Privacy Policy

Alexander Bryant

Lauerstraße 8

69117 Heidelberg

Phone: +49 160 7270899

Email: alexander.bryant2718@gmail.com

We process personal data only insofar as this is necessary to provide our software and to fulfil statutory obligations. In detail:

Personal data is only disclosed where this is required by law or necessary for the performance of a contract:

• Tax advisor (for payroll accounting and bookkeeping)
• Statutory health insurance funds (social security notifications)
• German Pension Insurance (immediate notifications, contribution statements)
• Tax office (payroll tax filings)
• Hosting provider / IT service providers (under a data processing agreement)

Our primary hosting and database infrastructure is located in Germany (Hetzner Online GmbH, Nuremberg/Falkenstein). However, some optional third-party services we rely on involve transfers outside the EEA and are therefore only activated when required:

• Twilio Inc. (USA) — SMS delivery (shift reminders, password resets). Legal basis: EU Standard Contractual Clauses (SCC 2021/914). Transfer only if a phone number is configured.
• Functional Software Inc. (Sentry, USA) — Error tracking for technical errors. PII is filtered before transmission (see section on error logs below). Legal basis: SCC.
• SumUp Payments Ltd. (Ireland, EEA) — Card payment terminals. No third-country transfer under GDPR Art. 44.
• fiskaly GmbH (Austria/Germany, EEA) — TSE signing service (§146a AO compliance). No third-country transfer.

An up-to-date list of sub-processors with country of processing is maintained in our data processing agreement (DPA), which is available on request. We continuously evaluate EU-based alternatives (see German version, section 11a).

Personal data is deleted as soon as the purpose of processing no longer applies and no statutory retention obligations prevent deletion. The following retention periods apply:

• Payroll records, wage accounts: 6 years (Section 41(1) EStG)
• Accounting vouchers: 8 years (Section 147(1) No. 4 AO, reduced from 10 to 8 years as of 2025)
• Working time records: 2 years (Section 16(2) ArbZG)
• IfSG briefing records: duration of employment + 12 months
• Immediate notifications (Sofortmeldungen): 5 years (Section 28f(1) SGB IV)
• Contracts: 3 years after contract end (standard limitation period, Section 195 BGB)
• GPS location data: 7 days after capture (geofence result is retained)
• Chat messages: duration of employment + 30 days

After expiry of the statutory retention periods, data is automatically deleted or anonymised.

In the context of personnel management, special categories of personal data within the meaning of Art. 9(1) GDPR may be processed. This concerns in particular:

• Health data: Sick notes and certificates of incapacity for work as part of absence management (EFZG).
• Health certificates (IfSG): Certificates pursuant to Section 43 IfSG, which are legally required for work in the gastronomy sector.
• Pregnancy status (MuSchG): Information regarding maternity protection for compliance with employment prohibitions and protection periods under the Maternity Protection Act.

Legal basis: Art. 9(2)(b) GDPR in conjunction with Section 26 BDSG (processing for the purposes of the employment relationship, insofar as this is necessary for the exercise of rights or the fulfilment of legal obligations arising from employment law, social security law, and social protection law).

The provision of your personal data is partly required by law (e.g. working time recording under Section 16 ArbZG, health certificate under Section 43 IfSG) and partly necessary for the performance of the contract (e.g. shift scheduling, payroll). Without the provision of the required data, we cannot provide our contractual services.

GPS location recording is voluntary (consent); non-provision has no negative consequences -- time recording works without GPS.

You have the following rights vis-a-vis the data controller regarding your personal data:

• Right of access (Art. 15 GDPR) -- You may request information about the data we process about you.
• Right to rectification (Art. 16 GDPR) -- You may request the correction of inaccurate data.
• Right to erasure (Art. 17 GDPR) -- You may request the deletion of your data, provided no statutory retention obligations apply.
• Right to restriction of processing (Art. 18 GDPR) -- You may request the restriction of processing.
• Right to data portability (Art. 20 GDPR) -- You may request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR) -- You may object to the processing of your data insofar as it is based on Art. 6(1)(f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR) -- Where processing is based on consent, you have the right to withdraw it at any time. The withdrawal does not affect the lawfulness of the processing carried out prior to the withdrawal.

To exercise your rights, please contact: alexander.bryant2718@gmail.com

For data portability requests, we provide your data in a commonly used, machine-readable format (CSV or JSON). Requests are processed within 30 days of receipt (Art. 12(3) GDPR).

This application uses automated processing to support workforce planning:

• Shift assignment (QuickFill): Algorithmic suggestions based on availability, qualifications, and working time balance. The final decision is always made by a person (owner/management).
• Compliance checks: Automatic verification of statutory working time limits (ArbZG, MuSchG, JArbSchG). These serve to protect employees and only block assignments that are legally impermissible.
• Tip distribution: Calculation according to configurable rules set by the employees themselves (tronc system).

None of these processes constitutes solely automated decision-making within the meaning of Art. 22(1) GDPR, as human review is always involved. You have the right to request a manual review of any automated recommendation.

Personal data of employees may also be entered into the system by the employer (owner/management), e.g. when creating an employee profile. In this case, the data is not collected directly from the data subject (Art. 14 GDPR). The data subject is informed about the processing upon first login and asked for consent.

Categories of data collected: name, email, date of birth, employment type, hourly wage, tax ID, social security number, IBAN, tax class, health insurance. Source: employer's records from the employment contract.

The information is provided in accordance with Art. 14(3) GDPR no later than one month after collection of the data or upon the first communication with the data subject.

The processing of employee data is subject to additional regulations beyond the general provisions of this privacy policy:

• Legal basis: Art. 6(1)(b) GDPR (performance of the employment contract), Art. 6(1)(c) GDPR (legal obligations of the employer), and Art. 88 GDPR in conjunction with Section 26 BDSG for employee data.
• Responsibility: The data controller for the processing of employee data is the respective employer (client). We process this data exclusively as a data processor pursuant to Art. 28 GDPR.
• Works council: If a works council exists, it is the responsibility of the client to observe the co-determination rights under Section 87(1) No. 6 BetrVG when introducing and using the software.
• Consent: Consent given by employees (e.g. GPS location recording) is subject to the special requirements regarding voluntariness in the employment relationship (Section 26(2) BDSG).

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for us is:

To protect your personal data, we have implemented the following technical and organisational measures:

• Encryption of sensitive data: AES-256-GCM encryption of particularly sensitive data (IBAN, tax ID, social security number) in the database.
• Encrypted data transmission: All communication takes place via TLS-encrypted connections.
• Access control: Role-based permission system (Owner, Admin, Manager, Employee) with strict separation of privileges.
• Password security: Passwords are stored exclusively as bcrypt hashes.
• Two-factor authentication: Optional account protection through TOTP-based two-factor authentication.
• Regular security reviews: Continuous review of security measures and prompt remediation of identified vulnerabilities.

The software uses only technically necessary session cookies that are required for the operation of the application and the maintenance of the user session. These cookies are automatically deleted at the end of the browser session.

As no tracking, analytics, or marketing cookies are used, a cookie banner is not required (Section 25(2) No. 2 TDDDG).

This software is hosted by:

A data processing agreement (Auftragsverarbeitungsvertrag) pursuant to Art. 28 GDPR has been concluded with the hosting provider. The hosting provider processes data exclusively in Germany.

To provide our services, we use the following sub-processors:

• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany — Hosting, database, backup storage. Data processing agreement pursuant to Art. 28 GDPR concluded. Processing exclusively in Germany.
• Twilio Inc., San Francisco, CA, USA — SMS delivery (shift reminders, password reset). Only active if a phone number is configured. EU Standard Contractual Clauses (SCC 2021/914) + EU-US Data Privacy Framework (DPF).
• Functional Software Inc. (Sentry), San Francisco, CA, USA — error and performance monitoring. PII filtered via `beforeSend` before transmission. EU SCC + EU-US DPF.
• SumUp Payments Ltd., Dublin, Ireland (EEA) — card payment processing. Art. 28 GDPR DPA; no third-country transfer.
• fiskaly GmbH, Vienna, Austria (EEA) — TSE signing service (§146a AO compliance). Art. 28 GDPR DPA; no third-country transfer.

The current status of this register is published on this page and documented in the version history below. Under the data processing agreement, the client has the right to object to the engagement of new sub-processors.