We take the protection of your personal data very seriously. Below we inform you in detail about how your data is handled when using the EasyRechnung platform in accordance with the General Data Protection Regulation (GDPR/DSGVO).
1. Data Controller
The controller responsible for processing personal data on this website within the meaning of Art. 4 No. 7 GDPR is: Serhii Makarov Bornstr. 19, 58762 Altena, Germany Email: s.makarov.de@gmail.com Phone: +49 160 914 70 380
2. Hosting and Infrastructure (Hetzner)
Our platform is hosted on servers of Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). The server location is Germany (EU). The use of Hetzner is based on Art. 6 Abs. 1 lit. f GDPR (legitimate interest in the secure, fast and efficient delivery of our online services). We have concluded a Data Processing Agreement (DPA) with Hetzner in accordance with Art. 28 GDPR, which ensures that Hetzner processes our users' data solely according to our instructions and in compliance with the GDPR.
3. Data Collection upon Registration & Usage (NextAuth)
We collect personal data when you register and use EasyRechnung. We use NextAuth (Google OAuth) for authentication. Your email address, name, and profile picture are captured and stored in our database. The legal basis for this processing is Art. 6 Abs. 1 lit. b GDPR (performance of a contract or pre-contractual measures). Since Google LLC is based in the USA, the transfer of data is carried out on the basis of certification under the EU-US Data Privacy Framework (DPF) as well as additional Standard Contractual Clauses (SCC). The data is stored as long as your user account on our platform is active. You can delete your account and associated data at any time.
4. Data Processing during Invoicing
When you create invoices on our platform, we process the data you enter (sender data, customer data, invoice amounts, tax numbers, descriptions, banking details). This data is necessary for the performance of our contractual obligations (Art. 6 Abs. 1 lit. b GDPR) as well as for compliance with legal obligations such as German GoBD and tax retention requirements (Art. 6 Abs. 1 lit. c GDPR). Invoices and their embedded XML metadata (ZUGFeRD/XRechnung) are stored securely in our database and object storage (MinIO) on servers in the EU.
5. Payment Processing via Stripe
To process payments and subscriptions, we use the payment service provider Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Canal Dock, Dublin, Ireland). When you subscribe, your payment data (e.g. credit card details, billing address) is transmitted directly to Stripe. We do not store complete credit card information on our servers. The transfer of your data to Stripe is based on Art. 6 Abs. 1 lit. b GDPR (contract performance). Since Stripe Inc. processes data in the USA, it is certified under the EU-US Data Privacy Framework (DPF) to ensure an adequate level of data protection. For further details, please refer to Stripe's Privacy Policy (https://stripe.com/privacy).
6. Email Delivery via Resend
For sending system-relevant emails (e.g. password resets) and for the optional direct delivery of invoices to your clients, we use Resend (Resend Labs Inc., 315 Montgomery St, San Francisco, CA 94104, USA). In doing so, email addresses and invoice details are transferred to Resend. This service is used to perform our contract (Art. 6 Abs. 1 lit. b GDPR) and based on our legitimate interest in reliable email delivery (Art. 6 Abs. 1 lit. f GDPR). Resend Labs Inc. is certified under the EU-US Data Privacy Framework (DPF), and we have concluded Standard Contractual Clauses (SCC) to secure an adequate level of data protection.
7. Error Tracking via Sentry
To improve stability and troubleshoot our application, we use Sentry, a service provided by Functional Software Inc. (Sentry, 45 Fremont Street, San Francisco, CA 94105, USA). Sentry collects anonymized technical data in the event of an application crash (e.g. browser type, operating system, time of error, anonymized IP address). Sentry (Functional Software Inc.) is certified under the EU-US Data Privacy Framework (DPF). The legal basis is our legitimate interest in the technical optimization of our service (Art. 6 Abs. 1 lit. f GDPR).
8. Web Analytics & Tracking (GTM, GA4, Facebook Pixel)
This website uses Google Tag Manager (GTM) to manage analytics and tracking tags, as well as Google Analytics 4 (GA4) and the Facebook Pixel to optimize our services and for targeted advertising. GTM itself does not store any personal data – it only triggers other tags. GA4 and Facebook Pixel are loaded ONLY after your explicit consent via our cookie consent banner. The legal basis for this processing is your consent pursuant to Art. 6 Abs. 1 lit. a GDPR. You can withdraw your consent at any time with future effect by resetting your cookie settings (clear localStorage or open the page in incognito mode).
9. Your Rights as a Data Subject
Under the GDPR, you have the following rights: - Right of access (Art. 15) - Right to rectification (Art. 16) - Right to erasure ('right to be forgotten', Art. 17) - Right to restriction of processing (Art. 18) - Right to data portability (Art. 20) - Right to object (Art. 21) - Right to withdraw consent (Art. 7 Abs. 3) - Right to lodge a complaint with a supervisory authority (Art. 77) Competent Supervisory Authority: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany. To exercise these rights, you can contact us at any time via email at s.makarov.de@gmail.com.
