Privacy Policy
Information according to Art. 13/14 GDPR
Version 1.0 — As of: March 2026
This privacy policy applies to the website aldric.app. For the use of the Aldric application (SaaS platform), please refer to the App Privacy Policy.
1. Data Controller
CONPORT Services GmbH
Alte Benninghofer Str. 24
44263 Dortmund, Germany
Managing Director: Benjamin Schowe
Email: datenschutz@conport.services
2. Data Protection Officer
An external Data Protection Officer is currently being appointed. Contact details will be published here once appointed.
In the meantime, please contact: datenschutz@conport.services
3. Overview of Processing Activities
The following overviews summarize the types of data processed and the purposes of their processing and refer to the data subjects.
3.1 Provision of the Website
Processed Data: Access data (IP address, date and time of access, requested content, browser type, operating system, referrer URL).
Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure provision of the website).
Storage Duration: Log data is deleted after 30 days.
3.2 Contact
Processed Data: Name, email address, message content, and any other voluntarily provided data.
Legal Basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest).
Storage Duration: Inquiries are deleted after the matter has been resolved, unless statutory retention obligations apply.
3.3 Newsletter
Currently, no newsletter is offered. Should a newsletter service be set up, this privacy policy will be updated accordingly.
3.4 Cookies and Web Analytics
3.4.1 Technically Required Functions
We use technically required functions that are necessary for the operation of the website. This includes storing your cookie preferences in your browser's local storage (localStorage). This data is not transmitted to third parties.
| Name | Purpose | Storage Duration | Type |
|---|---|---|---|
| cs-cookie-consent | Storage of your cookie preferences | 12 months (localStorage, automatic re-prompt after expiry) | Essential |
3.4.2 Web Analytics with Plausible Analytics
We use Plausible Analytics, a privacy-friendly web analytics service provided by Plausible Insights OÜ (based in the EU, Estonia). Plausible collects no personal data, uses no cookies, and does not store IP addresses. All data is processed in an aggregated and anonymized manner.
Data Collected: Page views, referrer, browser type, operating system, device type, country (based on anonymized IP).
Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in analyzing website usage for optimization).
Data Processing: Exclusively in the EU (Hetzner, Germany).
More Information: plausible.io/data-policy
3.4.3 Extended Analytics Features (Consent Required)
For extended analytics features (custom events such as click tracking, scroll depth, form tracking), we request your consent via our cookie consent banner. These features are only activated if you have agreed to the "Statistics" category.
Legal Basis: Art. 6 (1) (a) GDPR (consent).
Withdrawal: You can withdraw your consent at any time via the "Cookie Settings" link in the footer of the website.
3.4.4 Consent Management
When you first visit our website, a cookie consent banner is displayed. You can choose between:
- Essential: Technically required functions (always active)
- Statistics: Extended usage analysis — click tracking, scroll depth, language selection (opt-in)
Your decision is stored locally in your browser and can be changed at any time via "Cookie Settings" in the footer.
4. Recipients and Data Processors
We use the following service providers:
| Service Provider | Purpose | Location |
|---|---|---|
| Plausible Insights OUe (Estonia) | Privacy-friendly web analytics | EU (Hetzner, Germany) |
| Stripe, Inc. (USA) | Payment processing | EU/USA (EU-US Data Privacy Framework) |
| Hosting provider — to be added | Website and platform hosting | to be added |
| Email service provider — to be added | Transactional emails | to be added |
The complete and current list of data processors can be found in our Data Processing Agreement (DPA), Annex 2.
5. Data Transfers to Third Countries
Personal data is only transferred to third countries insofar as this is necessary for the performance of the contract or an adequate level of data protection is ensured.
USA (Stripe): Stripe, Inc. is certified under the EU-US Data Privacy Framework (DPF). The European Commission adopted the adequacy decision for the EU-US DPF on July 10, 2023 (Art. 45 GDPR). Additionally, Standard Contractual Clauses (Art. 46 (2) (c) GDPR) are in place as supplementary safeguards.
6. Rights of the Data Subject
Under the GDPR, you have the following rights:
- Right of Access (Art. 15 GDPR): You have the right to obtain information about your stored personal data.
- Right to Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
- Right to Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
- Right to Restriction of Processing (Art. 18 GDPR): You may request the restriction of processing.
- Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a machine-readable format.
- Right to Object (Art. 21 GDPR): You may object to the processing of your data at any time.
- Right to Withdraw Consent (Art. 7 (3) GDPR): You may withdraw any given consent at any time.
7. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for us is:
Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Postfach 20 04 44
40102 Duesseldorf, Germany
Phone: +49 (0) 211 38424-0
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de
If you are located in another EU/EEA member state, you may also lodge a complaint with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).
8. Currency and Changes to this Privacy Policy
This privacy policy is currently valid as of March 2026.
Due to the further development of our website and offerings or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy.