Hinweis: Dies ist ein vorläufiges Dokument.
Akrobus Information Systems GmbH ist noch nicht geschäftstauglich.
Privacy Policy
Akrobus Information Systems GmbHLast updated: May 2026
1. Who We Are
Akrobus Information Systems GmbH, [ADDRESS] (“Akrobus”, “we”, “us”, or “our”) is the controller responsible for the processing of personal data described in this Privacy Policy.
Contact for data protection matters:Email: [CONTACT EMAIL] Post: Akrobus Information Systems GmbH, [ADDRESS]
If you have any questions about how we handle your personal data, please contact us at the address above. You also have the right to lodge a complaint with your national supervisory authority. For users in Germany, this is the data protection authority of the federal state in which you reside. A list of German supervisory authorities is available at bfdi.bund.de.
2. Scope
This policy applies to personal data we collect and process when you:
- visit our website at [DOMAIN];
- create and use an Akrovise account;
- contact us by email or other means.
3. What Data We Collect and Why
3.1 Account registration and authentication
When you create an account, we collect:
- your name and email address;
- your password (stored as a one-way hash — we cannot read it);
- the date and time of account creation.
Purpose: To create and manage your account and to authenticate you when you sign in.Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) — this data is necessary to provide the Service.
Authentication is handled by Keycloak, an open-source identity and access management system operated by us on servers located in Germany. Keycloak issues a session cookie to maintain your login state (see § 5 for details).
3.2 Service usage data
When you use the Akrovise platform, we store the data you create or upload (“Your Content”), such as property records, documents, and related information. We also store metadata about activity within your account (e.g. timestamps of actions) for operational purposes such as audit logs and data integrity.
Purpose: To provide the core functionality of the Service.Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3.3 Technical and log data
Our web server automatically records certain technical information when you access the Service, including:
- IP address;
- browser type and version;
- operating system;
- pages accessed and timestamps;
- HTTP status codes.
Purpose: To ensure the stability, security, and correct operation of the Service.Legal basis: Our legitimate interest in maintaining a secure and functioning service (Art. 6(1)(f) GDPR).
Log data is retained for a maximum of 30 days and is then automatically deleted, unless retention is required in connection with a specific security incident.
3.4 Communications
If you contact us by email, we process the content of your message and any personal data it contains in order to respond to your enquiry.
Purpose: To respond to your enquiry and, where applicable, to fulfil pre-contractual obligations.Legal basis: Our legitimate interest in handling enquiries (Art. 6(1)(f) GDPR), or performance of a contract (Art. 6(1)(b) GDPR) where the enquiry relates to your subscription.
4. What We Do Not Do
We want to be clear about data practices we do not engage in:
- No advertising. We do not display third-party advertisements on the Service and do not share your data with advertisers.
- No tracking. We do not use analytics trackers, pixel tags, or any third-party behavioural tracking technology on our website or in the Service.
- No sale of data. We do not sell, rent, or otherwise transfer your personal data to third parties for their own commercial purposes.
- No profiling for marketing. We do not use your personal data to build profiles for marketing or to send you unsolicited commercial communications.
5. Cookies
We use only the cookies that are strictly necessary for the Service to function. We do not use advertising cookies or third-party tracking cookies.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Keycloak session cookie | Maintains your authenticated session after login | Strictly necessary | Session (expires on logout or browser close) |
| Keycloak CSRF token | Protects authentication flows against cross-site request forgery | Strictly necessary | Session |
| Kickoff Authorisation | Indicates which project number AkroServices is authorised to continue working on | Strictly necessary | Duration of the project or 30 days if not approved. |
Because these cookies are strictly necessary for the Service to function, we do not require your consent to set them under Art. 5(3) of the ePrivacy Directive. You may disable cookies in your browser settings, but doing so will prevent you from signing in to the Service.
We do not use cookies for analytics, advertising, or any purpose other than those listed above.
6. Where Your Data Is Stored
All personal data we process is stored on servers located exclusively in Germany. We do not transfer your data outside the European Economic Area (EEA).
Our hosting infrastructure is operated by [HOSTING PROVIDER — e.g. Hetzner Online GmbH], which processes data on our behalf under a Data Processing Agreement in accordance with Art. 28 GDPR.
7. Who Else Has Access to Your Data (Processors)
We engage a small number of carefully selected service providers who process personal data on our behalf as data processors. All processors are contractually bound to process data only on our instructions and in compliance with applicable data protection law.
| Processor | Purpose | Location |
|---|---|---|
| [HOSTING PROVIDER] | Server infrastructure and storage | Germany |
We do not share personal data with any other third parties unless required to do so by law, court order, or to protect our legal rights.
8. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Account data | For the duration of your account, plus 30 days after deletion to allow for recovery, then permanently deleted |
| Your Content (uploaded data) | For the duration of your account, plus 30 days after deletion |
| Server logs | 30 days |
| Email correspondence | 3 years from the date of correspondence, or as required by applicable law |
| Accounting and invoicing records | 10 years, as required by German commercial and tax law (§ 257 HGB, § 147 AO) |
Where retention is required by law (e.g. accounting records), we retain only the minimum data necessary for that purpose and restrict access to it.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17): You may ask us to delete your personal data where there is no lawful basis for us to continue processing it.
- Right to restriction of processing (Art. 18): You may ask us to restrict processing of your data in certain circumstances, for example while a dispute about accuracy is resolved.
- Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format, where processing is based on consent or contract and is carried out by automated means.
- Right to object (Art. 21): You may object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at [CONTACT EMAIL]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority depends on the federal state in which you reside. A directory is available at bfdi.bund.de.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted connections (TLS), access controls, and data stored within Germany on infrastructure subject to German and EU security standards.
No system is entirely secure. If you become aware of a security issue affecting your account, please notify us immediately at [CONTACT EMAIL].
11. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the Service at least 30 days before the changes take effect. The date at the top of this page reflects when the policy was last revised. We encourage you to review this policy periodically.
13. Contact
Akrobus Information Systems GmbH[ADDRESS] Geschäftsführer: Niko Kaiser Email: [CONTACT EMAIL]