Hinweis: Dies ist ein vorläufiges Dokument.

Akrobus Information Systems GmbH ist noch nicht geschäftstauglich.

Privacy Policy

Akrobus Information Systems GmbHLast updated: May 2026


1. Who We Are

Akrobus Information Systems GmbH, [ADDRESS] (“Akrobus”, “we”, “us”, or “our”) is the controller responsible for the processing of personal data described in this Privacy Policy.

Contact for data protection matters:Email: [CONTACT EMAIL] Post: Akrobus Information Systems GmbH, [ADDRESS]

If you have any questions about how we handle your personal data, please contact us at the address above. You also have the right to lodge a complaint with your national supervisory authority. For users in Germany, this is the data protection authority of the federal state in which you reside. A list of German supervisory authorities is available at bfdi.bund.de.


2. Scope

This policy applies to personal data we collect and process when you:


3. What Data We Collect and Why

3.1 Account registration and authentication

When you create an account, we collect:

Purpose: To create and manage your account and to authenticate you when you sign in.Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) — this data is necessary to provide the Service.

Authentication is handled by Keycloak, an open-source identity and access management system operated by us on servers located in Germany. Keycloak issues a session cookie to maintain your login state (see § 5 for details).

3.2 Service usage data

When you use the Akrovise platform, we store the data you create or upload (“Your Content”), such as property records, documents, and related information. We also store metadata about activity within your account (e.g. timestamps of actions) for operational purposes such as audit logs and data integrity.

Purpose: To provide the core functionality of the Service.Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

3.3 Technical and log data

Our web server automatically records certain technical information when you access the Service, including:

Purpose: To ensure the stability, security, and correct operation of the Service.Legal basis: Our legitimate interest in maintaining a secure and functioning service (Art. 6(1)(f) GDPR).

Log data is retained for a maximum of 30 days and is then automatically deleted, unless retention is required in connection with a specific security incident.

3.4 Communications

If you contact us by email, we process the content of your message and any personal data it contains in order to respond to your enquiry.

Purpose: To respond to your enquiry and, where applicable, to fulfil pre-contractual obligations.Legal basis: Our legitimate interest in handling enquiries (Art. 6(1)(f) GDPR), or performance of a contract (Art. 6(1)(b) GDPR) where the enquiry relates to your subscription.


4. What We Do Not Do

We want to be clear about data practices we do not engage in:


5. Cookies

We use only the cookies that are strictly necessary for the Service to function. We do not use advertising cookies or third-party tracking cookies.

CookiePurposeTypeDuration
Keycloak session cookieMaintains your authenticated session after loginStrictly necessarySession (expires on logout or browser close)
Keycloak CSRF tokenProtects authentication flows against cross-site request forgeryStrictly necessarySession
Kickoff Authorisation Indicates which project number AkroServices is authorised to continue working on Strictly necessaryDuration of the project or 30 days if not approved.

Because these cookies are strictly necessary for the Service to function, we do not require your consent to set them under Art. 5(3) of the ePrivacy Directive. You may disable cookies in your browser settings, but doing so will prevent you from signing in to the Service.

We do not use cookies for analytics, advertising, or any purpose other than those listed above.


6. Where Your Data Is Stored

All personal data we process is stored on servers located exclusively in Germany. We do not transfer your data outside the European Economic Area (EEA).

Our hosting infrastructure is operated by [HOSTING PROVIDER — e.g. Hetzner Online GmbH], which processes data on our behalf under a Data Processing Agreement in accordance with Art. 28 GDPR.


7. Who Else Has Access to Your Data (Processors)

We engage a small number of carefully selected service providers who process personal data on our behalf as data processors. All processors are contractually bound to process data only on our instructions and in compliance with applicable data protection law.

ProcessorPurposeLocation
[HOSTING PROVIDER]Server infrastructure and storageGermany

We do not share personal data with any other third parties unless required to do so by law, court order, or to protect our legal rights.


8. How Long We Keep Your Data

Data typeRetention period
Account data For the duration of your account, plus 30 days after deletion to allow for recovery, then permanently deleted
Your Content (uploaded data)For the duration of your account, plus 30 days after deletion
Server logs30 days
Email correspondence3 years from the date of correspondence, or as required by applicable law
Accounting and invoicing records10 years, as required by German commercial and tax law (§ 257 HGB, § 147 AO)

Where retention is required by law (e.g. accounting records), we retain only the minimum data necessary for that purpose and restrict access to it.


9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at [CONTACT EMAIL]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority depends on the federal state in which you reside. A directory is available at bfdi.bund.de.


10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted connections (TLS), access controls, and data stored within Germany on infrastructure subject to German and EU security standards.

No system is entirely secure. If you become aware of a security issue affecting your account, please notify us immediately at [CONTACT EMAIL].


11. Children

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.


12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the Service at least 30 days before the changes take effect. The date at the top of this page reflects when the policy was last revised. We encourage you to review this policy periodically.


13. Contact

Akrobus Information Systems GmbH[ADDRESS] Geschäftsführer: Niko Kaiser Email: [CONTACT EMAIL]