Data Protection

Privacy Policy

Your privacy is important to us. Here you can learn how we protect and use your data.

Privacy Policy

1. Controller

The responsible entity for data processing is:

gh0stservice GmbH
Else-Lang-Str. 10
50858 Cologne, Germany

Phone: +49 152 59647188
Email: datenschutz@gh0stservice.com

A data protection officer has not been appointed.

2. General information on data processing

gh0stservice GmbH processes personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Legal bases of processing:

  • Art. 6(1)(a) GDPR – consent (where granted)
  • Art. 6(1)(b) GDPR – performance of a contract and pre-contractual measures
  • Art. 6(1)(c) GDPR – compliance with legal obligations
  • Art. 6(1)(f) GDPR – legitimate interests (e.g., IT security, operation of the website)

Recipients / service providers (selection):

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany – hosting and system operation
  • Haufe-Lexware GmbH & Co. KG, Munzinger Str. 9, 79111 Freiburg, Germany – Lexware Office (invoicing/accounting)
  • DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany – DATEV (accounting and tax data)
  • Countful GmbH, c/o Willers, Winzererstr. 102, 80797 Munich, Germany – GoTESS (tax data transmission)
  • DDTax Steuerberatungsgesellschaft mbH, Mauritiussteinweg 41-43, 50676 Cologne, Germany – tax advisory

Where required, data processing agreements are in place. Tax advisors act under their own responsibility.

Third-country transfers:

There are currently no transfers to third countries outside the EU/EEA. If such transfers become necessary, they will only take place under the conditions of Art. 44–49 GDPR.

Retention:

Personal data is stored only as long as necessary to achieve the purposes or as required by statutory retention obligations. These include, in particular:

  • 6 years under § 257 HGB (commercial correspondence, invoices)
  • 10 years under § 147 AO (accounting records, tax documents)

3. Hosting and server log files

Our website is hosted by Hetzner Online GmbH in Germany. When the website is accessed, server log files are processed automatically, which may include:

  • IP address
  • date and time of the request
  • accessed page/file
  • status code
  • amount of data transferred
  • referrer URL
  • browser and operating system information

Purpose: ensure operation, error analysis, and IT security.
Legal basis: Art. 6(1)(f) GDPR.
Retention: log files are stored for 7 days and then deleted, unless security-related events require longer retention.

4. Contact

If you contact us by email or phone, we process the data you provide (e.g., name, contact details, content of the request).

Purpose: handling the request and, if applicable, initiating a contract.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Retention: for the duration of processing and in accordance with statutory retention periods.

5. Customer portal and authentication

For access to the customer portal, we use authentication via Keycloak. It is operated on our own infrastructure hosted in Germany (Hetzner Online GmbH). In particular, account and login data (e.g., user ID, email address, roles, login timestamps) are processed. Technically necessary cookies or comparable technologies may be used for session management.

Purpose: provision of the customer portal and system security.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

6. Contract and service processing

Within the contractual relationship, we process in particular:

  • Master data (e.g., name, company, address)
  • Contract data (e.g., scope of services, terms)
  • Usage and billing data (e.g., consumption, invoices)
  • Communication data (e.g., emails, tickets)

Purpose: contract performance and documentation.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

7. Payment processing and accounting

Payment and invoicing data are processed to handle payments and to comply with statutory obligations. In particular, Lexware Office, DATEV, GoTESS, and the tax advisor may be involved as service providers or recipients.

Purpose: payment processing, accounting, and tax obligations.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

8. Cookies and local storage

We use only technically necessary cookies or storage technologies (e.g., for login status or language settings). We do not use tracking or marketing cookies.

Legal basis (storage on the end device): § 25 (2) no. 2 TDDDG.
Legal basis (data processing): Art. 6(1)(b) and (f) GDPR.

9. Rights of data subjects

Under the GDPR, data subjects have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)

If consent has been given, it can be withdrawn at any time with effect for the future.

10. Right to lodge a complaint

Data subjects have the right to lodge a complaint with a data protection supervisory authority if they believe that the processing of their personal data violates the GDPR.

Competent authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
www.ldi.nrw.de

11. Obligation to provide data

The provision of personal data is necessary for initiating and performing contracts. Without this data, we generally cannot provide the requested services.

12. Automated decisions

There is no automated decision-making, including profiling.

13. Changes to this privacy policy

This privacy policy is updated as necessary to reflect legal or operational changes.

Last updated: 24.01.2026