Data protection / Datenschutzerklärung

1. Controller

The controller responsible for data processing in connection with this website and the kardia application is:

Your Company Name GmbH
Example Street 123
12345 Example City
Country
E-mail: privacy@example.com

2. Purposes and legal bases of processing

We process personal data in order to provide time tracking and shift planning functionality, fulfill contractual obligations towards our customers (Art. 6(1)(b) GDPR) and to fulfill legal retention and documentation duties (Art. 6(1)(c) GDPR).

3. Categories of data

Typical data categories processed in kardia include:

• Identification data (name, e-mail address, user account data)
• Work schedule data (planned shifts, roles, locations)
• Time tracking data (start and end times, breaks)
• Technical usage data (log files, IP addresses, device information)

4. Recipients and processors

We may use carefully selected processors (e.g. hosting providers, e-mail service providers) to operate kardia. With these processors we conclude data processing agreements in accordance with Art. 28 GDPR.

5. Data transfers to third countries

If data is transferred to recipients outside the EU/EEA, appropriate safeguards such as standard contractual clauses are used. Details should be documented here based on your actual setup.

6. Storage periods and deletion

Personal data is stored only as long as necessary for the purposes described above or as required by statutory retention obligations. Afterwards, data is deleted or anonymized.

7. Rights of data subjects

Data subjects have the right to access, rectification, erasure, restriction of processing, data portability and objection under the conditions of the GDPR. They also have the right to lodge a complaint with a supervisory authority.

8. Cookies and tracking

If you use cookies or similar technologies beyond what is technically necessary, please add details here (purposes, storage periods, consent mechanisms).