Privacy Policy

Introduction

This privacy policy informs you about the type, scope, and purpose of processing personal data when using the Shiftmaster.cloud software (the "Service").

1. Controller

The controller within the meaning of the GDPR is:

ichverstehs.net
Auf dem Höher Berg 10 / 53604 Bad Honnef
Germany

Email: info@shiftmaster.cloud

2. Subject matter of data protection

Personal data is the subject of data protection. This includes all information relating to an identified or identifiable natural person (e.g., name, email address, IP address).

3. Categories of data processed

When using the Service, the following personal data is processed in particular:

Master data: name, email address, username

Account and team data: roles, team memberships, on-call and shift assignments

Content data: shift schedules, comments, internal messages

Billing data: tariff, term, invoice information

Communication data: support requests, email correspondence

Technical data: IP address, timestamps, browser and system information, log data

4. Purposes of processing

Personal data is processed for the following purposes:

Provision, operation, and administration of the Service

Contract performance and billing

Organization and communication within teams

Support and technical assistance

Security, stability, and abuse prevention

Development and improvement of the Service

5. Legal bases

Processing is based on the following legal bases:

Art. 6(1)(b) GDPR - contract performance

Art. 6(1)(f) GDPR - legitimate interests (e.g., security, error analysis)

Art. 6(1)(c) GDPR - legal obligations (e.g., tax retention obligations)

Where consent is required, processing is based on Art. 6(1)(a) GDPR.

6. Cookies and similar technologies

6.1 The Service uses technically necessary cookies required for operation, authentication, sessions, and security functions.

6.2 Functional cookies may also be used, e.g., to store language settings.

6.3 Tracking or marketing cookies are not used unless explicitly indicated and consent is obtained.

7. Data sharing and recipients

7.1 Personal data is shared only to the extent necessary:

for contract fulfillment

to comply with legal obligations

with processors bound by instructions

7.2 Processors are contractually bound in accordance with Art. 28 GDPR.

7.3 Transfers to third countries occur only if legally permitted and appropriate safeguards are in place.

8. Storage duration

8.1 Personal data is stored only as long as necessary for the respective purposes.

8.2 Statutory retention obligations remain unaffected.

8.3 After contract termination, data is deleted unless legal obligations prevent this.

9. Data security

The provider implements technical and organizational measures in accordance with Art. 32 GDPR to protect personal data against loss, misuse, and unauthorized access.

10. Rights of data subjects

Data subjects have in particular the following rights:

Access (Art. 15 GDPR)

Rectification (Art. 16 GDPR)

Erasure (Art. 17 GDPR)

Restriction of processing (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Objection to processing (Art. 21 GDPR)

To exercise these rights, an informal notice to the controller is sufficient.

11. Right to lodge a complaint

Data subjects have the right to lodge a complaint with a data protection supervisory authority if they believe that the processing of their personal data violates the GDPR.

12. Changes to this privacy policy

This privacy policy may be updated if required for legal, technical, or organizational reasons.

Status: January 2026