English

Get Started

Privacy Policy

1. Controller

The controller responsible for processing personal data under the EU General Data Protection Regulation (GDPR) is:

AnnuCal GmbH
Lerchenstraße 28
22767 Hamburg
Germany

Phone: +49 40 50719309‬
Email: info@annucal.com
Managing Director: Jan-Willem Wulff

2. Purpose of Processing and Legal Basis

We process personal data to provide and improve AnnuCal, ensure reliable operation, and enable user support. Processing takes place on the following legal bases:

2.1 Use of the Service (Art. 6(1)(b) GDPR – Contract performance)

To create and operate your AnnuCal account, we process:

  • Name

  • Email address

  • Encrypted password

  • Language preferences

  • Calendar, scheduling, and event data entered by you

  • App settings and configurations

2.2 Technical Operation and Security (Art. 6(1)(f) GDPR – Legitimate interest)
For system stability and security, we process:

  • IP address

  • Browser type and version

  • Date and time of access

  • Server log files

  • Session cookies

  • Error and diagnostic information

Our legitimate interest lies in maintaining the security and proper functioning of the platform.

2.3 Communication (Art. 6(1)(b), (f) GDPR)

We send essential service-related emails such as:

  • Account confirmation

  • Password reset messages

  • Security notifications

  • Operational updates

We do not send advertising or promotional emails.

2.4 Single Sign-On (SSO) – Voluntary (Art. 6(1)(a) GDPR – Consent)

If you choose to sign in using an external provider (e.g., Google), the provider may transmit your name, email address, and profile data to us.
SSO is optional and requires your explicit consent.

3. Categories of Recipients

We do not sell your data or use it for advertising.

To provide our service, we work with selected processors in accordance with Art. 28 GDPR:

  • Hosting and data center services: Frankfurt, Germany

  • Email delivery services: to send system-relevant messages

  • Monitoring and diagnostics: to ensure platform stability

  • SSO providers (optional): Google LLC (USA)

These service providers act strictly on our instructions.

4. Data Transfers to Third Countries

As a general rule, your data is not transferred outside the EU/EEA.

Exception: If you use Google Single Sign-On
In this case, data may be transferred to the United States.

Legal safeguards include:

  • Your explicit consent (Art. 6(1)(a) GDPR)

  • Standard Contractual Clauses (SCCs) under Art. 46 GDPR

You may withdraw your consent at any time by discontinuing use of SSO.

5. Storage Periods

We store personal data only as long as necessary for the purpose of providing the service.

  • Account data: until the account is deleted

  • Calendar and event data: until deleted by the user

  • Backups: automatically deleted after 14 days

  • Server log files: stored for up to 30 days

Once your account is deleted, all personal data is fully removed within the backup retention period.

6. Cookies

AnnuCal uses only essential cookies, primarily:

  • Session cookies (required for login, navigation, and security)

We do not use tracking, analytics, or advertising cookies.

7. Your Rights Under the GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restrict processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR) to processing based on legitimate interests

  • Right to withdraw consent at any time (Art. 7(3) GDPR), e.g., for SSO

To exercise your rights, contact us at:
info@annucal.com

Right to lodge a complaint

You may lodge a complaint with any data protection supervisory authority.
For example:

Hamburg Commissioner for Data Protection and Freedom of Information
https://datenschutz-hamburg.de/

8. No Automated Decision-Making

We do not engage in automated decision-making or profiling under Art. 22 GDPR.

9. Data Security

We protect your data using technical and organizational measures, including:

  • SSL/TLS encryption

  • Access controls

  • Role-based permissions

  • Encrypted passwords

  • Daily secure backups

  • Certified data centers located in Germany

10. Changes to This Privacy Policy

We may update this policy to reflect legal, technical, or functional changes.
The latest version will always be available on our website.