Skip to main content

Privacy Policy

Last updated: May 2026

The German version of these terms is legally binding. This English translation is provided for informational purposes only.

§ 1 Data Controller

The data controller for the processing of personal data through this Portal is: Stington & Partner Legal GmbH, Sinserstrasse 67, c/o Nerox Holding GmbH, 6330 Cham ZG, Switzerland. Email: contact@fairsync.org.

§ 2 Applicable Data Protection Framework

This Portal is operated by a Swiss entity and targets users in the European Union, in particular Germany. Accordingly, the following data protection frameworks apply:

  • The General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) applies pursuant to Article 3 para. 2, as the Provider offers services to data subjects in the EU.
  • The Swiss Federal Act on Data Protection (nDSG / FADP) applies as the law of the Provider's place of establishment.

This Privacy Policy addresses the requirements of both frameworks. Where they diverge, the stricter standard applies.

§ 3 Legal Basis for Processing

Personal data is processed on the following legal bases:

  • Art. 6 para. 1 lit. b GDPR — processing necessary for the performance of the License Agreement or in order to take steps prior to entering into a contract.
  • Art. 6 para. 1 lit. f GDPR — processing necessary for the purposes of legitimate interests pursued by the Provider, in particular: fraud prevention and portal security.
  • Art. 6 para. 1 lit. c GDPR — processing necessary for compliance with legal obligations, in particular tax and accounting retention requirements.
  • Art. 6 para. 1 lit. a GDPR — where the Customer has given explicit consent, in particular with respect to the acknowledgment that the right of withdrawal lapses upon delivery commencement.

§ 4 Categories of Personal Data Collected

We collect and process the following categories of personal data, each limited to what is necessary for the stated purpose:

  • Email address — purpose: payment confirmations, invoice delivery, portal access links, installment reminders, license expiry and extension notifications, and essential communication regarding the license.
  • First and last name — purpose: invoice issuance, contract identification, and legal documentation. Collected via Stripe during payment.
  • Billing address (street, city, postal code, country) — purpose: VAT determination, invoice issuance, and legal documentation. Collected via Stripe during payment.
  • VAT identification number (if provided) — purpose: determination of reverse charge eligibility for EU business customers.
  • IP address — purpose: legal record of terms acceptance and consent, fraud prevention, rate limiting, and portal security. Recorded at the time of purchase confirmation.
  • Browser user agent string — purpose: legal record of terms acceptance (technical environment documentation) and technical troubleshooting.
  • Portal interaction data (timestamps of page views, actions taken, authentication events) — purpose: legal documentation, audit trail, and service integrity.
  • Payment metadata (selected plan, payment method, amounts, dates, transaction status) — purpose: contract performance, accounting, and installment tracking.

§ 5 Payment Processing — Stripe as Data Processor

Payments are processed by Stripe Payments Europe, Ltd. (for EEA transactions) and Stripe, Inc. (US parent company), acting as data processors pursuant to Art. 28 GDPR.

A data processing agreement in accordance with Art. 28 GDPR is in place between the Provider and Stripe.

Stripe may transfer personal data to the United States. Such transfers are based on the EU-U.S. Data Privacy Framework adequacy decision and, where applicable, Standard Contractual Clauses (SCCs) pursuant to Art. 46 para. 2 lit. c GDPR.

For details on Stripe's data handling, please refer to Stripe's privacy policy at https://stripe.com/privacy.

§ 6 Data NOT Stored on Our Servers

The following categories of sensitive data are NOT stored on the Provider's servers. They are held exclusively by Stripe as payment processor:

  • Payment card numbers and security codes
  • Bank account numbers (IBAN) and routing information

The Provider never has access to full payment instrument data. All payment processing occurs within Stripe's PCI DSS Level 1 certified environment.

§ 7 Data Retention

  • Financial and tax records: retained for 10 years from the end of the relevant fiscal year, in compliance with Swiss commercial law (Art. 958f OR) and, where applicable, German tax law (§ 147 AO, § 257 HGB).
  • Contract and consent documentation (including terms acceptance records with IP address and user agent): retained for the duration of the applicable limitation period — 10 years under Swiss law (Art. 127 OR) or 3 years under German law (§ 195 BGB), whichever is longer, starting from the end of the year in which the contract was concluded.
  • Portal interaction and access logs: retained for up to 10 years as evidence of terms acceptance and for the defense of legal claims.

After the expiration of the applicable retention period, personal data is deleted or irreversibly anonymized, unless a longer retention is required by law.

§ 8 Cookies and Similar Technologies

The Portal uses only technically necessary cookies: a session cookie for authentication (maintaining your logged-in state during a visit) and a language preference cookie.

No tracking cookies, analytics cookies, advertising cookies, or third-party cookies are used. The Portal does not use any web analytics tools.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in providing a functional and secure portal). Pursuant to § 25 para. 2 TDDDG (Germany), no consent is required for strictly necessary cookies.

§ 9 Your Rights

Under the GDPR and the Swiss FADP, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR / Art. 25 nDSG) — you may request information about whether and which personal data we process about you.
  • Right to rectification (Art. 16 GDPR / Art. 32 para. 1 nDSG) — you may request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) — you may request deletion of your personal data, subject to mandatory legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) — you may request restriction of processing under certain conditions.
  • Right to data portability (Art. 20 GDPR) — you may request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) — you may object to processing based on legitimate interests at any time, for reasons relating to your particular situation.

To exercise any of these rights, please contact us at: contact@fairsync.org. We will respond within one month of receipt of your request.

§ 10 Right to Lodge a Complaint

You have the right to lodge a complaint with a competent data protection supervisory authority.

For Switzerland: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), Feldeggweg 1, 3003 Bern, Switzerland.

For EU/EEA users: you may lodge a complaint with the supervisory authority of your country of habitual residence or place of work. For Germany, this is the data protection authority of your federal state (Landesdatenschutzbeauftragte).

§ 11 Automated Decision-Making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place on this Portal. All decisions with legal or similarly significant effects on the Customer are made with human involvement.

§ 12 Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 GDPR and Art. 8 nDSG.

All data transmissions between your browser and our servers are encrypted via TLS (Transport Layer Security). Payment data is processed exclusively within Stripe's PCI DSS Level 1 certified environment.

Access to personal data is restricted to authorized personnel on a strict need-to-know basis.

§ 13 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our processing activities, or our services. The current version is always available on this Portal with the date of last update indicated at the top.