Privacy Policy
Last Updated: January 4, 2026
Table of Contents
- Introduction
- Controller
- Privacy Contact
- Categories of Personal Data
- Purposes and Legal Bases
- Hosting and Server Logs
- Cookies and Tracking
- Authentication
- Payment Processing
- Processors
- Data Transfers to Third Countries
- Retention
- Security
- Your Rights
- Right to Lodge a Complaint
- Automated Decision-Making
- Children
- Changes
- Contact
1. Introduction
We take your privacy seriously. This Privacy Policy explains what personal data we process, for which purposes, and on which legal bases.
2. Controller — Company Details
- Pacco Planning UG (haftungsbeschränkt)
- Günterstalstraße 35
- 79102 Freiburg im Breisgau, Deutschland
- HRB 733943, Amtsgericht Freiburg
- Managing Directors: Nils Brabänder, Bastian Nill
- E-Mail: info@pacco-planning.de
3. Privacy Contact
E-Mail: info@pacco-planning.de
Data Protection Officer: not appointed (not required under GDPR Art. 37).
4. Categories of Personal Data
- Master data (e.g. name, company)
- Contact data (e.g. email, phone, address)
- Usage data (e.g. pages visited, access times)
- Content data (e.g. recipes, events, documents)
- Payment data (e.g. billing address, payment history)
5. Purposes and Legal Bases
We process personal data on the following legal bases:
- Contract performance — GDPR Art. 6(1)(b)
- Legitimate interests — GDPR Art. 6(1)(f)
- Consent — GDPR Art. 6(1)(a)
- Legal obligation — GDPR Art. 6(1)(c)
6. Hosting and Server Logs
Our services are hosted on Microsoft Azure in the EU. When accessing our services, the following data is automatically stored in server log files:
- IP address
- Date and time of the request
- Requested URL
- Browser and operating system
- Amount of data transferred
Legal basis is GDPR Art. 6(1)(f). Log files are automatically deleted after 30 days.
7. Cookies and Tracking
We use different types of cookies:
a) Necessary Cookies
These cookies are required for the website to function (e.g. authentication, language preference). Legal basis: GDPR Art. 6(1)(f).
b) Analytics Cookies (Google Analytics)
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics to analyze website usage. Legal basis: GDPR Art. 6(1)(a) (consent).
c) Marketing Cookies (LinkedIn Insight Tag)
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use the LinkedIn Insight Tag for conversion measurement. Legal basis: GDPR Art. 6(1)(a) (consent).
8. Authentication (Azure AD B2C)
For user authentication, we use Microsoft Azure Active Directory B2C. Processing takes place on EU servers. Legal basis: GDPR Art. 6(1)(b) (contract performance).
9. Payment Processing (Stripe)
For payment processing, we use Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland). Stripe processes payment data directly; we do not store credit card numbers. Legal basis: GDPR Art. 6(1)(b) (contract performance).
10. Processors
We work with the following processors:
- Microsoft Azure (hosting, authentication) — Microsoft Ireland Operations Limited
- Google Ireland Limited (analytics)
- LinkedIn Ireland Unlimited Company (marketing)
- Stripe Payments Europe, Ltd. (payment processing)
11. Data Transfers to Third Countries
Where data is transferred to the USA, this is done on the basis of the EU-US Data Privacy Framework or on the basis of Standard Contractual Clauses (SCCs) pursuant to GDPR Art. 46(2)(c).
12. Retention
- Contract data: 10 years (commercial and tax retention requirements)
- Invoice data: 10 years per § 147 AO
- Server log files: 30 days
- Analytics data: 26 months
- Marketing data: until consent is withdrawn
13. Security
We implement the following technical and organizational measures:
- TLS/SSL encryption for all data transfers
- Encrypted data storage
- Regular security updates
- Access controls and permission management
- Regular data backups
14. Your Rights
You have the following rights regarding your personal data:
- Access — GDPR Art. 15
- Rectification — GDPR Art. 16
- Erasure — GDPR Art. 17
- Restriction of processing — GDPR Art. 18
- Data portability — GDPR Art. 20
- Objection — GDPR Art. 21
- Withdrawal of consent — GDPR Art. 7(3)
15. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. Competent authority:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Phone: +49 711 615541-0
E-Mail: poststelle@lfdi.bwl.de
16. Automated Decision-Making
No automated decision-making within the meaning of GDPR Art. 22 takes place.
17. Children
Pacco is a B2B platform and is not directed at children under 16 years of age.
18. Changes
We reserve the right to update this Privacy Policy. For material changes, we will notify you at least 30 days in advance.
19. Contact
E-Mail: info@pacco-planning.de
Phone: +49 174 2471083
Pacco Planning UG (haftungsbeschränkt)
Günterstalstraße 35
79102 Freiburg im Breisgau
Deutschland