Privacy Policy

Personalrampe Digital

Privacy Policy

Personalrampe Digital

Provider: <ProviderInfo />, <ProviderAddress />

Data protection email: <ProviderContact type="privacy" />

1. General

We take the protection of your personal data seriously. This Privacy Policy applies to the use of our website and our SaaS platform "Personalrampe Digital" (hereinafter "Platform") and informs you about the nature, scope and purpose of personal data we collect, use and process.

Controller within the meaning of the General Data Protection Regulation (GDPR):

<ProviderInfo />
<ProviderAddress />
Email: <ProviderContact type="privacy" />

For employee data processed on behalf of our corporate customers, we act as a data processor; in this case the respective corporate customer is the Controller.

2. Data We Process

2.1 Marketing Website (non-logged-in visitors)

When you visit our website, the following technical data is automatically transmitted:

  • IP address (anonymised where technically feasible),
  • Date and time of access,
  • URL accessed,
  • Referrer URL,
  • Browser type and operating system.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable website operation).

Retention period: 7 days (server logs), then automatic deletion.

2.2 Account Registration (Company Administrators)

When registering as a company administrator for the Platform, we collect:

  • Name and professional email address,
  • Company name and address,
  • Password (stored as bcrypt hash, never in plain text),
  • Time of registration.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

2.3 Employee Data in Personnel Files (processed on behalf of our customers)

The core function of the Platform is the digitisation, structuring and AI-supported analysis of personnel files on behalf of our corporate customers. Depending on which documents the Customer uploads, we may process in particular:

  • Identification and contact data: first and last name, internal employee ID, date of birth, address, contact details (if contained in the file),
  • Employment data: position, organisational unit, employment start and end dates, working time model, contract amendments,
  • Remuneration data: salary, bonus, allowances, bank details (IBAN), pension information (if contained in the file),
  • Performance and behaviour data: performance reviews, development meetings, warnings, feedback,
  • Absence data: sickness notifications, medical certificates, parental leave, other leave records,
  • Other HR-relevant documents that the Customer stores in personnel files.

The concrete content depends exclusively on the documents the Customer uploads.

For this processing we act as a data processor pursuant to Art. 28 GDPR. The Controller is the respective corporate customer. A Data Processing Agreement (DPA) must be concluded prior to use.

Legal basis for our customer (Controller): typically
Art. 6(1)(f) GDPR (legitimate interest of employer in HR administration and documentation) or
Art. 6(1)(b) GDPR (contract performance with employees),
in conjunction with § 26 BDSG (data processing for employment-related purposes). Where special categories of data (Art. 9 GDPR, e.g. health data) are contained in the file, the Customer must ensure a separate legal basis (e.g. Art. 9(2)(b) GDPR).

We do not decide which documents are uploaded; responsibility for lawfulness and data minimisation lies with the Customer as Controller.

2.4 OCR, Structuring and AI-Based Processing of Personnel Files

To provide our services, we process the content of uploaded personnel file PDFs as follows:

  1. OCR and text extraction

    • Uploaded PDFs are processed via OCR to extract text and layout information.
    • The extracted content is used to identify and structure information (e.g. dates, contract numbers, salary fields) into an internal data model.

  2. Structuring and rule-based analysis

    • The extracted text is structured (e.g. mapping to fields like "employment start date", "salary") and stored in our database.
    • This structured data serves as the basis for exports and AI-assisted analyses.

  3. AI-supported insights and summaries

    • For certain features, we use AI models (e.g. Microsoft Azure OpenAI) to summarise content or make it searchable for HR queries.
    • For risk-reduced operation, we aim to only transmit the minimum necessary information to the AI models and to mask certain identifiers where technically possible.

  4. "Deep AI Analysis" feature

    • The Platform offers an optional "Deep AI Analysis" feature, which allows the AI models to access more detailed content from personnel files to generate more in-depth analyses.
    • This feature is explicitly marked in the user interface and must be actively enabled by the Customer’s authorised users.
    • When this feature is enabled, detailed textual content from personnel files, including potentially sensitive data, may be transmitted to the AI models.

Legal basis (for our customer as Controller): Art. 6(1)(b) or (f) GDPR in conjunction with § 26 BDSG (HR administration, documentation, evaluation), and where applicable Art. 9(2) GDPR (special categories of data). We act as data processor; the Customer decides which features to activate and for which employees.

2.5 AI Assistant Chat

The Platform provides an AI assistant chat for HR users:

  • In the standard configuration, the assistant primarily works on structured, pseudonymised data (e.g. internal IDs, metadata) to answer questions.
  • When the Customer enables "Deep AI Analysis" and uses the assistant in this mode, the assistant may access more detailed content from personnel files to generate answers.

We record:

  • Chat prompts and model responses,
  • Technical metadata (timestamp, user ID, model used).

Legal basis (for our customer as Controller): Art. 6(1)(b) or (f) GDPR (support for HR processes) in conjunction with § 26 BDSG.

2.6 Transactional Email Communication

For sending transactional emails (account creation, invitations, notifications, password reset) we use a third-party email service provider (Mailgun, EU region). Data processed:

  • Email addresses of recipients,
  • Sending metadata (timestamp, delivery status, technical error codes).

Legal basis: Art. 6(1)(b) GDPR (contract performance).

2.7 Audit Log (User Action Logging)

The Platform maintains a complete audit log of all data changes. Each time a record is created, modified or deleted, the following is automatically logged:

  • Who performed the action (user ID, name, role – e.g. HR administrator),
  • What was changed (action type: create / update / delete, affected table and record ID),
  • When (timestamp with millisecond precision),
  • From where (IP address of the user at the time of the action).

Affected persons: HR administrators and other users of the Platform.

Purpose: Traceability and integrity of the data, protection against unauthorised changes, evidence for corporate customers about data modifications, compliance with audit requirements.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in data integrity and audit compliance); for employees additionally § 26(1) BDSG (employee data protection – logging to prevent misuse and ensure data integrity in the employment relationship).

Retention period: 1 year, then automatic deletion. Retention may be extended on documented instruction of the corporate customer (e.g. for audits).

2.8 Contract Conclusion and Consent Logging

When accepting the Terms of Service, Privacy Policy and DPA (click-wrap), the following is stored as proof of legally effective contract conclusion:

  • Timestamp of acceptance,
  • IP address of the user,
  • Browser user agent,
  • Version of documents accepted,
  • Confirmation of signing authority (for DPA).

Legal basis: Art. 6(1)(c) GDPR (legal obligation to maintain records) in conjunction with Art. 6(1)(b) GDPR.
Retention period: Duration of contractual relationship + 3 years.

2.9 Payment Processing (Polar.sh / Stripe)

Payment processing for subscription plans and per-document digitisation fees is handled by Polar Software, Inc. ("Polar.sh"), which uses Stripe, Inc. as its payment sub-processor. Polar.sh acts as Merchant of Record (MoR) and issues invoices and collects payments in its own name.

The following data is transmitted to Polar.sh and Stripe:

  • Name and professional email address of the billing contact,
  • Company name and billing address,
  • Payment card information (processed directly by Stripe; we never receive full card numbers),
  • Invoice and transaction history.

Important: No employee data from personnel files or AI analyses is transmitted to Polar.sh or Stripe. Only the billing contact's data is affected.

Legal basis: Art. 6(1)(b) GDPR (contract performance – payment processing).

Third-country transfer: Polar Software, Inc. and Stripe, Inc. are headquartered in the USA. The transfer is based on the EU–US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs).

Retention period: As required by applicable commercial and tax law (typically 10 years in Germany).

3. Service Providers (Sub-Processors)

We use the following sub-processors with whom Data Processing Agreements (DPAs) have been concluded:

ProviderPurposeServer location / Region
Vercel Inc.Web application hostingFrankfurt, Germany (EU)
Supabase Inc.Database, authentication, storage, backendFrankfurt, Germany (EU)
Microsoft Azure (Azure OpenAI Service)OCR, text extraction and AI-based processing of contentEU Data Zone (e.g. Germany West Central)
Mailgun TechnologiesTransactional email deliveryEU (e.g. Ireland)
Upstash, Inc.Redis-based background job queue (BullMQ)AWS eu-central-1 (Frankfurt, EU)
Oracle CorporationExecution of background workers (OCR, text extraction and AI routing)Frankfurt, Germany (region "eu-frankfurt-1", EU)
Polar Software, Inc.Subscription & payment management (Merchant of Record)USA (with EU–US DPF / SCCs)
Stripe, Inc.Payment processing (via Polar.sh)USA (with EU–US DPF / SCCs)

We ensure that only the minimum necessary personal data is transmitted to these providers. For background job processing (BullMQ), we use DigitalOcean LLC as a hosting provider in their Frankfurt (FRA1) region. Background workers running on DigitalOcean process personnel file contents and extracted text as part of the OCR and AI analysis pipeline.

4. Cookies and Tracking

Technically necessary cookies

Our Platform uses exclusively technically necessary cookies to:

  • Maintain the login session (session cookie),
  • Provide CSRF protection and security-related functions.

These cookies do not require consent pursuant to Art. 5(3) ePrivacy Directive.

Analytics

No analytics tool is currently in use. This policy will be updated if one is introduced.

5. Data Security

We employ the following technical and organisational measures (TOMs):

  • Encryption: All data is transmitted via HTTPS/TLS (current versions).
  • Database access: Row-Level Security (RLS) in Supabase, access only with valid JWT.
  • Password hashing: bcrypt with appropriate cost factor; passwords never stored in plain text.
  • Infrastructure: All core components of the Platform (database, application, storage) are hosted on EU servers (e.g. Frankfurt).
  • Access control: Principle of least privilege; role-based access control for Customer users.
  • Backups: Daily automated backups with 30-day retention (Supabase).
  • Audit log: Complete logging of all data changes with user ID, IP address and timestamp; retention 1 year.
  • Consent records: All contract conclusions (ToS, DPA) logged with IP address, timestamp and document version.
  • AI processing: Use of EU data zones for AI services where available; minimisation of personal data in prompts and best-effort masking of certain identifiers.

6. Retention Periods

Data categoryRetention period
Server logs (website)7 days
User account (administrator)Duration of contractual relationship + 3 years
Employee data in personnel files (on behalf)Until deletion instruction by customer, at most 30 days after contract end
OCR and AI intermediate resultsAs long as necessary for processing job; then deletion or aggregation
Email delivery logs30 days
Audit log (user actions incl. IP)1 year, extendable on customer instruction
Consent log (contract conclusion incl. IP)Duration of contractual relationship + 3 years
Billing data (Polar.sh / Stripe)As required by commercial / tax law (typically 10 years)

The Customer can instruct us to delete individual data earlier, provided that no legal retention obligations stand in the way.

7. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object (Art. 21 GDPR).

Please direct requests to: <ProviderContact type="privacy" />

We respond to requests within the statutory period (usually 1 month).

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the authority of your place of residence or our place of business.

8. Note for Employees of Our Customers

If your employer uses Personalrampe Digital, we process your data as a data processor on behalf of your employer. For requests to exercise your rights (access, rectification, deletion, etc.), please contact your employer directly, who acts as the data controller. We are not allowed to process such requests independently without instructions from your employer.

9. Currency of this Privacy Policy

This Privacy Policy is currently valid as of June 2026. We reserve the right to update this policy as necessary. The current version is always available on our website.

This document is current as of March 2026. For the most recent version, please contact us at privacy@personalrampe.com