German version (legally controlling): Datenschutzerklärung (DE)
1. Controller
Monovandi GmbH, Markweg 21, 72218 Wildberg, Germany
Email: datenschutz@monovandi.com
Commercial register: HRB 804518, Amtsgericht Stuttgart
Managing Director: Brian Hubbard
2. Data Protection Officer
No DPO has been appointed; the size and processing profile do not currently meet the threshold of § 38 BDSG / Art. 37 GDPR. Direct any data-protection request to datenschutz@monovandi.com.
3. What we process and why
3.1 Trial-license signup
- Data: company name, business email, optional partner referrer, consent record (terms version, timestamp, IP, user-agent).
- Purpose: issue and manage the trial license, identify the customer account, send the activation email.
- Lawful basis: Art. 6(1)(b) GDPR (pre-contractual measures / performance of the trial agreement).
- Retention: trial accounts kept 12 months after last login, then deleted. Consent records kept 3 years after end of relationship for evidence purposes.
3.2 Optional marketing contact
- Data: email address, consent record (double opt-in: request time and confirmation time, IP, user-agent).
- Purpose: sending product updates and offers.
- Lawful basis: Art. 6(1)(a) GDPR and § 7(2) Nr. 3 UWG (consent). You can withdraw at any time via the unsubscribe link in any marketing email or by writing to datenschutz@monovandi.com.
3.3 Bot protection (Cloudflare Turnstile)
- Data: IP, browser headers, technical bot-detection signals.
- Purpose: defend the signup form against automated abuse.
- Lawful basis: Art. 6(1)(f) GDPR (our legitimate interest in platform security and integrity).
3.4 Server logs
- Data: shortened IP, timestamp, URL, status, referrer, user-agent.
- Purpose: service delivery and attack detection.
- Retention: max 30 days.
4. Recipients and processors
Full list at Sub-processors. Key recipients:
- Cloudflare, Inc. — hosting, Workers, D1, R2, Pages, Turnstile. Processor under Art. 28 GDPR. Some processing happens in the United States. Transfers rely on the EU Standard Contractual Clauses (Commission Decision 2021/914, Module 2) plus supplementary technical and organisational measures (encryption in transit and at rest, transfer impact assessment).
- Transactional email provider — listed in the sub-processor page once selected.
5. International transfers
Where data reach the US (Cloudflare above), Standard Contractual Clauses (Module 2) apply, supplemented by the EDPB-recommended measures following the Schrems II ruling. A copy of the relevant safeguards is available on request.
6. Cookies and similar storage
We do not set tracking or analytics cookies. The browser only stores strictly necessary values (session token after login, Turnstile state), which do not require consent under § 25(2) TDDDG.
7. Your rights
You can exercise the following GDPR rights:
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17)
- Restriction (Art. 18)
- Portability (Art. 20)
- Objection (Art. 21)
- Withdrawal of consent for the future (Art. 7(3))
Write to datenschutz@monovandi.com. We respond within one month (Art. 12(3) GDPR).
8. Right to lodge a complaint
You may complain to a data-protection supervisory authority. Ours is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a, 70173 Stuttgart, Germany
baden-wuerttemberg.datenschutz.de
9. Changes to this policy
We update this policy when our processing changes. The current version is dated and versioned at the top of this page.