Privacy Policy

1. Controller

The controller responsible for data processing on this website and within the ZentraLink application is:

Leon Petersen
Am Schwalbennest 21
04205 Leipzig
Germany
Email: support@zentralink.net

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. General information

Personal data is any data that can be used to identify you personally. We process personal data only to the extent necessary to provide the website and the application and to fulfil our contractual and legal obligations. Processing is carried out in accordance with applicable data protection law, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

3. Your rights

With regard to your personal data you have the following rights:

• the right of access to the data stored about you (Art. 15 GDPR),
• the right to rectification of inaccurate data (Art. 16 GDPR),
• the right to erasure (Art. 17 GDPR),
• the right to restriction of processing (Art. 18 GDPR),
• the right to data portability (Art. 20 GDPR),
• the right to object to processing (Art. 21 GDPR),
• the right to withdraw a given consent with effect for the future (Art. 7(3) GDPR).

To exercise your rights, or for any questions regarding data protection, please contact support@zentralink.net.

Independently of this, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement. The supervisory authority responsible for the controller is the Saxon Data Protection Commissioner (Sächsische Datenschutzbeauftragte), Devrientstraße 1, 01067 Dresden, Germany.

4. Legal bases for processing

Where we process personal data, we do so on the following legal bases: the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), compliance with legal obligations (Art. 6(1)(c) GDPR), your consent (Art. 6(1)(a) GDPR), and our legitimate interest in a secure and functional service (Art. 6(1)(f) GDPR).

5. Hosting

This website and the ZentraLink application are hosted with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in a data centre within the European Union (Germany). The hosting provider processes, on our behalf, data that arises in connection with the use of the website — in particular access data and server log files. A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider. The legal basis is our legitimate interest in a secure and reliable service (Art. 6(1)(f) GDPR).

6. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” prefix in your browser's address bar. When encryption is active, the data you transmit to us cannot be read by third parties.

7. Server log files

When the website is accessed, information transmitted by your browser is automatically stored in server log files. This includes: IP address, date and time of access, the page accessed, the volume of data transferred, browser type and version, operating system and the previously visited page (referrer). This data is not merged with other data sources; it serves to ensure trouble-free operation and to defend against attacks. The legal basis is Art. 6(1)(f) GDPR. The data is deleted as soon as it is no longer required for the purpose of collection.

8. Cookies

ZentraLink uses strictly necessary cookies only. No cookies are used for analytics, marketing or tracking purposes; a cookie banner is therefore not required. Specifically, we use:

• a session cookie for signing in to the dashboard (httpOnly),
• a cookie to confirm your email address during registration,
• a cookie to store the selected language,
• a cookie to store the selected appearance (light/dark),
• a cookie to store the billing period selected during checkout.

The legal basis for these strictly necessary cookies is Section 25(2) TDDG and Art. 6(1)(f) GDPR. You can configure your browser to reject or delete cookies; in that case some functions — in particular signing in — cannot be used.

9. Registration and user account

Using the ZentraLink application requires the creation of a user account. In doing so we process the data you provide: first and last name, email address, password (stored solely as a cryptographic hash), and where applicable company name, address, country and phone number, the selected language, and the legal consents you grant (terms of service, privacy and, where applicable, data processing) with a timestamp. This data is required to establish and perform the usage relationship. The legal basis is Art. 6(1)(b) GDPR.

10. Email address confirmation

As part of registration we send a confirmation code to the email address you provided. The code is stored only in hashed form and for a limited time; it serves as proof that the email address belongs to you. The legal basis is Art. 6(1)(b) and (f) GDPR.

11. Contact form and enquiries by email

If you contact us via the contact form or by email, we process the data you provide (first and last name, email address, where applicable company name and phone number, subject and content of your message) in order to handle your enquiry. To prevent abuse, we additionally store the IP address and the browser identifier (user agent) of the sending device. The legal basis is Art. 6(1)(b) GDPR where the enquiry serves to initiate a contract, otherwise Art. 6(1)(f) GDPR. The data remains with us until your enquiry has been fully dealt with and no statutory retention obligations apply.

12. Billing and payment processing

For paid subscriptions we process billing and payment data: billing address, where applicable VAT identification number, the chosen plan, and invoices and payment status. The legal basis is Art. 6(1)(b) GDPR; for the statutory retention of invoices, Art. 6(1)(c) GDPR in conjunction with commercial and tax retention periods.

Payments are processed by the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands. When you make a payment, the payment data required for this (e.g. card or account details) is transmitted directly to Mollie and processed by Mollie; full payment data is not stored on our servers. Mollie's privacy terms apply in addition: https://www.mollie.com/privacy. The legal basis is Art. 6(1)(b) GDPR.

13. Sending of emails

To perform the usage relationship we send transactional emails to you, for example to confirm registration, for security and account notices, for invoices, and for notifications you have subscribed to. Emails are sent via the email service of STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany, with which a data processing agreement pursuant to Art. 28 GDPR is in place. The legal basis is Art. 6(1)(b) GDPR. No promotional newsletter is sent.

14. Activity logging within the account

To make security-relevant events traceable and to protect your account, we log certain actions within the application — such as sign-ins and sign-outs and changes to account and security settings — together with a timestamp, IP address and browser identifier. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest is the security of the platform.

15. Storage period

We store personal data only for as long as is necessary for the respective purpose. Account data is stored for the duration of the usage relationship and deleted after it ends, unless statutory retention obligations apply. Billing-related documents are retained in accordance with commercial and tax retention periods (generally six or ten years).

16. No analytics or tracking services

ZentraLink does not use any analytics, audience-measurement or behavioural tracking services, either on the website or within the application. No profiling takes place, and no personal data is transmitted to advertising networks.

17. Currency and changes to this privacy policy

This privacy policy reflects the status indicated above. As the application evolves or in response to changes in legal requirements, it may become necessary to amend this privacy policy. The current version is always available on this page.