Introduction 

Data protection has a particularly high priority for techreach GmbH (hereinafter: "we", "us"). We consider it our primary responsibility to maintain the confidentiality of the personal data you provide to us and to protect it from unauthorized access. Therefore, we use extreme care and state-of-the-art security standards to ensure maximum protection of your personal data.  

With the information presented below, we provide you with an overview of the processing of your personal data that arises in connection with the use of the anybill portal https://portal.anybill.de/ (hereinafter "anybill portal"). 

We also want to inform you about your rights under data protection laws. The processing of your personal data by us is always in accordance with the General Data Protection Regulation (hereinafter "GDPR"), the Telecommunications and Telemedia Data Protection Act (hereinafter "TTDSG") and all applicable country-specific data protection regulations. 

1 Responsibility 

The responsible person in the sense of the GDPR is: 

techreach GmbH  
Franz-Mayer-Strasse 1  
93053 Regensburg 

Germany 

Phone: +49 941 46297731  
E-mail: hello@anybill.de 
Website: www.anybill.de 

2 Data Protection Officer 

You can reach our data protection officer as follows: 

​​​Niklas Hanitsch, secjur GmbH ​ 
​Steinhöft 9 ​ 

​20459 Hamburg 

​Germany 

​Phone number : +49 228 599 520 

​E-mail: dsb@secjur.com ​ 

You can contact our data protection officer directly with all questions and suggestions regarding data protection and the exercise of your rights. 

3 Definition 

This privacy policy is based on the terminology of the GDPR. For your convenience, we would like to explain some important terms in this context in more detail: 

• Personal Data: Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 
• Data subject: The data subject is any identified or identifiable natural person whose personal data are processed by the controller. 
• Processing: Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 
• Recipient: A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients. 
• Third Party: a third party is a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor. 
• Consent: Consent is any expression of will in the form of a declaration or other unambiguous affirmative action made voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her. 

4 Origin of the personal data 

We may obtain personal information in the following ways: 

4.1 Information provided by you 

You have the possibility to provide information about yourself and your company in the anybill portal.  

4.2 Automatically collected and generated data 

When you use the anybill portal, we collect personal data about you.  

5 Scope, purpose, storage period and, if applicable, recipients and third country transfer of the respective processing of personal data 

5.1 General information 

In the following, we will give you an overview of which personal data we process. For this purpose, we describe to what extent and for what purposes data is processed. In addition, we indicate - if available - which third-party providers we use that receive your data. Finally, we inform you whether a third country transfer takes place in the respective processing by the third party provider. 

The provision of your personal data is always voluntary. However, it may be that the respective functionality only works with the provision of your information. 

We will not disclose your personal data to third parties without your consent, unless this is permitted by law (e.g. because it is necessary for the performance of the contract). 

5.2 Third country transfer 

If we transfer personal data to a third country for processing, we ensure compliance with Art. 44 et seq. GDPR, i.e., before any transfer of personal data to third parties in a country outside the European Union ("EU") or the European Economic Area ("EEA"), we check whether an adequate level of protection is ensured. 

An adequate level of protection can be ensured, among other things, by the existence of an adequacy decision by the EU Commission, by the fact that we have concluded standard data protection clauses with the recipient and have taken other additional measures, or by the fact that the third-country transfer is permitted under other safeguards regulated in Art. 46 et seq. GDPR is permissible. Where the data transfer is based on Art 46, 47 or 49 (1) GDPR, you may obtain from us a copy of the safeguards for the existence of an adequate level of data protection in relation to the data transfer or an indication of the availability of a copy of the safeguards. Copies of these guarantees can be requested from us. 

5.3 Data deletion 

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. 

5.4 Security measures 

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons. 

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise.  

Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.  
All data is stored in an ISO 27001 certified data center in the EU. All data traffic between your browser or end device and the anybill server is encrypted. For this purpose, a modern transmission method, TLS protocol (Transport Layer Security protocol), is used. This ensures that all data is transmitted in encrypted form and is protected from manipulation and unauthorized access by third parties during transmission.  
 

5.5 Transfer of personal data 

In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or that it is disclosed to you. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into an app or website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of the data. 

5.6 The processing of personal data concerning you  

5.6.1 Registration in the anybill portal/creation of user account  

5.6.1.1 Scope of processing 

In order to use the service (also within the scope of a test account), it is necessary that you register with anybill. During registration, a company account is created on the one hand, and in addition, a personal access to the company account is created. For this purpose, we process the following personal data:  

• IP address 
• Name  
• E-mail address 

5.6.1.2 Purpose of processing 

The purpose of the processing is to perform authentication and create your user account.  

5.6.1.3 Legal basis 

The legal basis for the data processing is the fulfillment of the contract concluded with you within the meaning of Art. 6 (1) (b) GDPR. 

5.6.1.4 Storage period 

We delete your personal data that we collect in connection with registration on the anybill portal as soon as it is no longer required to achieve the purpose for which it was collected. Personal access to the company account is deleted 3 months after deactivation of the company account. Irrespective of this, invoices and receipts are only deleted after 10 years in accordance with legal regulations in the German Fiscal Code and the German Commercial Code. 

5.6.2 Provision of the anybill portal 

5.6.2.1 Scope of processing 

We can provide you with the benefits of our anybill portal if certain personal data required for its operation is collected when you use it. This includes the following personal data:  

• IP address 
• Device type as well as device-specific settings  
• Date and time of the retrieval and the amount of data transferred and the message whether the data exchange was complete 
• Time zone  
• Browser type and operating system 

5.6.2.2 Purpose of processing 

The purposes we pursue include, in particular: 

• Technical operation of the anybill portal 
• ensuring a smooth connection setup of the anybill portal, 
• The investigation of acts of abuse or fraud, 
• Problem analyses in the network, as well as 
• The evaluation of system security and stability. 

5.6.2.3 Legal basis  

The legal basis for data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. We have an overriding legitimate interest in being able to offer our service in a technically flawless manner. 

5.6.2.4 Storage period 

We delete your personal data that we collect in connection with the provision of the anybill portal as soon as it is no longer required to achieve the purpose for which it was collected.   

5.6.2.5 Recipients of personal data 

We use Datadog Inc, 620 8th Ave, 45th Fl, New York, NY 10018 USA to process technical logs. You can find more information about data protection at Datadog here: https://www.datadoghq.com/legal/privacy/ 

As cloud infrastructure for our backend services, we use Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland. You can find more information about data protection at Microsoft here: https://privacy.microsoft.com/en-us/privacystatement 

For the provision of texts, we use Prismic.io Inc, 185 Alewife Brook Parkway, Suite 210 Cambridge Massachusetts 02138, USA. Further information on the subject of data protection at Microsoft can be found here: https://prismic.io/legal/privacy 

5.6.3 Cookies use 

5.6.3.1 Scope of processing 

We use cookies in our anybill portal. These are text files that your browser automatically creates and that are stored on your IT system when you visit our anybill portal. Through cookies, certain information flows to the location setting the cookie. Through the use of cookies, it is not possible to execute programs or transfer viruses to your end device. They serve to make our anybill portal more user-friendly and effective overall, i.e. more pleasant for you. Cookies can contain data that make it possible to recognize the end device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. 

When you visit our anybill portal for the first time and it contains cookies, you will be shown a "cookie banner". There you will be informed about the individual cookies that we use. You can allow us to use cookies that are not necessary and reverse this decision there.  

From a legal point of view, a distinction must be made between essential and non-essential cookies. 

5.6.3.2 Essential cookies 

We use essential cookies. These are cookies that are technically necessary to provide all of our functions. The legal basis for data processing is according to Art. 6 (1) (f) GDPR our legitimate interest. We have an overriding legitimate interest in being able to offer our service in a technically flawless manner.   

5.6.3.3 Non essential cookies 

We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behavior on our website and to improve our offer. The legal basis for data processing is your consent pursuant to Art. Art. 6 (1) (a) GDPR. The cookies are only set after you have given your consent via our cookie banner. 

5.6.3.4 Storage period 

With regard to the storage period, the following types of cookies are distinguished: 

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after you have closed the anybill portal. 
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits the anybill portal again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and Storage period of cookies (e.g., in the context of obtaining consent), it can be assumed that cookies are permanent and the storage period can be up to two years. 

5.6.4 Google Analytics 

5.6.4.1 Scope of processing 

The anybill portal uses functions of the Google Analytics web analysis service. Through Google Analytics, we process the following personal data, among others: 

• Request time 
• IP addresses 
• Online identifiers (including cookie identifiers) 
• Device identifiers 
• Technical characteristics of users (e.g. browser type and version, device type, operating system). 
• Measurement of usage behavior (e.g. views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate). 
• Use of individual functionalities of the anybill portal (e.g. content management, store management, merchant payment document archive) 
• Referral URL (the previously visited page) 

5.6.4.2 Purpose of processing 

With the help of Google Analytics, we analyze your user behavior in order to make decisions regarding product and marketing optimization based on the results.  

5.6.4.3 Legal basis 

The legal basis for the use of Google Analytics is according to Art. 6 (1) (a) GDPR is your voluntary and revocable consent. 

You can consent to the processing of your data by Google Analytics using our Consent Manager, prevent the collection of your data, or revoke consent once given. To revoke, simply call up the privacy settings in the anybill portal again. 

5.6.4.4Storage period 

Personal data is anonymized by Google 14 months after your last activity, unless there is a legal obligation to retain it. 

5.6.4.5 Recipients of personal data  

Your data will be passed on to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland to the extent necessary. Google | Privacy Policy 

5.6.5 Setting up the anybill portal  

5.6.5.1 Scope of processing 

After successful registration, you can create a company profile for your business, manage your branches and view merchant payment receipts. In addition, you can view and manage the anybill receipt service and other anybill products. To do this, you will need to enter the following data in the anybill portal: 

• Contact details (e.g. name, e-mail, telephone numbers) 
• Company address 
• Invoice data 
• Cash register software provider  

In addition, the following data is collected when using the anybill portal.  

• Sales tax ID (if company is located within the EU)  
• Payment information (e.g. names, addresses, email address, IBAN or credit card details),  
• Payment/order data (e.g. bank details, invoices, payment history), 
• Contract data (e.g. subject of contract, term, customer category) 
• Usage and login data  
• Documentation data (in order to be able to prove communication and performance during the business relationship) 

5.6.5.2 Purpose of processing 

The purpose of the processing is to allow you, in addition to the management of the products, the issuance of a legally valid receipt and the invoicing and provision of the service booked. 

5.6.5.3 Legal basis 

The legal basis for the data processing is the fulfillment of the contract concluded with you within the meaning of Art. 6 (1) (b) GDPR. 

5.6.5.4 Storage period 

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. Invoices and receipts are only deleted after 10 years in accordance with legal regulations in the German Fiscal Code and the German Commercial Code. 

5.6.6 Payment processing  

5.6.6.1 Scope of processing 

We offer secure and efficient payment options. In the course of payment we process the following personal data: 

• First and last name 
• Company name 
• E-mail address 
• Address 
• Subject of the contract 
• Account number 
• Payment method 
• Credit card data (credit card number, expiration date, verification number)  
• Metadata (e.g. device information, IP address, date and time of logon). 

5.6.6.2 Purpose of processing 

The purpose of the processing is to enable you to pay for the use of our products. 

5.6.6.3 Legal basis 

The legal basis for the data processing is the fulfillment of the contract concluded with you within the meaning of Art. 6 (1) (b) GDPR. 

5.6.6.4Storage period 

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. Invoices and receipts are only deleted after 10 years in accordance with legal regulations in the German Fiscal Code and the German Commercial Code. 

5.6.6.5 Recipients of personal data  

For the settlement of direct debit and credit card payments we use Unzer, a service of Unzer GmbH, Schöneberger Str. 21 a, 10963 Berlin. Information on data protection can be found here: https://www.unzer.com/de/datenschutz/  

For invoicing we use Billomat, a service of aifinyo AG, Friedrichstraße 94, 10117 Berlin. You can find information on data protection here: https://www.billomat.com/datenschutz/  

5.6.7 Help and feedback 

5.6.7.1 Scope of processing 

You have the possibility to contact us via form or e-mail. In the course of contacting you and answering your inquiry, we process the following personal data, among others: 

• Name 
• E-mail 
• Date and time of the request 
• Other personal data that you provide to us voluntarily 

5.6.7.2 Purpose of processing 

The purpose of the processing is to help you with your requests and to provide us with your feedback.  

5.6.7.3 Legal basis 

The legal basis for the data processing is the fulfillment of the contract concluded with you within the meaning of Art. 6 (1) (b) GDPR. 

5.6.7.4 Storage period 

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected.  

5.6.7.5 Recipients of personal data  

To answer your questions, we use Freshdesk , a service provided by Freshworks Inc, 2950 S. Delaware Street, Suite 201,San Mateo CA 94403. For more information on privacy, please click here: https://www.freshworks.com/privacy/ 

6 Your rights 

In this section, we inform you about the rights you have with regard to the processing of your data. The exact scope of the right mentioned in each case can be found in the corresponding article of the GDPR. Data subject inquiries should generally be directed to us or our data protection officer via e-mail to dsb@secjur.com. 

6.1 Right to confirmation 

You have the right to request confirmation from us as to whether personal data concerning you is being processed by us. 

6.2 Information (Art. 15 GDPR) 

You have the right to receive from us at any time free of charge information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions. 

6.3 Rectification (Art. 16 GDPR)  

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing. 

6.4 Erasure (Art. 17 GDPR) 

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary. 

6.5 Restriction of processing (Art. 18 GDPR)  

You have the right to demand that we restrict processing if one of the legal requirements is met. 

6.6 Data portability (Art. 20 GDPR) 

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out with the help of automated procedures, unless the processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority vested in us. 

In addition, when exercising your right to data portability pursuant to Article 20 (1) GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals. 

6.7 Objection (Art. 21 GDPR) 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of data processing in the public interest pursuant to Art. 6 (1) (e) GDPR or on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. 

6.8 Revocation of consent under data protection law 

You have the right to revoke your consent to the processing of personal data at any time with effect for the future. 

6.9 Complaint to a supervisory authority 

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection. 

7 Up-to-dateness and changes of the privacy policy 

This privacy notice is currently valid and has the following status: July 2023. 

If we continue to develop our anybill portal or if legal or regulatory requirements change, it may be necessary to amend this privacy notice.