Privacy policy

Last updated: [date to be filled by the operator]

This policy describes the actual technical processing performed by the website. Before publication, the operator must add the company name, the data-protection contact address, and any active CRM recipient, and have the document reviewed by counsel.

Controller

The controller within the meaning of Article 4(7) GDPR is [Company name], [address]. Send data-protection requests to privacy@mnusoftware.com.

Hosting and infrastructure

This site runs on Cloudflare Workers. Content and form payloads are processed in the Cloudflare 'WEUR' (Western Europe) region. Cloudflare acts as a processor under a Data Processing Addendum. Where data is transferred to the United States, the EU-US Data Privacy Framework applies.

Cookies

We set only a strictly necessary cookie ('NEXT_LOCALE') that stores your language preference. No consent is required because the cookie is essential to deliver the requested content (§25 (2) TTDSG / GDPR Art. 6(1)(f) for legitimate interest). No tracking or advertising cookies are used.

Server logs

Cloudflare records technical access data by default (IP address, user agent, timestamp, requested URL, HTTP status). These logs help defend against abuse and are retained according to Cloudflare's standard settings.

Contact form

When you submit the contact form we process your first and last name, business email, company, optional role, industry, number of sites, area of interest, and your message. The legal basis is Article 6(1)(b) GDPR (pre-contractual measures) and/or Article 6(1)(f) GDPR (legitimate interest in handling business enquiries). Submissions are stored in a Cloudflare D1 database in the EU region.

Retention

Enquiry data is deleted once the purpose of processing no longer applies — at the latest 24 months after the last contact, unless a contractual relationship arises or statutory retention obligations (e.g. §147 AO, §257 HGB) require longer storage.

CRM forwarding

If we operate a CRM system (e.g. HubSpot, Pipedrive), form payloads are also forwarded to it. CRM providers act as processors under a DPA. [If active: name the provider and its registered office here.]

Your rights (Art. 15–21 GDPR)

You have the right of access, rectification, erasure, restriction of processing, data portability, and objection. Send informal requests to the controller address above. We respond within the statutory one-month deadline.

Right to complain

You may lodge a complaint with a data-protection supervisory authority — in Germany, the authority of the federal state in which [Company name] is registered.

Changes to this policy

We update this policy when processing activities or legal requirements change. The current version is always shown at the top of this page.