Privacy Policy

Effective date: April 20, 2026  |  Last updated: April 20, 2026

1. Controller

The controller responsible for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

Roland Schnurr
Wolfersbach 5
77883 Ottenhöfen, Germany
E-Mail: roland.schnurr@my8data.com

2. Overview

We take the protection of your personal data seriously. This Privacy Policy explains which data we collect, for what purposes, on what legal basis, and what rights you have under the GDPR and the German Federal Data Protection Act (BDSG).

3. Data We Collect and Why

3.1 Account and Registration Data

When you create an account, we collect your e-mail address and optionally your name. This data is required to provide the contracted service (Art. 6(1)(b) GDPR). We retain account data for the duration of the contract and for up to 3 years thereafter to comply with statutory retention obligations (Art. 6(1)(c) GDPR).

3.2 Analysis and Usage Data

Measurement data and analysis results you enter into the platform are stored on our servers to enable you to access, export and manage your analyses. This data is processed exclusively to perform the contract (Art. 6(1)(b) GDPR) and is not shared with third parties. You may delete your data at any time via your account settings.

3.3 Server Log Files

Our hosting provider automatically collects standard server log data (IP address, browser type, operating system, referrer URL, date and time of access). This data is processed on the basis of our legitimate interest in ensuring the security and stable operation of the platform (Art. 6(1)(f) GDPR) and is deleted after 30 days.

3.4 Session Cookies

We use technically necessary session cookies for language selection and maintaining your login session. These cookies are not used for tracking or advertising purposes and are deleted when you close your browser or log out. No consent is required for technically necessary cookies (§ 25(2) TDDDG).

3.5 Payment Data

All payment processing is handled by Paddle.com (Paddle.com Market Limited, Judd House, 18–29 Mora Street, London, EC1V 8BT, United Kingdom), which acts as Merchant of Record. We do not store payment card details. Paddle processes payment data under its own Privacy Policy as an independent data controller for payment and billing purposes. The legal basis for sharing necessary billing information with Paddle is the performance of the contract (Art. 6(1)(b) GDPR).

3.6 E-Mail Communication

If you contact us by e-mail, we process the data you provide (e-mail address, message content) in order to respond to your enquiry. The legal basis is our legitimate interest in communication (Art. 6(1)(f) GDPR) or, where applicable, contract performance (Art. 6(1)(b) GDPR). We retain correspondence for 3 years.

4. Data Processors and Third Parties

We work with the following service providers as data processors (Art. 28 GDPR):

• Hosting provider – servers located within the EU/EEA. A Data Processing Agreement (DPA) is in place.
• Paddle.com – payment processing; acts as independent controller for payment data. See Section 3.5 above.

We do not sell personal data and do not transfer data to third parties beyond what is described in this policy.

5. International Data Transfers

Where personal data is transferred outside the EU/EEA (e.g. by Paddle.com to the United Kingdom, which has an EU adequacy decision), we ensure appropriate safeguards are in place in accordance with Chapter V GDPR.

6. Your Rights

Under the GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) – request a copy of your data;
• Right to rectification (Art. 16 GDPR) – correct inaccurate data;
• Right to erasure (Art. 17 GDPR) – request deletion of your data;
• Right to restriction of processing (Art. 18 GDPR);
• Right to data portability (Art. 20 GDPR);
• Right to object (Art. 21 GDPR) – object to processing based on legitimate interests;
• Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at: roland.schnurr@my8data.com.
We will respond within 30 days in accordance with Art. 12 GDPR.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for Baden-Württemberg (Germany) is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart
www.baden-wuerttemberg.datenschutz.de

8. Data Security

We use appropriate technical and organisational measures (TOM) to protect your data against accidental or intentional manipulation, loss, destruction or unauthorised access. These include HTTPS encryption (TLS), access controls and regular security reviews.

9. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by e-mail or in-app notification. The current version is always available at www.my8data.com/en/privacy.

10. Contact

For any questions regarding data protection, please contact:
roland.schnurr@my8data.com