Privacy policy
1. Privacy at a glance
This notice provides an overview of what happens to your personal data when you use PakPruvo at pakpruvo.eu — including the landing page, the admin area, and public QR product pages.
Personal data is collected when you provide it to us (e.g. during registration or login) or when you use the service technically (e.g. through cookies or local browser storage).
Some data is used to provide the service reliably; other data is used to manage your account, tenant, and — for paid plans — billing.
You have the right to access, rectify, erase, restrict processing, and data portability. Please contact the address given in the legal notice (Impressum).
2. General information and mandatory disclosures
Controller: dmv daten- und medienverarbeitung, owner Beate Zöllner, In der Esmecke 31, 59846 Sundern, Germany. Phone: 02933 / 79030. Email: contact@pakpruvo.eu
You may withdraw consent to data processing at any time by informal email.
If you believe your data protection rights have been violated, you may lodge a complaint with the supervisory authority: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), https://www.ldi.nrw.de
You have the right to receive data we process on the basis of your consent or for contract performance in a machine-readable format, or to have it transferred to another controller.
Our website uses SSL/TLS encryption for confidential content. Operations are primarily on servers in Germany. Some sub-processors may process data in third countries; see section 4.
3. Data collection on pakpruvo.eu
Cookies and local storage: For language selection on the landing page and in the admin area we set NEXT_LOCALE; on public QR product pages PUBLIC_LOCALE and PUBLIC_CONTENT_LOCALE. For the colour scheme we use the mantine-color-scheme-value cookie (supplemented by localStorage/sessionStorage). After you sign in to the admin area, we set an httpOnly authentication cookie (pip_refresh) so you remain signed in without exposing refresh tokens to JavaScript in the browser. You can control or disable cookies in your browser; some features may then be limited.
Web analytics: On the landing page, FAQ, and registration pages we may use cookieless web analytics (Umami) to collect aggregated usage statistics. No analytics cookies are set and no cross-site user profiles are created. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical optimisation and measuring reach of our offering).
Registration and login: When you register and use the admin area, we process the data you provide (e.g. company name, email, display name) and usage/log data to provide the service. Processing is based on contract performance or pre-contractual measures.
Billing: For paid plans, we process billing and contract data (e.g. selected plan, billing period, payment status). Payment data (e.g. card number) is processed directly by Stripe; we do not receive full card numbers from Stripe.
Enterprise contact form: When you request an initial consultation via the landing page contact section, we process the data you enter (first and last name, company, email, optional phone and message) based on your consent to be contacted. The purpose is to handle your enquiry. Enquiry content is sent to our internal mailbox by email and retained there according to our internal processes. To document your consent, we additionally store your email address, language, timestamp, and IP address and browser identifier in the application database. You receive an automatic confirmation email.
Contract data: We process tenant and user data for contract performance and delete it after the contract ends or statutory retention periods expire, unless further storage is required.
4. Sub-processors
We use carefully selected service providers that process personal data on our behalf:
Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany — hosting, operation of the application, and sending registration, confirmation, and system emails via SMTP configured on Hetzner infrastructure. Processing takes place in Germany. Legal basis: Art. 28 GDPR (processing agreement).
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland — payment processing, subscription management, and customer portal for paid plans. Legal basis: Art. 6(1)(b) GDPR (contract performance). Stripe may also process data in third countries (in particular the USA); appropriate safeguards (e.g. EU Standard Contractual Clauses) are used. Privacy notice: https://stripe.com/privacy
Where we use AI-assisted features, additional sub-processors may be involved. These are named in the application or updated privacy notices before such features are used.
We conclude Art. 28 GDPR agreements with all processors or ensure comparable safeguards are in place.
For tenants processing personal data via PakPruvo, we provide a DPA template: https://pakpruvo.eu/dpa
5. Automated processing, analysis, and AI
PakPruvo performs rule-based automated checks — e.g. whether mandatory fields are present for publication or whether declarations of conformity can be generated. Your entered product data is evaluated; no automated decision within the meaning of Art. 22 GDPR with legal effect against you is made.
Documents (e.g. conformity declaration PDFs) or technical outputs (e.g. QR codes, product pages) may be generated automatically from your data. This serves contract performance.
Where we offer AI-assisted features, you are transparently informed in the application when content is suggested or generated automatically. Inputs used for such features are processed only as required to provide the respective feature.
You are not obliged to adopt automated or AI-assisted suggestions. Responsibility for review and approval before publication or disclosure lies with the respective customer or user.
6. Objection to promotional emails
We object to the use of contact data published in the legal notice (Impressum) for sending unsolicited advertising and information material. We reserve the right to take legal action in the event of violations.