Privacy Policy
Transparency and Data Protection
This Privacy Policy explains how personal data is processed in connection with this platform and the services offered through it. The platform is technically operated by Maped Solutions (sole proprietorship).
Overview
Protecting personal data is important to us. This Privacy Policy explains who is responsible for data processing, for which purposes data is processed, and what rights users have.
For the service relationship with end users, the respective client will usually act as the controller within the meaning of Art. 4(7) GDPR.
Maped Solutions (sole proprietorship) supports the technical operation of the platform and may act, depending on the processing context, as a processor, an independent controller, or a joint controller.
The platform uses a global base account structure for authentication, security, and technical account administration; service-specific profiles and operational relationships are managed separately for each client or service.
Depending on the specific processing activity, legal bases may in particular include Art. 6(1)(a), (b), (c), and (f) GDPR.
Transfers outside the EEA take place only where necessary and subject to appropriate safeguards.
The specific data protection role of Maped Solutions depends on the respective processing context.
Maped Solutions can act as its own responsible entity for platform-wide functions such as authentication, security, and technical operation.
For the processing of personal data in connection with the services offered by the respective customer, Maped Solutions generally acts as a data processor on behalf of the respective customer.
In some cases, joint responsibilities may also exist.
Roles and data protection responsibilities
Role of the respective client
Where personal data is processed for the initiation, performance, and administration of the specific service offered, the respective client will generally be the controller. This includes, in particular, the operational handling of users, requests, appointments, work orders, billing, and similar service-related processes.
Role of Maped Solutions (sole proprietorship)
Maped Solutions technically operates the platform and supports secure operation, authentication, infrastructure, abuse prevention, and protective measures. In these contexts, Maped Solutions may, depending on the specific processing activity, act not only as a processor but also as an independent controller or joint controller. It would therefore be inaccurate to describe all processing as being carried out exclusively on the client’s instructions.
Global accounts and service-specific profiles
The platform may use a central base account structure so that the same person can authenticate across multiple services or clients. However, separate relationships and profiles are maintained within each individual service. A profile for one service is therefore not automatically identical to all other uses of the platform.
Purposes and Legal Bases
Personal data is processed exclusively for lawful and clearly defined purposes.
Service delivery and user management
Examples:
user accounts, service requests, communication, invoicing
Legal basis:
Art. 6(1)(b) GDPR
Legal obligations
Examples:
tax and accounting retention obligations
Legal basis:
Art. 6(1)(c) GDPR
Platform security and operation
Examples:
server logs, abuse prevention, system security
Legal basis:
Art. 6(1)(f) GDPR
Categories of Data
Depending on platform usage, the following data may be processed:
Identification and contact data (name, email address, phone number, address).
Account and security data (encrypted passwords, roles, language settings).
Platform authentication account data.
Service request data (descriptions, locations).
Contractual and payment data (invoices, payments via third parties).
Technical data (IP address, device information, server logs, strictly necessary cookies).
Purpose-bound minimum data in individual technical datasets (e.g. for documentation, billing or fulfillment of legal obligations).
Third-Party Service Providers
This overview refers to technical providers that may be required to operate the platform (e.g., hosting, email delivery, payment processing).
No providers are used for analytics or marketing.
| Provider | Purpose | Region | Privacy Policy |
|---|---|---|---|
| Vercel | Frontend hosting and operations, technical logs | Global (region-dependent) | Privacy Policy |
| Cloudflare R2 | Storage and delivery of static assets | Global (region-dependent) | Privacy Policy |
| Render | Backend hosting, technical logs | Global (region-dependent) | Privacy Policy |
| MongoDB Atlas | Database hosting | Global (region-dependent) | Privacy Policy |
| SendGrid | Email delivery | Global (region-dependent) | Privacy Policy |
Security Measures
Appropriate technical and organizational measures pursuant to Art. 32 GDPR are implemented, including encrypted passwords, secure data transmission (HTTPS/TLS), role-based access control, and firewall/CDN protection.
Cookies and comparable technologies
This platform currently uses only strictly necessary cookies and comparable technical storage and access technologies. Where such technologies are required for authentication, security, session control, language settings, or other strictly necessary functions, they are used to ensure the secure operation of the platform. Analytics or tracking functions are not currently used. If non-essential statistics or analytics functions are introduced in the future, they will be used only on the legal basis required for that purpose, in particular after prior consent where required.
View Cookie PolicyYour Rights
Data subjects have the following rights under the GDPR:
Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18).
Data portability (Art. 20), objection (Art. 21).
Withdrawal of consent (Art. 7(3)) where processing is based on consent.
Right to lodge a complaint with a supervisory authority (Art. 77).
Requests should generally be addressed to the respective data controller. Maped Solutions may provide technical assistance in handling such requests, in particular where they relate to platform-wide authentication, security, or account administration. We may request identification and generally respond, or assist with the response, within one month.
Deletion of a service-specific account
If you delete your account for a specific service or client, the related service-specific profile will generally be deleted and the active relationship with that service will be ended or deactivated. Any underlying base account structure used for authentication, or other active relationships with other clients or services, will generally remain unaffected. Where other functional domains still require minimal residual data, for example for invoicing, legal documentation, evidentiary purposes, or statutory retention obligations, only the data necessary for that separate purpose will be retained. Such residual data will not be used to recover or reactivate the deleted profile.
Data Retention
Personal data is retained only for as long as necessary for the relevant purpose. If a service-specific profile is deleted, that profile and the related active service relationship will generally be removed or deactivated. Where other functional domains require minimal snapshots or residual records for legal, evidentiary, documentation, or billing purposes, only that purpose-bound data will be kept for the required retention period. Such residual data is not sufficient to reconstruct the deleted profile.
The specific storage duration depends in particular on:
statutory retention obligations
billing-related requirements
as well as the need to assert or defend legal claims.
Once these purposes cease to apply, data will be deleted or, where possible, anonymized.
Additional Information under Art. 13 GDPR
Requirement to provide data
Providing personal data is necessary to use the platform. Without this data, registration and use of the services are not possible.
Data sources
We process data you provide as well as technical usage data generated when using the platform (e.g., log files).
Automated decision-making
No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place.
Privacy contact
If a Data Protection Officer is appointed, their contact details will be provided in the Imprint or upon request.
International Data Transfers
If personal data is processed outside the EEA, this occurs exclusively with appropriate safeguards, in particular the Standard Contractual Clauses approved by the European Commission. Where necessary, supplementary technical, contractual, or organizational measures are implemented to ensure an adequate level of data protection.
Changes to this Privacy Policy
This Privacy Policy may be updated for legal or operational reasons.