1. Controller

The controller within the meaning of the GDPR is:

iwAcy. Holding UG (limited liability)

Represented by Björn Suhr & Lars Bierwolf

Am Fischmarkt 13A, 18439 Stralsund

E-mail: founder@iwacy.company (no support)

Phone: +49 (0) 160 99807587

You can find more information about our company in the Legal Notice.

  1. Types of Data Processed

Depending on your use of our services, we process the following categories of personal data:

Master data: Name, address, email address, telephone number, company information (HRB, tax number, domain information).

Payment data: Bank details, credit card information, invoicing and accounting data.

Server and usage data: IP addresses, log files, device information, timestamps, user activities in our systems.

Communication data: Contents of support tickets, chats, emails.

  1. Purposes and Legal Bases of Processing

We process personal data based on the GDPR:

Performance of a contract (Art. 6(1)(b) GDPR): Provision of hosting, cloud, and other software services.

Legal obligation (Art. 6(1)(c) GDPR): Retention of e.g. invoicing and accounting records (10 years).

Legitimate interests (Art. 6(1)(f) GDPR): IT security, fraud prevention, system and server logs, spam protection.

Consent (Art. 6(1)(a) GDPR): Only when explicitly required (e.g., for optional functions in apps).

  1. Your Rights

As a data subject, you have the following rights:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)

Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact us by e-mail: founder@iwacy.company

  1. Data Security

We take appropriate technical and organizational measures (TOMs) to protect your data. These include:

Encryption of communication (TLS/HTTPS)

Access controls and permission management

Regular backups (daily, weekly, monthly, quarterly snapshots)

Monitoring our systems for security incidents

  1. Storage Period and Deletion

6.1 Storage

We store your personal data only as long as necessary to fulfill the purposes for which it was collected, or as long as statutory retention periods apply. After the purpose of processing no longer applies, your data will be deleted or anonymized.

6.2 Anonymization

In some cases, we anonymize personal data so that it can no longer be linked to a person. This anonymized data may continue to be used for statistical or analytical purposes.

6.3 Deletion after withdrawal

If you withdraw your consent or object to the processing of your data, we will delete the respective data immediately unless legal retention obligations apply. Please note that in such cases, your account may need to be deactivated prematurely and you may lose access.

  1. Transfer to Third Parties / Processors

If we transfer your personal data to countries outside the EU or EEA, we ensure that data protection is safeguarded through appropriate measures such as standard contractual clauses or participation in data protection frameworks such as the EU-US Privacy Shield. Currently, no data is processed by third parties.

  1. Hosting

The hosting of all other systems is carried out entirely by BLS hosting. BLS hosting is an affiliated subsidiary of iwAcy. Holding UG (limited liability).

  1. Communication

Support & contact: Requests via chat, ticket system, or email are stored by us to process your inquiry.

System emails: We only send system-critical emails (e.g., invoices, notifications, security information). No advertising emails are sent.

  1. Use of Our Software & Apps

When using our software and apps, additional permissions may be required.

These permissions are used solely to provide the respective function and will be communicated beforehand.

  1. Cookies & Analytics

Cookies: We use technically necessary cookies (e.g., for login sessions).

Analytics: We use BLS analytics. Only anonymized data is processed; no personal profiles are created.

A cookie banner is currently not required, as no optional tracking cookies are used.

  1. Automated Decisions & Profiling

Fraud checks: We use automated checks (e.g., to detect suspicious activity). However, these have no legal effect and serve only as indicators for our administrators.

No legally significant profiling or automated decision-making with direct legal effect takes place.

  1. Data Breaches

Should a data breach occur despite all security measures, we have implemented internal procedures to detect, report, and handle such incidents.

Affected individuals and the competent authorities will be informed in accordance with legal requirements (Art. 33, 34 GDPR).

  1. Right to Lodge a Complaint

If you have complaints regarding data protection, you may contact:

The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Vorpommern

Werderstraße 74a

19055 Schwerin

E-mail: info@datenschutz-mv.de

  1. Changes

We reserve the right to amend this privacy policy as needed. We will inform you of any significant changes on our website and within our software.

  1. Contact

For questions regarding data protection, please contact:

iwAcy. Holding UG (limited liability)

Björn Suhr

E-mail: founder@iwacy.company

Last updated: 01.12.2025