Privacy Policy

Alexander Bryant

Lauerstraße 8

69117 Heidelberg

Phone: +49 160 7270899

Email: alexander.bryant2718@gmail.com

We process personal data only insofar as this is necessary to provide our software and to fulfil statutory obligations. In detail:

Personal data is only disclosed where this is required by law or necessary for the performance of a contract:

• Tax advisor (for payroll accounting and bookkeeping)
• Statutory health insurance funds (social security notifications)
• German Pension Insurance (immediate notifications, contribution statements)
• Tax office (payroll tax filings)
• Hosting provider / IT service providers (under a data processing agreement)
• Open-Meteo GmbH, Bremen, Germany (weather data via api.open-meteo.com for shift-planning weather widgets; no third-country transfer, no DPA required — see §4a)

To support shift planning, the dashboard, terminal, operational calendar and coverage view display current weather data (temperature, precipitation, weather code for the restaurant location).

The weather data is sourced from:

Data transmitted: Restaurant geo coordinates (statically configured, no live GPS), end-device IP address on direct client fetch (dashboard widget), user agent, HTTP referer (app subdomain). For terminal weather and the 8-day forecast, the request runs server-side (server action weather.actions.ts) so that only the application server's IP — not the individual employee IP — is sent.

Recipient location: Bremen, Germany. No third-country transfer (Art. 44 GDPR not triggered).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in weather-driven shift and demand planning typical for hospitality operations). IP addresses are considered personal data under BGH I ZR 90/20 and CJEU C-582/14 (Breyer); disclosure is therefore made in accordance with Art. 13(1)(e) GDPR.

Per Open-Meteo's own privacy notice (open-meteo.com/en/terms), no personal data of end users is retained. No tracking, no cookies, no profiling. The weather data licence is CC-BY 4.0; attribution is rendered via the in-app WeatherAttributionFooter.

Our primary hosting and database infrastructure is located in Germany (Hetzner Online GmbH, Nuremberg/Falkenstein). However, some optional third-party services we rely on involve transfers outside the EEA and are therefore only activated when required:

• Twilio Inc. (USA) — SMS delivery (shift reminders, password resets). Legal basis: EU Standard Contractual Clauses (SCC 2021/914). Transfer only if a phone number is configured.
• Functional Software Inc. (Sentry, USA) — Error tracking for technical errors. PII is filtered before transmission (see section on error logs below). Legal basis: SCC.
• SumUp Payments Ltd. (Ireland, EEA) — Card payment terminals. No third-country transfer under GDPR Art. 44.
• fiskaly GmbH (Austria/Germany, EEA) — TSE signing service (§146a AO compliance). No third-country transfer.

An up-to-date list of sub-processors with country of processing is maintained in our data processing agreement (DPA), which is available on request. We continuously evaluate EU-based alternatives (see German version, section 11a).

Personal data is deleted as soon as the purpose of processing no longer applies and no statutory retention obligations prevent deletion. The following retention periods apply:

• Payroll records, wage accounts: 6 years (Section 41(1) EStG)
• Accounting vouchers: 8 years (Section 147(1) No. 4 AO, reduced from 10 to 8 years as of 2025)
• Working time records: 2 years (Section 16(2) ArbZG)
• IfSG briefing records: duration of employment + 12 months
• Immediate notifications (Sofortmeldungen): 5 years (Section 28f(1) SGB IV)
• Contracts: 3 years after contract end (standard limitation period, Section 195 BGB)
• GPS location data: 7 days after capture (geofence result is retained)
• Chat messages: duration of employment + 30 days

After expiry of the statutory retention periods, data is automatically deleted or anonymised.

In the context of personnel management, special categories of personal data within the meaning of Art. 9(1) GDPR may be processed. This concerns in particular:

• Health data: Sick notes and certificates of incapacity for work as part of absence management (EFZG).
• Health certificates (IfSG): Certificates pursuant to Section 43 IfSG, which are legally required for work in the gastronomy sector.
• Pregnancy status (MuSchG): Information regarding maternity protection for compliance with employment prohibitions and protection periods under the Maternity Protection Act.

Legal basis: Art. 9(2)(b) GDPR in conjunction with Section 26 BDSG (processing for the purposes of the employment relationship, insofar as this is necessary for the exercise of rights or the fulfilment of legal obligations arising from employment law, social security law, and social protection law).

The provision of your personal data is partly required by law (e.g. working time recording under Section 16 ArbZG, health certificate under Section 43 IfSG) and partly necessary for the performance of the contract (e.g. shift scheduling, payroll). Without the provision of the required data, we cannot provide our contractual services.

GPS location recording is voluntary (consent); non-provision has no negative consequences -- time recording works without GPS.

You have the following rights vis-a-vis the data controller regarding your personal data:

• Right of access (Art. 15 GDPR) -- You may request information about the data we process about you.
• Right to rectification (Art. 16 GDPR) -- You may request the correction of inaccurate data.
• Right to erasure (Art. 17 GDPR) -- You may request the deletion of your data, provided no statutory retention obligations apply.
• Right to restriction of processing (Art. 18 GDPR) -- You may request the restriction of processing.
• Right to data portability (Art. 20 GDPR) -- You may request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR) -- You may object to the processing of your data insofar as it is based on Art. 6(1)(f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR) -- Where processing is based on consent, you have the right to withdraw it at any time. The withdrawal does not affect the lawfulness of the processing carried out prior to the withdrawal.

To exercise your rights, please contact: alexander.bryant2718@gmail.com

For data portability requests, we provide your data in a commonly used, machine-readable format (CSV or JSON). Requests are processed within 30 days of receipt (Art. 12(3) GDPR).

This application contains automated individual decisions within the meaning of Art. 22(1) GDPR inside the Compliance Autopilot. There are currently 29 decision categories classified as "solely automated with legal effect" (i.e. the system blocks a shift assignment, prevents clock-in or marks a contract as invalid without a mandatory manual approval step). Following CJEU C-634/21 (Schufa, 07.12.2023), Art. 22 already applies where the downstream step de facto adopts the algorithmic result.

Decision categories in use (selection):

• IfSG employment prohibitions — §42 IfSG activity ban and missing §43 IfSG briefing automatically block food-handling assignments.
• ArbZG hard blocks — 10-hour daily limit (§3), 11-hour rest period (§5), weekly rest day (§11).
• JArbSchG protection for minors — §§4–16 JArbSchG (8 h/day cap, night-work ban).
• MuSchG protection periods — 6/8/12-week window, night work, missing risk assessment (§§3, 5, 10, 27 MuSchG).
• EFZG / MiLoG calculations — 6-week continued-pay limit (§3 EFZG), minimum wage (§§1, 3 MiLoG), payroll deadlines (§2 MiLoG).
• Mass dismissal threshold — §17 KSchG, CJEU C-188/03 (Junk).
• Missing employment contract — §§2, 3 NachwG.
• Fixed-term limits — §14(2) TzBfG, BVerfG 1 BvL 7/14.
• Mini-job / working-student thresholds — §8 SGB IV, working-student privilege (20-hour cap, rolling 52-week profiling).
• SchwarzArbG identity briefing — §2a SchwarzArbG.
• Immediate report / DEUEV deregistration — §28a(4) SGB IV; §6 DEUEV.
• GDPR deadlines — Art. 12(3) GDPR (DSAR one month).
• NIS2 scope detection — Art. 21 NIS2; §2 BSIG.

A complete, continuously up-to-date list of all automated decisions — including the underlying logic, the data categories processed and the specific legal basis (required by Art. 13(2)(f) / Art. 14(2)(g) GDPR) — is available at Algorithmic Management.

Your rights under Art. 22(3) GDPR

For each of these automated decisions you have the right to

• obtain human intervention from the controller,
• express your point of view and submit relevant circumstances,
• contest the decision and request its cancellation or amendment.

These rights can be exercised through the contest form at My Account → Data Protection → Contest Decision. Contests are reviewed within 30 days (Art. 12(3) GDPR). The automated decision may, in justified cases, be suspended during the review.

Non-automated recommendations

The following processes are not solely automated decisions within the meaning of Art. 22(1) GDPR because the final choice is always made by the manager / owner:

• QuickFill suggestions — algorithmic ranking for open shifts; assignment remains a manager decision.
• Tip distribution (tronc) — distribution follows rules set by the employees themselves.
• Notice warnings — e.g. night-work medical check due, probation ending soon, holiday-expiry notice per CJEU C-684/16.

Personal data of employees may also be entered into the system by the employer (owner/management), e.g. when creating an employee profile. In this case, the data is not collected directly from the data subject (Art. 14 GDPR). The data subject is informed about the processing upon first login and asked for consent.

Categories of data collected: name, email, date of birth, employment type, hourly wage, tax ID, social security number, IBAN, tax class, health insurance. Source: employer's records from the employment contract.

The information is provided in accordance with Art. 14(3) GDPR no later than one month after collection of the data or upon the first communication with the data subject.

The processing of employee data is subject to additional regulations beyond the general provisions of this privacy policy:

• Legal basis: Art. 6(1)(b) GDPR (performance of the employment contract), Art. 6(1)(c) GDPR (legal obligations of the employer), and Art. 88 GDPR in conjunction with Section 26 BDSG for employee data.
• Responsibility: The data controller for the processing of employee data is the respective employer (client). We process this data exclusively as a data processor pursuant to Art. 28 GDPR.
• Works council: If a works council exists, it is the responsibility of the client to observe the co-determination rights under Section 87(1) No. 6 BetrVG when introducing and using the software.
• Consent: Consent given by employees (e.g. GPS location recording) is subject to the special requirements regarding voluntariness in the employment relationship (Section 26(2) BDSG).

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for us is:

To protect your personal data, we have implemented the following technical and organisational measures:

• Encryption of sensitive data: AES-256-GCM encryption of particularly sensitive data (IBAN, tax ID, social security number) in the database.
• Encrypted data transmission: All communication takes place via TLS-encrypted connections.
• Access control: Role-based permission system (Owner, Admin, Manager, Employee) with strict separation of privileges.
• Password security: Passwords are stored exclusively as bcrypt hashes.
• Two-factor authentication: Optional account protection through TOTP-based two-factor authentication.
• Regular security reviews: Continuous review of security measures and prompt remediation of identified vulnerabilities.

The software uses only technically necessary session cookies that are required for the operation of the application and the maintenance of the user session. These cookies are automatically deleted at the end of the browser session.

As no tracking, analytics, or marketing cookies are used, a cookie banner is not required (Section 25(2) No. 2 TDDDG).

This software is hosted by:

A data processing agreement (Auftragsverarbeitungsvertrag) pursuant to Art. 28 GDPR has been concluded with the hosting provider. The hosting provider processes data exclusively in Germany.

To provide our services, we use the following sub-processors:

• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany — Hosting, database, backup storage. Data processing agreement pursuant to Art. 28 GDPR concluded. Processing exclusively in Germany.
• Twilio Inc., San Francisco, CA, USA — SMS delivery (shift reminders, password reset). Only active if a phone number is configured. EU Standard Contractual Clauses (SCC 2021/914) + EU-US Data Privacy Framework (DPF).
• Functional Software Inc. (Sentry), San Francisco, CA, USA — error and performance monitoring. PII filtered via `beforeSend` before transmission. EU SCC + EU-US DPF.
• SumUp Payments Ltd., Dublin, Ireland (EEA) — card payment processing. Art. 28 GDPR DPA; no third-country transfer.
• fiskaly GmbH, Vienna, Austria (EEA) — TSE signing service (§146a AO compliance). Art. 28 GDPR DPA; no third-country transfer.
• Open-Meteo GmbH, Hastedter Osterdeich 222, 28207 Bremen, Germany — weather API (api.open-meteo.com) for shift/demand-planning widgets. Geo coordinates and (on direct client fetch) the end-device IP address are transmitted. No employee personal data. Open-Meteo acts as independent controller; no DPA required. No third-country transfer (DE server). Licence CC-BY 4.0.

The current status of this register is published on this page and documented in the version history below. Under the data processing agreement, the client has the right to object to the engagement of new sub-processors.