Privacy Policy
Status and purpose
Status: draft. This privacy policy explains how personal data may be processed in connection with Gutscheindirekt. The text must be reviewed and adapted to the actual technical setup before publication.
Privacy information cannot be copied blindly. It must reflect the real data processing, recipients, legal bases, retention periods, processors and tools used on the website and in the application.
1. Controller
Mauracher IT-Solutions GmbH, Arsenal 3/66, 1030 Vienna, Austria. Email: [email protected]. Phone: +43 660 9021954.
2. General information
Gutscheindirekt is a digital product of Mauracher IT-Solutions GmbH. Businesses can use Gutscheindirekt to create voucher shops, connect Stripe, sell vouchers online and automate voucher processes.
Depending on the use case, Mauracher IT-Solutions GmbH may act as controller or process personal data on behalf of a customer. When a business sells vouchers to its own end customers, that business may be responsible for certain processing activities towards those end customers.
3. Data processed
Depending on the use of Gutscheindirekt, processed data may include names, contact details, company data, login and account data, email addresses, phone numbers if provided, payment and transaction data, voucher data, voucher codes, recipient details, message texts and email content.
Technical data may include IP addresses, browser information, access times, log data, support requests, API data and integration data. The exact scope depends on configuration and actual use.
4. Purposes of processing
Data may be processed to provide the website, provide the voucher shop system, register and manage accounts, create and manage vouchers, process payments through Stripe, send voucher emails and PDFs, check technical status and retry failed steps.
Additional purposes may include support and communication, security, misuse prevention, fulfillment of legal obligations and improvement of the product.
5. Legal bases
Depending on the purpose, processing may be based on contract performance or pre-contractual measures, legitimate interests in secure and stable operation, legal obligations, consent where required or processing on behalf of a customer.
The actual legal bases must be checked and documented for the real implementation.
6. Hosting and server logs
When the website or application is accessed, technically necessary connection data may be processed. This can include IP address, date and time, requested URL, referrer, browser type, operating system and technical status codes.
This data is processed to provide the website and application securely, reliably and functionally. Hosting provider, server location and log retention must be inserted based on the actual infrastructure.
7. Account and registration
When an account is created, the data provided is processed to create, manage and secure the account. This may include name, email address, company data, login data, plan information and technical usage information.
8. Stripe
Stripe is used for payment processing. When payments are processed through Stripe, payment data may be transferred to or processed directly by Stripe. This may include payment amount, currency, payment status, transaction data, email address, billing data and technical payment information.
Card data is generally not stored directly by Gutscheindirekt, but processed by Stripe. The concrete Stripe products, configuration and data flows must be technically checked and described in the final privacy policy.
9. Voucher sale and email delivery
When a voucher is purchased, data of the buyer, recipient and voucher may be processed. This may include name, email address, voucher value, voucher code, message, purchase date, payment status and delivery status.
This data is processed to create, deliver, manage and later redeem the voucher. The email service provider and retention periods must be completed based on the actual setup.
10. API and integrations
If API, POS or third-party integrations are used, voucher and transaction data may be transmitted to connected systems. The exact scope depends on the integration and must be documented for each integration.
11. Cookies and similar technologies
The website and application may use cookies or similar technologies. Technically necessary cookies may be used for website operation, login, security and functionality.
Non-essential cookies, such as analytics or marketing cookies, are only used where a suitable legal basis exists, especially consent where required. Cookie banner provider, analytics tools and marketing tools must be completed or marked as not used.
12. Analytics
If analytics tools are used, processing may take place to analyze and improve the website and product. Tool, purpose, legal basis and retention period must be specified for the actual tool in use.
13. Contact and support
When users contact Mauracher IT-Solutions GmbH, the transmitted data is processed to handle the request. This may include name, email address, message, company context, technical information and communication history.
14. Processing on behalf of customers
Where Gutscheindirekt processes personal data on behalf of a customer, a data processing agreement will be concluded if legally required. Customers using Gutscheindirekt remain responsible for their own information duties towards end customers where they are controllers.
15. Recipients of data
Depending on use, data may be disclosed to hosting providers, email service providers, Stripe, support and communication tools, technical service providers, tax advisors, legal advisors, authorities where required and connected customer systems such as API or POS systems.
16. Third-country transfers
If service providers outside the EU or EEA are used, data transfers will only take place on the basis of appropriate safeguards or other legally permitted grounds. Concrete third-country providers must be listed in the final version.
17. Retention periods
Personal data is stored only as long as required for the respective purpose or as long as statutory retention obligations apply. Account data may be stored for the duration of the contract and legal retention periods. Payment and billing data may be stored according to statutory retention duties.
Voucher and transaction data may be stored according to redemption and retention requirements. Support data and logs require concrete retention periods based on the actual setup.
18. Rights of data subjects
Subject to legal requirements, data subjects may have rights of access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent and complaint to a data protection authority.
19. Data protection authority
If a data subject believes that processing violates data protection law, they may contact the competent data protection authority.
20. Privacy contact
For privacy requests, contact [email protected].