Deutsch English
← Back to Registration

Privacy Policy

Status: 08.11.2025

1. Controller

The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

CUB3SOFT UG (haftungsbeschränkt)
Managing Director: Michael Kubik
Contact details: see Legal Notice

2. Data Protection Officer

Due to the company size, the appointment of a data protection officer is not required.

If you have questions about data protection, please contact us directly. Contact details see Legal Notice.

3. Type and Scope of Data Processing

3.1 Registration and User Account

During registration, we collect the following data:

  • First and last name (optional)
  • Email address
  • Password (stored encrypted)
  • Selected plan and payment method

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Storage duration: For the duration of the contractual relationship, then immediate deletion

3.2 Usage Data

During use of the software, we process:

  • Transport unit data (license plates, registrations, inspection deadlines)
  • Personnel data (employee names, training certificates)
  • Shipment data (UN numbers, quantities, documents)
  • Audit reports and inspection protocols

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Storage duration: For the duration of the contractual relationship. After contract termination, data will be deleted immediately, unless legal retention obligations prevent this. Compliance with legal retention periods is the responsibility of the customer.

3.3 Payment Data

Payment data is processed via certified payment service providers (e.g., Stripe). We do not store complete credit card data ourselves.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

3.4 Technical Data and Logs

The following data is automatically recorded with each access to our services:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in IT security)
Storage duration: 30 days

4. Data Disclosure to Third Parties

Your data is only disclosed in the following cases:

4.1 Data Processors

We use the following service providers for data processing:

  • Hosting: Netcup GmbH, Karlsruhe (server location: Germany)
  • Email dispatch: Netcup GmbH, Karlsruhe (server location: Germany)
  • Payment processing: Stripe Inc. (GDPR-compliant, with EU data transfer agreement)

Data processing agreements according to Art. 28 GDPR have been concluded with all processors.

4.2 Legal Obligations

Disclosure occurs if we are legally or officially obliged to do so (e.g., to law enforcement authorities or tax authorities).

5. Data Security

We implement technical and organizational security measures to protect your data:

  • SSL/TLS encryption of all data transmissions
  • Encrypted storage of passwords (Argon2id/Bcrypt)
  • Regular security audits and updates
  • Access restrictions and authorization concepts
  • Daily backups with 30-day retention
  • ISO 27001-compliant security standards

6. Your Rights as Data Subject

You have the following rights regarding your personal data:

6.1 Right to Information (Art. 15 GDPR)

You have the right to request confirmation of whether we are processing personal data concerning you and to receive information about this data.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate data or the completion of incomplete data.

6.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data, provided no legal retention obligations prevent this.

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your data.

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON export).

6.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your data on grounds relating to your particular situation.

6.7 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf, Germany
Tel.: +49 211 38424-0
Email: poststelle@ldi.nrw.de

7. Cookies and Tracking

Our application only uses technically necessary cookies (session management, authentication). We do not use marketing cookies or third-party tracking tools.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in functionality)

8. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to reflect changes in the legal situation or changes to our service. The current version is always available on this page. You will be informed by email of significant changes.

9. Contact

If you have questions about data protection or wish to exercise your rights, please contact us. Contact details see Legal Notice.

Loading…
Loading the web debug toolbar…
Attempt #