, planning and providing our services. When selecting third-party providers and their services, we comply with the legal requirements.

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Service providers used:

  • GitHub: Platform for version control of software projects. Privacy Policy.

Processing of data in the context of employment relationships

In the context of employment relationships, the processing of personal data aims to effectively manage the establishment, execution, and termination of such relationships. This data processing supports various operational and administrative functions necessary for managing employee relations.

  • Processed data types: Employee Data.
  • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Changes and Updates

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

Terminology and Definitions

In this section, you will find an overview of the terminology used in this privacy policy. Where the terminology is legally defined, their legal definitions apply. The following explanations, however, are primarily intended to aid understanding.

  • Clicktracking: Clicktracking allows users to keep track of their movements within an entire website.
  • Contact data: Contact details are essential information that enables communication with individuals or organizations.
  • Content Delivery Network (CDN): A service with whose help contents of our online services can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.
  • Content data: Content data comprise information generated in the process of creating, editing, and publishing content of all types.
  • Contract data: Contract data are specific details pertaining to the formalisation of an agreement between two or more parties.
  • Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Conversion tracking: Conversion tracking is a method used to evaluate the effectiveness of marketing measures.
  • Inventory data: Inventory data encompass essential information required for the identification and management of contractual partners, user accounts, profiles, and similar assignments.
  • Log data: Protocol data, or log data, refer to information regarding events or activities that have been logged within a system or network.
  • Meta, communication and process data: Categories that contain information about how data is processed, transmitted, and managed.
  • Payment Data: Payment data comprise all information necessary for processing payment transactions between buyers and sellers.
  • Personal Data: "Personal data" means any information relating to an identified or identifiable natural person ("data subject").
  • Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
  • Profiles with user-related information: The processing of "profiles with user-related information" includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person.
  • Usage data: Usage data refer to information that captures how users interact with digital products, services, or platforms.
  • Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites.