Privacy Policy

1. Name and address of the controller

Janik Kofler
Staatsstraße 9
39020 Kastelbell (BZ)
Italy
E-Mail: kofler.janik@cellarxpert.it
(Full details can be found in our legal notice)

2. General principles of data processing

We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. Processing is carried out on the basis of statutory provisions. We protect our website and other systems through technical and organizational measures against loss, destruction, access, modification, or distribution of your data by unauthorized persons.

3. Provision of the website and creation of server log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device. The following data is collected:

• User's IP address
• Date and time of access
• Page requested/name of the requested file
• Amount of data transferred
• Message indicating whether the request was successful
• Browser type and version
• User's operating system
• Referrer URL (the previously visited page)

The storage of this data in log files is necessary to ensure the functionality of the website and to defend against attacks. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR (our legitimate interest in the secure and functional operation of our online offering). The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

4. Contact form and email contact

When you use our contact form, the data you enter there (company, contact person, email, telephone, selected package, your message) is transmitted to us and stored.

The processing of this data is carried out to process your request on the basis of Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures).

If your request results in the conclusion of a contract, your data will continue to be stored for the purpose of fulfilling the contractual relationship and complying with legal obligations (e.g. tax retention periods). The legal basis for this is Art. 6 para. 1 lit. b and c GDPR. If no contractual relationship is established, your data will be deleted as soon as the purpose of the request has been fulfilled and there are no statutory retention obligations to the contrary.

5. Cookies

Our website uses only technically necessary cookies. Cookies are small text files stored on your device that are required for the basic functionality of the site (e.g., to provide sessions). The legal basis for the use of technically necessary cookies is our legitimate interest in providing our services in a technically error-free manner in accordance with Art. 6 para. 1 lit. f GDPR. No analytics or marketing cookies are set.

6. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser bar.

7. Use of Google Fonts

We use Google Fonts on our website to ensure uniform font display. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our site, your browser loads the required web fonts into your browser cache to correctly display texts and fonts. For this purpose, your browser must establish a connection to Google’s servers. In this way, Google becomes aware that our website has been accessed via your IP address. It is possible that further data will be transmitted to Google servers in the USA.

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give via our cookie consent banner. This serves the legitimate interest of a uniform and appealing presentation of our online offers. You can withdraw your consent at any time.

For more information on Google Fonts, please visit https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=en.

8. Your rights as a data subject

Under the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as, if applicable, the right to rectification, blocking, or deletion of this data. You also have the right to restrict processing, the right to object to processing, and the right to data portability. To exercise these rights or for further questions on the subject of personal data, you can contact us at any time at the address given in the legal notice.

9. Right to lodge a complaint with the competent supervisory authority

In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues in Italy is the "Garante per la protezione dei dati personali". The contact details can be found on the authority’s website: https://www.garanteprivacy.it/.

10. Use of the CellarXpert Software (Registration, Accounts, Login)

For the use of the CellarXpert software, the user account is manually created by the provider. The following personal data is processed:

• Username (assigned by the provider)
• Email address
• Roles and permissions
• Date of account creation
• Password hash (never stored in plain text)

Upon first login, the user is required to change the initial password. The provider has no access to the newly set password. The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract).

11. Authentication via Keycloak

We use Keycloak for authentication and user account management, operated on our own servers within our Docker infrastructure. Keycloak processes the following data:

• Username
• Encrypted password
• Session and access tokens
• Roles/permissions

No data is transferred to external third parties. The legal basis is Art. 6(1)(b) GDPR and Art. 32 GDPR (security of processing).

12. Hosting & Infrastructure via Hetzner

Our servers, databases, and the entire software infrastructure (including Keycloak, Docker, PostgreSQL, and mail server) are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server location is within the EU.

We have concluded a data processing agreement (DPA) with Hetzner in accordance with Art. 28 GDPR. Domain management is handled by Netsons S.r.l., which does not process any personal user data. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure operation) and Art. 28 GDPR.

13. Demo Environment (demo.cellarxpert.it)

We operate a publicly accessible demo version of our software at demo.cellarxpert.it. All data entered is completely and irreversibly deleted every day at 02:00 AM.

• Sample data such as wines, storage locations, and stock levels
• User-entered demo data
• Technical logs
• IP address at access

The purpose of processing is to provide a test environment. The legal basis is Art. 6(1)(f) GDPR. The storage period is a maximum of 24 hours.

14. Storage Duration & Backups / Data Processing Agreement

Personal data is stored only as long as necessary to fulfil the contract or comply with legal obligations. To ensure data integrity, we perform regular backups that are automatically overwritten after a maximum of 7 days.

Where we process personal data on behalf of the customer (e.g. stock data, price lists, movement data), this is carried out on the basis of a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR, which forms part of the contractual relationship.