gaeb2excel.online logo

    Privacy Policy

    Controller:

    The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

    Todor Dimitrov (Individual provider of the web app gaeb2excel.online)
    Grünwalder Straße 11
    81547 Munich
    Germany
    Email: info@gaeb2excel.online
    or: Contact form

    A data protection officer has not been appointed as the operation is private and small in scale, and there is no legal obligation to do so.

    Data Processing when Visiting the Website

    When you visit this website (gaeb2excel.online), technical access data is automatically collected by our web server in so-called server log files. This data includes, for example, the IP address of the accessing device, date and time of access, requested file/page, browser type, and operating system. The collection of this information is technically necessary to deliver the website and to ensure the stability and security of operations (e.g., detection of attacks).

    Purpose and Legal Basis:

    The processing of this access data is technically necessary to deliver the website and ensure the stability and security of our service (e.g., to detect and prevent attack attempts). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure, trouble-free operation). We do not use the log data to draw conclusions about your person. No merging with other data sources takes place.

    Storage Period:

    Server log files are only stored for a short period and are usually automatically deleted after 7 days at the latest (unless a security-relevant incident requires longer retention).

    Data Processing when Using the File Upload Function

    When you use the web app and upload a GAEB file, we process the file data you provide. This includes the file itself and all information contained therein (e.g., position texts, prices, quantities). Providing a GAEB file is necessary for using the conversion function; without this file, no conversion can take place.

    The processing takes place as follows:

    • File Conversion:
      Your uploaded GAEB file is received on our server and processed for the purpose of conversion to Excel format. The file contents are read and transferred to the Excel format. We then make the converted Excel file available for you to download.
    • Temporary Storage:
      The original GAEB file and the generated Excel file are only temporarily stored on the server in order to perform the conversion and to allow you to download them again if necessary. The original file is not permanently stored. Uploaded files and the resulting Excel files are automatically deleted from our server after 24 hours at the latest. Your file will not be viewed by third parties or published (unless there is a legal obligation to do so, which is not normally the case).
    • Anonymized Analysis (optional):
      Only if you have explicitly consented, we use certain information from your uploaded file in anonymized form for statistical evaluations and to improve our service. For example, this allows us to track which types of entries are most frequently converted or determine typical price ranges. Personal data is not stored or published in this process. Any identifying information in the files (e.g., names of contacts, company names, addresses in the GAEB data) is removed or made unrecognizable before any evaluation, so that no conclusions can be drawn about your person or specific projects. We use the anonymized data sets to optimize our service, analyze statistical trends, and further develop our offering. (Note: The use of anonymized data may include their future use in extended functions or offerings of our service. However, these will always remain within the scope of the purposes mentioned and will be carried out without personal reference.)

    Important: If you do not consent to the anonymized data analysis, your uploaded files will be used exclusively for immediate conversion and then deleted as described. The web app can be used in full without consenting to the data analysis - there will be no evaluation of your file contents beyond the conversion.

    Legal Bases for Processing

    For the processing of your data, we rely on the following legal bases of the General Data Protection Regulation (GDPR):

    • Performance of a Contract (Art. 6(1)(b) GDPR): The processing of the uploaded file and its contents for the purpose of conversion to Excel is carried out to provide the service you requested. By voluntarily uploading the file, an implied free-of-charge usage contract is established between you and the operator, the main service of which is file conversion. Without processing the provided GAEB file, we could not fulfill this "contract".
    • Consent (Art. 6(1)(a) GDPR): The further evaluation and storage of file contents for analysis purposes (anonymized data processing beyond the actual conversion) takes place exclusively with your explicit consent. We request this consent separately in the upload process via an option checkbox (see note on checkbox below). If you do not give this consent, we will use the file contents only for direct conversion and then delete them completely. You therefore decide voluntarily whether you agree to additional anonymized data use. Your consent is not a prerequisite for using the web app as such (see also the prohibition of coupling in Art. 7(4) GDPR - we do not make the service dependent on the additional consent).

    Note: You can of course withdraw your consent at any time (see your rights as a data subject below). A withdrawal does not affect the lawfulness of processing already carried out, but it does mean that we will no longer use your future data for analysis purposes. If technically possible, we will also remove previously stored anonymized information at your request, insofar as this exceptionally still has a personal reference or can be clearly assigned to you.

    Storage Duration and Deletion

    We store personal data only as long as necessary for the respective purposes. Specifically:

    • Uploaded Files: Your GAEB file remains on the server only for the duration of the conversion and a short retention period. The original file is automatically deleted at the latest 24 hours after upload.
    • Converted Excel File: The generated Excel file is available for you to download and is also not permanently stored on our server. It is usually deleted shortly after retrieval, but at the latest after 24 hours. Please download the file in good time and save it locally.
    • Anonymized Evaluation Data: Information that we have obtained anonymously from the files (e.g., statistical values, aggregated content without personal reference) can in principle be stored and used indefinitely, as this is not personal data within the meaning of the GDPR. If, in exceptional cases, a personal reference can still be established from the stored data, we will either immediately anonymize such data or - at your request - delete it. In the event of a withdrawal of your consent, we will also delete or anonymize all data covered by the consent that can still be identified, so that a personal reference is excluded.

    No Disclosure to Third Parties

    Your personal data is generally not shared with third parties, unless this is necessary in individual cases or required by law:

    • For Contract Performance: If external service providers are used to carry out the conversion or provide the web app (see hosting provider below), they receive access to data to the extent necessary. In our case, files and technical data are transmitted to the server operated by a service provider. However, this provider acts strictly according to our instructions.
    • With Your Consent: Without your consent, no optional data will be shared with third parties. (For clarification: The anonymized evaluation of your file contents is carried out only internally by us; we do not sell or share any personal or anonymized individual data sets with external entities.)
    • Due to Legal Obligations: In rare cases, we are legally obliged to provide information or pass data to authorities, e.g., in the context of criminal investigations. In such cases, we would disclose data exclusively to the authorized state authorities and - if permissible - inform you about it.

    The operation of the web app is carried out with the help of an external hosting service provider. This provider makes the server infrastructure available on which our website and conversion service run. As part of this hosting, the above-mentioned data (e.g., temporarily stored files, log files) are technically processed by the hosting provider. The server location is in Germany (or within the EU), so there is no transfer of personal data to third countries.

    Cookies and Tracking

    This website does not use tracking or analytics cookies from third parties. We do not use services like Google Analytics or similar. Only technically necessary cookies are used, if these are essential for the operation of the web app (e.g., a session cookie to maintain your session during file conversion). Such cookies do not contain personal profiles and are usually automatically deleted after the end of your visit (closing the browser).

    A cookie banner or cookies requiring consent are not necessary, as we only use essential cookies and no advertising or external tracking takes place.

    Data Security

    We take appropriate technical and organizational measures to protect your data from unauthorized access and loss (Art. 32 GDPR). The transmission of the website and uploaded files is encrypted via SSL/TLS (recognizable by "https://" and the lock symbol in the browser). This protects your inputs and uploads from being read by third parties during transmission.

    Our servers are configured so that the files are not publicly accessible - access is exclusively via an individually generated, cryptographically secure token. During upload, each file is assigned a one-time access token that is only valid for a fixed period (for example, 24 hours). Only those who possess this token can use the download link to access the file.

    In addition, only the operator has access to the uploads, and there are further access controls. Updates and security patches are regularly installed to ensure an up-to-date level of protection. Uploaded files are not stored in publicly accessible server areas, but are placed in a protected directory. In addition, the files are routinely deleted after a short time (see above) to avoid unnecessary data storage.

    No Automated Decision-Making

    There is no automated decision-making or profiling within the meaning of Art. 22 GDPR. This means there are no algorithms that make decisions about your data without human intervention that could have legal effects on you or significantly affect you. All data processing serves the purposes mentioned above and does not include an evaluation of your person.

    Rights of Data Subjects

    As a data subject within the meaning of the GDPR, you have the following rights, which you can assert against the controller mentioned above:

    • Right of Access (Art. 15 GDPR):
      You have the right to obtain information about the personal data concerning you that we store. This includes information about the purposes of processing, the categories of personal data, the recipients, and the planned storage period or the criteria for determining it.
    • Right to Rectification (Art. 16 GDPR):
      You have the right to request the immediate rectification of inaccurate or incomplete personal data.
    • Right to Erasure (Art. 17 GDPR):
      You can request the erasure of your personal data if the legal requirements are met. This is the case, for example, if the storage purpose no longer applies or you have withdrawn a given consent. Please note that the right to erasure does not apply to anonymized data, as this no longer has a personal reference - such information cannot therefore be assigned to specific persons and cannot be deleted on request.
    • Right to Restriction of Processing (Art. 18 GDPR):
      Under certain conditions (e.g., if the accuracy of the data is disputed or the processing is unlawful), you have the right to request the restriction of processing. Then we may only process your data - apart from storage - in a very limited way.
    • Right to Data Portability (Art. 20 GDPR):
      You have the right to receive the personal data you have provided to us, which we process on the basis of your consent or for the performance of a contract, in a structured, commonly used and machine-readable format, or - at your request, where technically feasible - to request the transfer to a third party.
    • Right to Object (Art. 21 GDPR):
      Insofar as we process data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. In this case, we will not further process your data unless we can demonstrate compelling legitimate grounds that override your interests.

    Note: Since we process personal data on the basis of legitimate interests only to a very limited extent (e.g., IP addresses in log files for security), an objection can usually be implemented by deleting/anonymizing this data.

    In addition, you have the right to withdraw consents given at any time (Art. 7(3) GDPR). This means: If you have given us consent to data processing (e.g., for the anonymized analysis of your file contents), you can withdraw this consent at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing already carried out, i.e., data processing until the time of withdrawal remains legal. After a withdrawal, however, we will no longer use the data concerned and - if still personal - delete it. If, for example, you subsequently wish us to no longer consider certain content obtained from your file in our database, you can request this. Since we do not maintain user accounts, in such a case we ask for an indication of which file or upload was affected (e.g., date of upload or specific details of the file), so that we can locate and remove the associated data.

    To exercise your rights, you can contact us informally by email (info@gaeb2excel.online). Please provide sufficient information so that we can assign and answer your request. If we receive requests regarding your rights, we will process them in accordance with the legal requirements and respond within the legal deadlines.

    Right to Lodge a Complaint

    If you believe that the processing of your personal data by us violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You can do this with the authority responsible for us or with the authority in the EU member state of your residence.

    The authority responsible for us is likely to be the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27 (Schloss), 91522 Ansbach, Germany. You can contact this authority by post or via the website https://www.lda.bayern.de.

    Alternatively, you can also contact any other data protection authority, which will then forward your complaint accordingly.

    Additional Information

    We reserve the right to update this privacy policy as needed to accommodate changes to the web app or new legal requirements. The current version is always available via the "Privacy Policy" link on our website.

    If you have any questions or concerns about data protection, you can contact us at any time at the email address provided.

    (Version of this privacy policy: April 2025)