Privacy Policy

Table of contents

• Data controller
• Overview of data processing
• Legal bases
• Categories of processed data
• Security measures
• Third-party providers and processors
• Data storage and deletion
• Rights of data subjects
• Website hosting
• Use of cookies
• Mobile app (Check by conpilo)
• Changes to this privacy policy

1. Data controller

Dave Di Napoli
Memminger Straße 41
89257 Illertissen
Germany

E-Mail: info@davedinapoli.de
Phone: +49 32 222009262

VAT ID: DE329593084

2. Overview of data processing

The following overview summarizes the types of data processed and the purposes of their processing:

• Contact data — Name, email address, phone number (for contact inquiries and beta registrations)
• Usage data — Pages visited, time of access (server logs)
• Technical data — IP address, browser type, operating system (when visiting the website)

3. Legal bases

The processing of personal data is based on the following legal bases of the GDPR:

• Art. 6(1)(a) GDPR (Consent) — When you have given us explicit consent to process your data, e.g., for newsletter registration or beta registration.
• Art. 6(1)(b) GDPR (Contract performance) — When processing is necessary for the performance of a contract or pre-contractual measures, e.g., for contact inquiries or project commissions.
• Art. 6(1)(c) GDPR (Legal obligation) — When we need to process personal data to fulfill legal obligations, e.g., retention obligations for tax documents.
• Art. 6(1)(f) GDPR (Legitimate interests) — When processing is necessary to protect our legitimate interests, e.g., ensuring server operation and preventing abuse.

4. Categories of processed data

Contact form

When you use the contact form, your name, email address, and message are stored to process your inquiry. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures). The data will be deleted as soon as it is no longer needed to process your inquiry.

Beta tester registration

When you register as a beta tester, your name, email address, and optionally your phone number, computer type (Mac/Windows/Linux), phone operating system (iOS/Android), and preferred messenger are stored. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures). The data is used exclusively for organizing the beta testing phase and will be deleted when no longer needed.

Server log files

Each time this website is accessed, technically necessary connection data is automatically collected: IP address, date and time of access, page visited, amount of data transferred, and the requesting browser. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in ensuring server operation). Log files are deleted or anonymized after 30 days.

5. Security measures

We implement technical and organizational measures to protect personal data from unauthorized access, loss, or misuse:

• TLS/SSL encryption (HTTPS) for all data transfers
• Database encryption for sensitive data
• Row-Level Security (RLS) for database-level access control
• Regular security updates and patches
• Regular data backups
• Access control and logging

6. Third-party providers and processors

We use the following third-party providers for operating this website and associated services:

Vercel Inc. (Frontend hosting)

440 N Barranca Ave #4133, Covina, CA 91723, USA.
Privacy: vercel.com/legal/privacy-policy
Data transfer based on EU Standard Contractual Clauses.

Supabase Inc. (Database and authentication)

Data center in Frankfurt, Germany (EU).
Privacy: supabase.com/privacy
All data is stored and processed in the EU.

No analytics tools (such as Google Analytics), advertising networks, or tracking services are used.

7. Data storage and deletion

Personal data is deleted as soon as the purpose of storage no longer applies and no legal retention obligations exist. Specifically:

• 10 years: Invoices, accounting documents, and tax-relevant records (§147 AO, §257 HGB)
• 6 years: Business correspondence (§257 HGB)
• 3 years: Other contractual data after end of business relationship (§195, §199 BGB)
• 30 days: Server log files (then deleted or anonymized)

8. Rights of data subjects

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — You can request information about your stored data.
• Rectification (Art. 16) — You can request the correction of inaccurate data.
• Erasure (Art. 17) — You can request the deletion of your data, provided no legal retention obligations apply.
• Restriction (Art. 18) — You can request the restriction of processing.
• Data portability (Art. 20) — You can receive your data in a commonly used, machine-readable format.
• Objection (Art. 21) — You can object to the processing of your data on grounds relating to your particular situation.
• Withdrawal of consent — Consent given can be withdrawn at any time with effect for the future.

Contact us at: info@davedinapoli.de

We endeavor to respond to inquiries within 30 days.

9. Website hosting

This website is hosted via Vercel (Vercel Inc., USA) and delivered through a global CDN. The database is operated by Supabase on EU servers (Frankfurt, Germany). When accessing the website, technically necessary connection data (IP address, time, page visited) is temporarily stored in server logs.

Processing is based on our legitimate interest in an efficient and secure provision of our online offering (Art. 6(1)(f) GDPR).

10. Use of cookies

This website uses only technically necessary cookies that are required for the operation of the website. No marketing cookies, tracking cookies, or third-party cookies are used.

Since only technically necessary cookies are used, no cookie banner is required.

11. Mobile app (Check by conpilo)

The following additional notes apply to the mobile app “Check by conpilo”:

Location data

The app uses the approximate location of the device exclusively for verification during on-site check-ins. The location is not stored, not shared with third parties, and only queried at the time of check-in. The legal basis is Art. 6(1)(b) GDPR (contract performance) and the explicit consent of the user through the operating system's location permission.

Camera and QR code scanning

The app uses the device's camera exclusively for scanning QR codes during check-in. No images or videos are captured, stored, or transmitted. Camera access is only granted after explicit permission from the user. The legal basis is Art. 6(1)(a) GDPR (consent).

Push notifications

The app can send push notifications to inform about appointments, course changes, or messages from the provider. Push notifications can be disabled at any time in the device settings.

For the complete privacy policy of the Conpilo platform, see: conpilo.de/datenschutz

12. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

Competent supervisory authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

13. Changes to this privacy policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to our services. The current version is always available on this page.