Privacy Policy
⚠️ DRAFT – not yet reviewed by a lawyer. Not yet legally binding.
1. Controller Digital Crafted GmbH, Quälkampsweg 93a, 22880 Wedel, Germany E-mail: rechte@equicard.eu · Phone: +49 4103 7037225
2. Overview EquiCard is an online register for horses (a "digital life record"). We process personal data solely to provide and securely operate the service. We do not sell data and do not use third-party advertising or tracking services.
3. Data we process a) Account data: e-mail address, password (stored only as a hash), name, language, optional profile picture, optional two-factor settings. b) Owner contact data: salutation, name, company, address, phone, contact e-mail, emergency contact. c) Horse data: master data, pedigree, health and vaccination records, feeding, location history, competition/usage data, medications, emergency information, and uploaded photos and documents. d) Usage and log data: technically necessary server logs, IP address and timestamps of login attempts (for abuse/brute-force protection).
4. Purposes and legal bases - Performance of contract / provision of the service: Art. 6(1)(b) GDPR. - IT security, abuse prevention, stability: Art. 6(1)(f) GDPR (legitimate interest). - Optional data and consents: Art. 6(1)(a) GDPR (revocable at any time). - Statutory retention obligations: Art. 6(1)(c) GDPR.
5. Cookies We use only technically necessary cookies (session/login, CSRF protection, chosen theme). No tracking or advertising cookies are set; no consent is required for these.
6. Hosting and recipients The service runs on our own servers in Germany. Data is disclosed to third parties only where necessary to perform the contract or required by law. Processors may be used for payments (if offered) and e-mail delivery; data processing agreements under Art. 28 GDPR are in place with them.
7. Retention Account data is stored until the account is deleted. Horse and document data is stored for as long as the account or the respective record exists. Log data is stored only as long as necessary for security and operation and is then deleted.
8. Your rights You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). You may withdraw any consent at any time with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority.
9. Data security Transmission is encrypted (TLS/HTTPS). Passwords are stored only as a hash. Access to your data is limited to authorised persons and systems.
10. No automated decision-making No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.
11. Changes We update this Privacy Policy when changes to the service or the legal situation require it. The version published here at the time applies.
Contact for data protection matters: rechte@equicard.eu