Controller
Responsible for data processing is:
Dr. Markus Paulußen
Detmolder Str. 145, 33604 Bielefeld
E-Mail: info@barrierefrai.com
Types of Data Processed
We process the following categories of personal data:
- Master data (name, email address, payment data)
- Content data (uploaded PDF files, images, texts, structural information)
- Communication data (support requests via email or form)
- Technical data (IP address, log files, time and type of usage)
Hosting and Server Location
Our systems are operated on servers in Germany. The hosting provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. This ensures that storage, user accounts, and billing data are processed within the European Union and are subject to the high standards of the GDPR. A data processing agreement pursuant to Art. 28 GDPR exists with the hosting provider.
For certain functions (e.g. AI-powered analysis and processing of PDF files), data is transmitted to the Google Gemini API. This processing takes place in Ireland and, in exceptional cases, may also be transferred to the USA. The protection of your data is ensured through the use of Standard Contractual Clauses (Art. 46 GDPR). Further information can be found in the section “Google Gemini API”.
Collection and Processing of Personal Data
We process personal data when you register, book a plan, contact support, or use the tool. This includes, in particular, uploaded PDF files that are processed by our AI service providers in order to provide accessible content.
Purpose of Processing
Data processing is carried out to provide the contractually agreed services, for communication, for billing via Stripe, and to comply with legal obligations.
Legal Bases
Processing is based on Art. 6 (1) lit. b GDPR (contract performance), Art. 6 (1) lit. f GDPR (legitimate interest in a secure and functioning system), and, where necessary, Art. 6 (1) lit. c GDPR (legal obligation).
Payment Service Provider Stripe
We use Stripe Payments Europe, Ltd. for payment processing. Your payment information is processed exclusively by Stripe. Further information on data protection at Stripe can be found at stripe.com/privacy.
Data Sharing and Processing on Behalf
Your data will only be shared with third parties in the context of payment processing, system usage (e.g. hosting provider, AI processing services such as Google Gemini API), or where we are legally required to do so. Data processing agreements pursuant to Art. 28 GDPR are in place with all service providers that process data on our behalf.
Google Gemini API
For AI-powered processing of your PDF files (conversion into accessible HTML, image analysis, text extraction), we use the Google Gemini API, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The content of your uploaded PDF files (texts, images, structural information) is transmitted to the Google Gemini API. These data are used exclusively for the purpose of processing and providing the accessible content you requested.
Google does not use data transmitted via the API to improve the Gemini models unless you have explicitly consented. Data are retained by Google for a limited period (up to 180 days) for abuse prevention and service improvement.
Further information on Google’s privacy policy can be found at policies.google.com/privacy .
Data Transfers to Third Countries
When using Stripe and the Google Gemini API, data may be transferred to the USA. The protection of your data is ensured through the use of Standard Contractual Clauses (Art. 46 GDPR) approved by the European Commission.
Cookies and Tracking
We do not use tracking tools or marketing cookies. Only technically necessary cookies are used, which are required for the operation of the service.
Storage Period
We store your data for as long as necessary to fulfill the contract and to comply with legal obligations (e.g. tax retention periods). After that, your data will be deleted or anonymized.
Data Subject Rights
You have the right to access, rectification, erasure, restriction of processing, data portability, and to object to the processing. Complaints may be lodged with the competent data protection authority.
Security
We use technical and organizational measures to protect your data from loss, misuse, or unauthorized access.
Contact for Data Protection Questions
If you have any questions regarding data protection, please contact us at: privacy@barrierefrai.com