Privacy Policy
Last Updated: January 4, 2026
Table of Contents
- Introduction
- Controller
- Privacy Contact
- Categories of Personal Data
- Purposes and Legal Bases
- Hosting and Server Logs
- Cookies and Tracking
- Authentication
- Payment Processing
- Processors
- Data Transfers to Third Countries
- Retention
- Security
- Your Rights
- Right to Lodge a Complaint
- Automated Decision-Making
- Children
- Changes
- Contact
1. Introduction
We take your privacy seriously. This Privacy Policy explains what personal data we process, for which purposes, and on which legal bases.
2. Controller — Company Details
- Pacco Planning UG (haftungsbeschränkt)
- Günterstalstraße 35
- 79102 Freiburg im Breisgau, Deutschland
- HRB 733943, Amtsgericht Freiburg
- Managing Directors: Nils Brabänder, Bastian Nill
- E-Mail: info@pacco-planning.de
3. Privacy Contact
E-Mail: info@pacco-planning.de
Data Protection Officer: not appointed (not required under GDPR Art. 37).
4. Categories of Personal Data
- Master data (e.g. name, company)
- Contact data (e.g. email, phone, address)
- Usage data (e.g. pages visited, access times)
- Content data (e.g. recipes, events, documents)
- Payment data (e.g. billing address, payment history)
5. Purposes and Legal Bases
- Contract performance — GDPR Art. 6(1)(b)
- Legitimate interests — GDPR Art. 6(1)(f)
- Consent — GDPR Art. 6(1)(a)
- Legal obligation — GDPR Art. 6(1)(c)
6. Hosting and Server Logs
Our services are hosted on Google Cloud Platform in the europe-west3 region (Frankfurt, Germany). Log files are automatically deleted after 30 days. Legal basis: GDPR Art. 6(1)(f).
7. Cookies and Tracking
a) Necessary Cookies
Required for website operation. Legal basis: GDPR Art. 6(1)(f).
b) Analytics Cookies (Google Analytics)
Provider: Google Ireland Limited. Legal basis: GDPR Art. 6(1)(a) (consent).
c) Marketing Cookies (LinkedIn Insight Tag)
Provider: LinkedIn Ireland Unlimited Company. Legal basis: GDPR Art. 6(1)(a) (consent).
8. Authentication (Firebase Identity Platform)
Firebase Identity Platform (Google Ireland Limited), region europe-west3 (Frankfurt). Legal basis: GDPR Art. 6(1)(b).
9. Payment Processing (Stripe)
Stripe Payments Europe, Ltd., Dublin 2, Ireland. We do not store credit card numbers. Legal basis: GDPR Art. 6(1)(b).
10. Processors
- Google Ireland Limited — hosting, auth, AI, analytics. Region: europe-west3. DPA concluded.
- Stripe Payments Europe, Ltd. — payment processing. DPA concluded; PCI-DSS Level 1.
- LinkedIn Ireland Unlimited Company — marketing (consent only).
- Cloudflare Germany GmbH — DNS resolution.
11. Data Transfers to Third Countries
Transfers to the USA are based on the EU-US Data Privacy Framework or Standard Contractual Clauses (GDPR Art. 46(2)(c)).
12. Retention
- Contract data: 10 years
- Invoice data: 10 years per § 147 AO
- Server log files: 30 days
- Analytics data: 26 months
- Marketing data: until consent is withdrawn
13. Security
- TLS/SSL encryption for all data transfers
- Encrypted data storage
- Regular security updates
- Access controls and permission management
- Regular data backups
14. Your Rights
- Access — GDPR Art. 15
- Rectification — GDPR Art. 16
- Erasure — GDPR Art. 17
- Restriction of processing — GDPR Art. 18
- Data portability — GDPR Art. 20
- Objection — GDPR Art. 21
- Withdrawal of consent — GDPR Art. 7(3)
15. Right to Lodge a Complaint
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart
Phone: +49 711 615541-0
E-Mail: poststelle@lfdi.bwl.de
16. Automated Decision-Making
No automated decision-making within the meaning of GDPR Art. 22 takes place.
17. Children
Pacco is a B2B platform and is not directed at children under 16.
18. Changes
We reserve the right to update this Privacy Policy. For material changes, we will notify you at least 30 days in advance.
19. Contact
E-Mail: info@pacco-planning.de
Phone: +49 174 2471083
Pacco Planning UG (haftungsbeschränkt)
Günterstalstraße 35
79102 Freiburg im Breisgau
Deutschland