Privacy Policy
Last updated: January 2025
1. Data Controller
MONUZ
[Full Name / Company Name]
[Street Address]
[Postal Code, City]
Germany
Email: [email protected]
Phone: [Phone Number]
2. Overview of Data Processing
This overview summarizes the types of data we process and the purposes of processing.
Types of Data Collected
- Identity data (e.g., names, company names)
- Contact data (e.g., email addresses, phone numbers)
- Content data (e.g., problem descriptions, inquiries)
- Usage data (e.g., pages visited, access times)
- Technical data (e.g., IP addresses, browser type)
- Payment data (e.g., transaction data processed via Stripe)
Categories of Data Subjects
- Prospective clients and business partners
- Customers and clients
- Website visitors
3. Legal Basis for Processing
We process your personal data only when permitted under the GDPR:
- Consent (Art. 6(1)(a) GDPR): When you have given explicit consent.
- Contract Performance (Art. 6(1)(b) GDPR): When processing is necessary for contract fulfillment.
- Legal Obligation (Art. 6(1)(c) GDPR): When we are subject to a legal obligation.
- Legitimate Interests (Art. 6(1)(f) GDPR): When processing serves our legitimate interests.
4. Data Collection on Our Website
4.1 Contact Form / Inquiries
When you contact us via our contact form, we collect:
- Email address
- Problem description / inquiry
- Timestamp of submission
- Language preference
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in processing inquiries).
Retention period: Inquiries are retained for up to 3 years after completion, unless longer retention is required by law.
4.2 Appointment Booking (Cal.com)
For appointment scheduling, we use Cal.com. When booking, we collect:
- Name
- Email address
- Selected appointment time
- Any additional information you provide
Legal basis: Art. 6(1)(b) GDPR.
Cal.com Privacy Policy: cal.com/privacy
5. Contract Processing and Customer Management
5.1 Customer Data
For contract initiation and fulfillment, we process:
- Company name
- Contact person (name, position)
- Email address
- Phone number
- Problem description / project requirements
Legal basis: Art. 6(1)(b) GDPR.
Retention period: 10 years after contract termination (commercial and tax law requirements).
5.2 CRM System (Airtable)
For customer management, we use Airtable (Formagrid Inc., USA). Data is processed on servers in the EU and/or USA.
Legal basis: Art. 6(1)(b) and (f) GDPR.
Privacy Policy: airtable.com/privacy
6. Payment Processing
For payments, we use Stripe (Stripe, Inc., USA / Stripe Payments Europe Ltd., Ireland).
During payment processing, the following data is processed:
- Payment details (credit card data is processed directly by Stripe)
- Billing address
- Transaction data
Legal basis: Art. 6(1)(b) GDPR.
Privacy Policy: stripe.com/privacy
7. Email Communication
For transactional emails (e.g., confirmations, invoices), we use Resend (Resend, Inc., USA).
Legal basis: Art. 6(1)(b) and (f) GDPR.
Privacy Policy: resend.com/legal/privacy-policy
8. Automation Services
8.1 n8n (Workflow Automation)
We use the self-hosted automation platform n8n for workflow processing. All data remains on our own servers in Germany.
Legal basis: Art. 6(1)(b) and (f) GDPR.
8.2 AI Services (OpenAI)
To provide our automation services, we may use AI services from OpenAI. Only data necessary for the specific automation is processed.
Legal basis: Art. 6(1)(b) GDPR.
Privacy Policy: openai.com/privacy
8.3 Telephony Services (optional)
For automations involving phone calls, we may use services like Retell or Vapi. This only occurs upon explicit agreement within the respective project.
Legal basis: Art. 6(1)(b) GDPR.
9. Third-Party Processors and International Transfers
We use the following data processors:
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Stripe | Stripe Payments Europe | EU/USA | Payment processing |
| Airtable | Formagrid Inc. | USA | CRM |
| Cal.com | Cal.com, Inc. | EU/USA | Appointment booking |
| Resend | Resend, Inc. | USA | Email delivery |
| OpenAI | OpenAI, L.L.C. | USA | AI processing |
For transfers to the USA, we rely on:
- The EU-US Data Privacy Framework (where certified)
- Standard Contractual Clauses (SCCs) approved by the EU Commission
- Supplementary technical and organizational measures
10. Data Retention
- Inquiries: 3 years after completion
- Contract data: 10 years after contract termination
- Invoice data: 10 years (tax retention requirements)
- Server logs: 30 days
11. Your Rights
You have the following rights regarding your personal data:
- Right of Access (Art. 15 GDPR): You can request information about your processed data.
- Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate data.
- Right to Erasure (Art. 17 GDPR): You can request deletion of your data, unless legal retention obligations apply.
- Right to Restriction (Art. 18 GDPR): You can request restriction of processing.
- Right to Data Portability (Art. 20 GDPR): You can request your data in a structured format.
- Right to Object (Art. 21 GDPR): You can object to processing of your data.
- Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw consent at any time.
To exercise your rights, please contact us at: [email protected]
12. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:
[Insert competent state data protection authority, e.g.:]
State Commissioner for Data Protection and Freedom of Information
[German State]
13. Data Security
We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments.
14. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in legal requirements or our services. The current version is always available on our website.