Tivent Icon
tivent
DE EN
Sign in Sign up

GDPR PRIVACY POLICY (for tivent.de)

1. Responsible Party

Responsible in the sense of the General Data Protection Regulation (GDPR) is:

Maximilian Woltersdorf

Bismarckstraße 47B

12169 Berlin

Germany

Email: max@tivent.de

2. Collection and Storage of Personal Data

We process personal data that users provide to us in the context of registration, appointment booking or use of our software. This includes in particular:

  • First and last name
  • Email address
  • Password (hashed)
  • Booking data (e.g. appointments, customer data, times, optional notes)
  • Communication data
  • Technical data (IP address, browser type, time of access, log files)

Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in secure operation of the website).

3. Purposes of Processing

We process personal data for the following purposes:

  • Provision of our booking software
  • Registration and management of user accounts
  • Creation of bookings, appointment management and customer communication
  • Email communication
  • Security, error analysis and system stability
  • Fulfillment of legal retention obligations

4. Hosting & Technical Infrastructure

Our application is hosted on:

Heroku / Salesforce Heroku, Inc., 415 Mission Street, Suite 300, San Francisco, CA, USA.

Heroku processes log files, application data and connection information. The transfer is based on standard contractual clauses of the EU Commission (Art. 46 GDPR).

More information: https://www.heroku.com/policy/security

5. Email Delivery (Lettermint)

For sending system emails (e.g. registration confirmations, password reset, booking confirmations) we use:

Lettermint (Postmark / Wildbit / ActiveCampaign)

The following are processed:

  • Email address
  • Delivery time
  • Metadata (delivery status)

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment).

The transfer may take place outside the EU. It is based on standard contractual clauses (Art. 46 GDPR).

6. No Use of Tracking Tools

We do not use tracking services such as Google Analytics, Facebook Pixel or cookies for analysis or marketing purposes. Only technically necessary cookies are used.

7. Cookies

We only use technically necessary cookies:

  • Session cookie for user authentication
  • CSRF protection cookies if applicable

These cookies are required to make the website functional (Art. 6 para. 1 lit. f GDPR).

8. Data Processing

Since we process personal data on behalf of customers (e.g. their appointment customers), we conclude a data processing agreement (DPA) with our commercial customers in accordance with Art. 28 GDPR.

9. Deletion of Data

Data will be deleted as soon as the purpose ceases to exist and there are no legal retention obligations. Customer accounts can be completely deleted upon request.

10. Rights of Data Subjects

Users have the following rights:

  • Information (Art. 15 GDPR)
  • Correction (Art. 16 GDPR)
  • Deletion (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Please send inquiries by email to max@tivent.de.

11. Security

We use common technical and organizational measures (TOMs):

  • TLS/SSL encryption
  • Access restrictions
  • Password encryption (bcrypt etc.)
  • Firewalls and monitoring via Heroku

12. Changes

We reserve the right to adjust this privacy policy if necessary.