Privacy Policy

1. Data Controller

Data Controller within the meaning of the General Data Protection Regulation (GDPR):

2. General Information

(1) This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data within our software "BISpicy Inventory Management" and the associated online services.

(2) Legal basis:

• General Data Protection Regulation (GDPR)
• German Federal Data Protection Act (BDSG)
• German Telemedia Act (TMG)

3. Collection and Processing of Personal Data

3.1 During Registration and Account Creation

What data is collected?

• Email address (required)
• Password (stored encrypted)
• Company name and address
• Registration timestamp

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Storage period: Until account deletion + 30 days

3.2 During Use of the Software

What data is processed?

• Article data (products, prices, inventory)
• Customer data (names, addresses, contact details)
• Order data (orders, deliveries, invoices)
• Usage data (login times, activities)

Note: This data is processed on behalf of the customer (data processing agreement pursuant to Art. 28 GDPR).

4. Data Transfer to Third Parties

(1) Principle: Your data will only be disclosed to third parties if:

• You have given consent (Art. 6(1)(a) GDPR)
• This is necessary for contract performance (Art. 6(1)(b) GDPR)
• There is a legal obligation (Art. 6(1)(c) GDPR)

(2) Data recipients:

Recipient	Purpose	Legal Basis
Stripe Inc.	Payment processing	Art. 6(1)(b) GDPR
Shipping providers (DHL, DPD, etc.)	Label creation	Art. 6(1)(b) GDPR
DigitalOcean	Hosting	Art. 6(1)(b) GDPR

5. Your Rights as a Data Subject

6. Data Security

We have implemented extensive technical and organizational measures:

• Encryption: TLS 1.3 for all data transfers
• Access controls: Role-based permissions
• Backups: Daily automatic backups
• Hosting: EU data centers

7. Contact

For questions about data protection, please contact: