LiteLog LogoBook slot

Privacy Policy

Effective: September 23, 2025

1. Controller

Controller for data processing:
IQONEX GmbH
Eugen-Richter-Straße 45
99085 Erfurt, Germany
E-Mail: info@litelog.de

Supervisory Authority:
Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)
Häßlerstraße 8, 99096 Erfurt
Phone: +49 361 57-3112900
E-Mail: poststelle@datenschutz.thueringen.de

2. Rights of Data Subjects

You have the following rights under GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 (3) GDPR)

You also have the right to lodge a complaint with the supervisory authority (Art. 77 GDPR).

3. Data Collection on Our Website

a) Hosting and Logfiles

  • Hosting: Platform.sh (EU region)
  • Data: IP address, date/time, URL, referrer, browser type/version, operating system
  • Purpose: operation, security, error diagnostics
  • Legal basis: Art. 6 (1) (f) GDPR
  • Storage period: 30 days

b) Cookies & Consent

  • Necessary cookies (Art. 6 (1) (f) GDPR)
  • Optional cookies (analytics/marketing) only with consent (Art. 6 (1) (a) GDPR)
  • Consent management: in-house system, revocable at any time

c) Registration / User Account

  • Data: name, email, login credentials, roles, tenant
  • Purpose: contract performance, access management
  • Legal basis: Art. 6 (1) (b) GDPR
  • Storage period: contract duration + 90 days

d) Contact

  • Data: information from contact forms or emails
  • Purpose: handling of inquiries
  • Legal basis: Art. 6 (1) (a), (b) GDPR
  • Storage period: 12 months

e) Appointment Scheduling

  • Provider: Brevo Meetings (Sendinblue/Brevo)
  • Data: name, email, appointment details, video link if applicable
  • Legal basis: Art. 6 (1) (b) GDPR
  • Storage period: until completion + statutory retention obligations

4. Analytics and Marketing Tools

a) Google Analytics 4

  • Data: usage behavior, interactions, device info
  • Note: no storage of EU IP addresses
  • Third-country transfer: USA (SCCs)
  • Legal basis: Art. 6 (1) (a) GDPR
  • Storage period: 14 months

b) Hotjar

  • Data: clicks, scrolls, heatmaps, feedback (no form field entries)
  • Legal basis: Art. 6 (1) (a) GDPR
  • Storage period: 12 months

c) Google Ads / Conversion Tracking

  • Data: conversions (e.g. form submissions)
  • Legal basis: Art. 6 (1) (a) GDPR
  • Storage period: depends on campaign duration

5. Payment Methods

Payments are processed via Stripe Payments Europe, Ltd., Dublin, Ireland.

Stripe processes: payment details (credit card, IBAN, amount), billing data (name, address, email), IP address.

Legal basis:

  • Art. 6 (1) (b) GDPR (contract performance)
  • Art. 6 (1) (f) GDPR (fraud prevention, secure processing)

Further information: Stripe Privacy Policy

Available methods via Stripe:

6. Mobile Apps

a) LiteLog Android App

  • Data: location (incl. background), camera/media (QR, photos, videos), NFC UIDs, account data, event/tour logs, diagnostic/crash data
  • Purpose: attendance tracking, guard tours, security, support
  • Legal basis: Art. 6 (1) (a), (b), (f) GDPR
  • Storage period: logs 12 months, account data contract duration + 90 days, crash data 30–90 days

b) LiteLog iOS App

  • Data: same as Android
  • App Store Privacy Label: account data & event logs marked as “Data linked to you”
  • App Tracking Transparency: no IDFA, no cross-device tracking
  • Legal basis: Art. 6 (1) (a), (b), (f) GDPR
  • Storage period: same as Android
  • Availability: App Store + in-app (Settings → Privacy)

7. Security (Art. 32 GDPR)

  • TLS/SSL encryption
  • Access restrictions & role/permission concepts
  • Pseudonymization of log data
  • Data minimization & deletion policies
  • Regular backups
  • Staff training

8. Storage Periods (Overview)

  • Server logs: 30 days
  • Contact inquiries: 12 months
  • Registration/account data: contract duration + 90 days
  • Crash/diagnostic data: 30–90 days
  • Contract/billing data: 6 years (HGB) / 10 years (AO)
  • Appointment bookings: until completion + statutory retention obligations

9. Changes

We reserve the right to update this Privacy Policy when services, technologies, or legal requirements change.

10. Data Protection Officer

E-Mail: info@litelog.de

If a Data Protection Officer is appointed under § 38 BDSG, their contact details will be published here.

Contact

For questions about this Privacy Policy:
info@litelog.de