Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

visotask UG Kemptener Straße 31 81475 München Germany E-mail: info@visotask.de

2. General information on data processing

We process personal data only to the extent necessary to provide our website, our SaaS platform, our contractual services, and to operate our business securely and efficiently.

This privacy policy applies in particular to:

- visits to our website, - contact enquiries, - demo and contract enquiries, - the use of the visotask platform by clients and their users, - the processing of appointment, ticket, customer, communication and document data within the platform, - paid subscriptions and payment processing.

3. Allocation of roles: controller and processor

Insofar as we process personal data to provide our website, to conclude contracts, for billing, support, IT security, abuse prevention and the administration of our own customer relationships, we act as the controller within the meaning of the GDPR.

Insofar as our clients process the personal data of their own customers, contact persons, employees, technicians or other end users via the visotask platform, we generally act as a processor on behalf of the respective client. In these cases, the respective client is the controller under data protection law. Corresponding data processing agreements are concluded separately.

4. Categories of processed data

Depending on the use, we process in particular the following categories of data:

- master data (e.g. name, company, position) - contact data (e.g. e-mail address, telephone number, postal address) - contract and billing data - payment and transaction data - content data (e.g. messages, appointment details, ticket content, documents, uploads) - usage data - protocol and log data - technical metadata (e.g. IP address, browser information, device information)

5. Purposes and legal bases of processing

We process personal data in particular for the following purposes:

a) to provide our website and platform Legal basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR

b) to initiate, perform and administer contractual relationships Legal basis: Art. 6 (1) (b) GDPR

c) for invoicing, accounting and the fulfilment of statutory obligations Legal basis: Art. 6 (1) (c) GDPR

d) for IT security, system stability, error analysis and abuse prevention Legal basis: Art. 6 (1) (f) GDPR

e) to handle contact enquiries and support cases Legal basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR

f) on the basis of consent, insofar as we obtain it in individual cases Legal basis: Art. 6 (1) (a) GDPR

6. Provision of the website and hosting

For the hosting, delivery and technical provision of our website and platform, we use external service providers. In this context, personal data may be processed insofar as this is necessary for technical operation.

7. Server log files

When our website is accessed, technically necessary access data is processed in server log files. This includes in particular:

- IP address - date and time of access - page / file accessed - browser type and browser version - operating system - referrer URL - HTTP status code

The processing is carried out to ensure stability, security and error analysis. Legal basis: Art. 6 (1) (f) GDPR

8. Cookies and similar technologies

We use technically necessary cookies and comparable storage technologies insofar as this is necessary for the operation of the website and platform, in particular for login, session management, security, language settings and protection against abuse.

Insofar as we use optional analytics, statistics or marketing technologies in the future, this will only be done on the basis of separate consent, where such consent is legally required.

9. Contacting us

If you contact us by e-mail, contact form or by any other means, we process the data you provide in order to handle your enquiry. Legal basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR

10. Demo enquiries, contract initiation and user accounts

If you request a demo, obtain an offer, conclude a contract with us or have a user account created, we process the data required for this purpose, in particular contact, company, contract and access data. Legal basis: Art. 6 (1) (b) GDPR

11. Use of the visotask platform

When using our platform, we process the data arising within the application insofar as this is necessary for the respective functions. This may include in particular appointment, booking, ticket, assignment, communication, documentation, upload and organisational data.

Insofar as this data is entered, imported or managed by our clients, the processing is generally carried out on behalf of the respective client.

12. Payment processing and subscriptions

Insofar as paid services, subscriptions or additional functions are booked, we process the data required for payment processing, in particular:

- name / company - billing address - e-mail address - booked plan / scope of services - payment status - transaction and invoice data

Payment processing is carried out via Stripe. The legal basis is Art. 6 (1) (b) GDPR.

13. E-mail dispatch and transactional communication

We send transaction-related e-mails, such as registration confirmations, system notifications, contract information, invoices, password reset messages and notifications relating to the use of the platform. Legal basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR

14. Recipients and service providers

We use external service providers insofar as this is necessary for the operation of our website and platform. This may include, in particular, providers for hosting, databases, infrastructure, e-mail dispatch, payment processing, maintenance, support and IT security.

Insofar as these service providers process personal data on our behalf, we conclude — where legally required — data processing agreements pursuant to Art. 28 GDPR.

15. Transfers to third countries

Processing of personal data outside the European Union or the European Economic Area cannot be ruled out, in particular when international technology providers are used.

Where a transfer to a third country takes place, we ensure that it is carried out only on the basis of the statutory requirements, in particular on the basis of an adequacy decision, appropriate safeguards or contractual protective mechanisms pursuant to Art. 44 et seq. GDPR.

16. Storage period

We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations.

- contract and billing data: for the duration of the contractual relationship and, beyond that, in accordance with statutory retention periods - support and correspondence data: until the matter has been conclusively dealt with and, where necessary, beyond that for documentation purposes - access data and account information: for the duration of the user relationship - log data: only for as long as is necessary for security and operational purposes

17. Obligation to provide data

The provision of certain personal data is necessary for the conclusion of a contract, the provision of a user account, payment processing or the use of individual platform functions. Without this data, we cannot provide the respective service in whole or in part.

18. Automated decisions

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place unless we inform you separately thereof.

19. Your rights

Subject to the statutory requirements, you have the right:

- to information pursuant to Art. 15 GDPR, - to rectification pursuant to Art. 16 GDPR, - to erasure pursuant to Art. 17 GDPR, - to restriction of processing pursuant to Art. 18 GDPR, - to data portability pursuant to Art. 20 GDPR, - to object pursuant to Art. 21 GDPR, - to withdraw consent given, with effect for the future.

To exercise your rights, a notification to the following address is sufficient: info@visotask.de

20. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority if you are of the opinion that the processing of your personal data infringes data protection law.

21. Amendments to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with the current legal, technical and business requirements. The version published on our website at any given time shall apply.