Privacy Policy

1. Controller Information

The controller responsible for data processing is:

2. Data Collection Overview

2.1 Scope of Personal Data Processing

We process personal data only to the extent necessary to provide a functional website and our content and services.

2.2 Legal Basis for Processing

• Consent (Art. 6(1)(a) GDPR): When you provide explicit consent (e.g., for analytics cookies)
• Contract Performance (Art. 6(1)(b) GDPR): For providing our services
• Legal Obligation (Art. 6(1)(c) GDPR): When required by law
• Legitimate Interests (Art. 6(1)(f) GDPR): For website security and fraud prevention

3. Website Access & Server Logs

3.1 Data Collected

When you access our website, the following data is automatically collected:

• IP address of the user
• Date and time of access
• Pages visited
• Browser type and version
• Operating system used
• Referrer URL

3.2 Purpose & Legal Basis

This data is necessary to deliver the website to your device (Art. 6(1)(f) GDPR). The temporary storage of the IP address is required to enable delivery of the website.

4. Authentication via Keycloak

4.1 Data Processed

When you authenticate, we process:

• Email address
• Name (first and last name)
• Keycloak user ID
• Login timestamp

4.2 Purpose & Legal Basis

Authentication is required to provide you access to your account and protected areas of the application (Art. 6(1)(b) GDPR - contract performance).

5. Application Data

5.1 Data We Store

When using our service, we store:

5.2 Purpose & Storage Duration

This data is essential for providing our core service (velocity tracking and analysis). Data is stored as long as you maintain an active account. After account deletion, all personal data is removed within 30 days, unless legal retention requirements apply.

6. Web Analytics with Matomo

6.1 Data Collected

With your consent, we use Matomo to analyze website usage:

• Anonymized IP address (last 2 bytes removed)
• Pages visited and time spent
• Browser type and version
• Operating system
• Country of origin
• Date and time of access

6.2 Why Matomo?

6.3 Legal Basis & Opt-Out

Analytics only runs after you give explicit consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time by clearing your browser's local storage or rejecting cookies in the banner.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

8. Data Security

We implement appropriate technical and organizational security measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our security measures are continuously improved in line with technological developments.

9. Changes to This Policy

This privacy policy is current as of the date stated above. We reserve the right to update this policy to reflect changes in our data processing practices or legal requirements. You will be notified of significant changes via email or upon your next login.