Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as data) that we process, for what purposes, and to what extent in the context of providing our application.

The terms used are not gender-specific.

Last updated: June 7, 2026

Controller

Lino Kuhn

Henningen 36

53804 Much

Germany

Email: lino-kuhn@hotmail.de

Imprint: https://www.bufftracker.com/imprint

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data
  • Employee data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

Categories of Data Subjects

  • Service recipients and clients
  • Employees
  • Interested parties
  • Communication partners
  • Users
  • Third parties
  • Whistleblowers

Purposes of Processing

  • Communication
  • Security measures
  • Affiliate tracking
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • Provision of our online offering and user-friendliness
  • Information technology infrastructure
  • Whistleblower protection
  • Public relations

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 (1) (a) GDPR) The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subjects request.
  • Legal obligation (Art. 6 (1) (c) GDPR) The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) (f) GDPR) The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, ensuring availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also take the protection of personal data into account in the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the users browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that the data is transferred to or disclosed to other entities, companies, legally independent organizational units, or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or the disclosure or transfer of data to other persons, entities, or companies, this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by the EU Commissions adequacy decision of July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations to protect your data.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are revoked or no further legal bases for processing exist. This applies to cases where the original processing purpose ceases to apply or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to access that data.
  • Right to rectification: You have the right to obtain the completion of incomplete personal data or the rectification of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: You have the right to request the immediate erasure of personal data concerning you or, alternatively, to request restriction of processing.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority.

Provision of Online Offering and Web Hosting

We process user data in order to provide them with our online services. For this purpose, we process the users IP address, which is necessary to transmit the content and functions of our online services to the users browser or device.

  • Processed data types: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Log data (e.g., log files concerning logins or data retrieval or access times).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices). Security measures.
  • Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).

Hetzner

Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity). Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Website: https://www.hetzner.com. Privacy policy: https://docs.hetzner.com.

Web Analytics, Monitoring, and Optimization

Web analytics is used to evaluate the visitor flows of our online offering. We use an IP masking procedure to protect users.

  • Processed data types: Usage data, Meta, communication, and procedural data
  • Data subjects: Users
  • Security measures: IP masking
  • Legal bases: Consent (Art. 6 (1) (a) GDPR), Legitimate interests (Art. 6 (1) (f) GDPR)

Google Analytics

We use Google Analytics to measure and analyze the use of our online offering. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://business.safety.google/privacy/. Opt-out: https://tools.google.com/dlpage/gaoptout?hl=en.

Microsoft Clarity

We use Microsoft Clarity to better understand user behavior on our website and to improve usability. Clarity captures session recordings and heatmaps that enable anonymized analysis of interactions (e.g., mouse movements, clicks, scroll behavior). The collected data may be transmitted to Microsoft servers in third countries (particularly the USA). Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Privacy policy: https://privacy.microsoft.com/en-us/privacystatement. Terms of use: https://clarity.microsoft.com/terms. The legal basis is your consent (Art. 6 (1) (a) GDPR) as well as our legitimate interest in optimizing our online offering (Art. 6 (1) (f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

Affiliate Programs and Affiliate Links

In our online offering, we include so-called affiliate links or other references to the offers and services of third-party providers. If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers.

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person.
  • Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means.