Privacy Policy

Introduction

This privacy policy informs about the type, scope, and purpose of the processing of personal data when using the JanStore software (hereinafter referred to as "Service").

1. Responsible Party

The responsible party within the meaning of the General Data Protection Regulation (GDPR) is:

Kölner Stadthonig, Armin Behrens
Kaiserstr 88a
51149 Köln
DE

Email: info@koelner-stadthonig.com

2. Subject of Data Protection

The subject of data protection is personal data. This includes all information relating to an identified or identifiable natural person (e.g., name, email address, IP address).

3. Categories of Processed Data

In the context of using the Service, the following personal data will be processed:

Master data: Name, email address, username

Account and team data: Roles, team memberships, on-call and shift assignments

Content data: Shift schedules, comments, internal communications

Billing data: Tariff, duration, billing information

Communication data: Support requests, email correspondence

Technical data: IP address, timestamp, browser and system information, log data

4. Purposes of Data Processing

The processing of personal data is carried out for the following purposes:

Provision, operation, and administration of the Service

Contract execution and billing

Organization and communication within teams

Support and technical assistance

Security, stability, and abuse prevention

Further development and improvement of the Service

5. Legal Bases for Processing

The processing is based on the following legal bases:

Art. 6 para. 1 lit. b GDPR - Contract fulfillment

Art. 6 para. 1 lit. f GDPR - Legitimate interest (e.g., security, error analysis)

Art. 6 para. 1 lit. c GDPR - Legal obligations (e.g., tax retention obligations)

If consent is required, the processing is based on Art. 6 para. 1 lit. a GDPR.

6. Cookies and Similar Technologies

6.1 The Service uses technically necessary cookies that are required for operation, authentication, sessions, and security functions.

6.2 Additionally, functional cookies may be used, e.g., to store language settings.

6.3 Tracking or marketing cookies are not used unless explicitly stated and consent is obtained.

7. Data Transfer and Recipients

7.1 Personal data will only be shared to the extent necessary:

for contract fulfillment

to fulfill legal obligations

to instructed processors

7.2 Processors are contractually obligated in accordance with Art. 28 GDPR.

7.3 Transfer to third countries will only occur if legally permissible and suitable guarantees are in place.

8. Storage Duration

8.1 Personal data will only be stored as long as necessary for the respective purposes.

8.2 Legal retention obligations remain unaffected.

8.3 After the end of the contract, data will be deleted unless legal obligations prevent this.

9. Data Security

The provider takes technical and organizational measures in accordance with Art. 32 GDPR to protect personal data against loss, misuse, and unauthorized access.

10. Rights of Affected Persons

Affected persons have the following rights:

Right to information (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to deletion (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object to processing (Art. 21 GDPR)

To exercise these rights, a simple notification to the responsible party is sufficient.

11. Right to Complain

Affected persons have the right to complain to a data protection supervisory authority if they believe that the processing of their personal data violates the GDPR.

12. Changes to the Privacy Policy

This privacy policy may be adjusted if necessary for legal, technical, or organizational reasons.

As of: January 2026