Privacy
The protection of your personal data is important to us. Below we inform you about which data we process when you visit our website and when you use VidiClock, for what purpose and on what legal basis this takes place. VidiClock is a cloud-based software (SaaS) for digital time tracking, duty and shift planning as well as the evaluation of hour accounts, available at https://vidiclock.com.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
VidiScope GmbH
Römerstr. 27, 89250 Senden, Germany
Register court: Amtsgericht Memmingen, HRB 22291
Managing Director: Valentin Schierhuber
Phone: +49 731 25072700
Email: datenschutz@vidiscope.com
2. General Principles of Data Processing
We process personal data exclusively in accordance with the GDPR, the German Federal Data Protection Act (BDSG) and the German Telecommunications-Telemedia Data Protection Act (TTDSG). Personal data is any information relating to an identified or identifiable natural person.
This privacy policy informs you about the type, scope and purpose of the personal data we process, both when you use our website and when you use the VidiClock product. Processing only takes place where there is a legal basis for it or where you have given your consent.
3. Hosting and Provision
Our website and the VidiClock product are hosted by an external service provider:
Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen, Germany
All servers are located exclusively in Germany. We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the hosting provider, which ensures that the data is processed on our behalf in a manner that follows our instructions and complies with data protection law.
When you access our website, the hosting provider automatically collects information in so-called server log files that your browser transmits. These are:
- IP address of the requesting computer
- date and time of access
- name and URL of the requested file
- amount of data transferred
- HTTP status code of the request
- browser type and operating system used
- referrer URL (previously visited page)
The processing of this data is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the stable, secure and trouble-free operation of our website and our service. The log files are deleted after 14 days, unless security-relevant incidents require longer retention.
4. Cookies and Local Storage
We use exclusively technically necessary cookies that are required for the operation and security of our website and application. These include:
- a session cookie to maintain your session
- a CSRF token to protect against cross-site request forgery
- a cookie to store your language preference (
locale)
In addition, we use your browser's local storage to save your display setting (theme) and your confirmation of the cookie notice.
We do not use tracking and no third-party analytics or marketing cookies. The legal basis for storing technically necessary information is § 25 (2) no. 2 TTDSG and Art. 6 (1) (f) GDPR.
5. Spam Protection / Cloudflare Turnstile
To protect our request form against automated requests (bots) and abuse, we use the Cloudflare Turnstile service. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.
When using Turnstile, technical information (in particular your IP address and characteristics of your browser) is transmitted to Cloudflare in order to distinguish between human users and automated access. According to its own statements, Cloudflare does not use any cookies for tracking purposes for Turnstile. Any transfer of data to the USA takes place on the basis of the EU standard contractual clauses or a certification under the EU-US Data Privacy Framework.
In addition, a server-side spam filter (honeypot procedure and limitation of the request frequency, so-called rate limit) is used. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is the protection of our systems against abusive and automated requests.
6. Contact and Request Form
If you contact us via our contact or request form, we process the data you provide – generally the company name, the name of the contact person, email address, telephone number and the content of your message – in order to handle and respond to your request and, where applicable, to prepare a contract.
The legal basis is Art. 6 (1) (b) GDPR (initiation or performance of a contract) as well as Art. 6 (1) (f) GDPR (legitimate interest in responding to enquiries). The data is stored for as long as is necessary to process your request and is subsequently deleted in compliance with the statutory retention periods (in particular § 257 HGB, § 147 AO).
7. Email Communication
When communicating by email, we process your email address and the content of your messages in order to get in touch with you and handle your concerns. To ensure the authenticity and integrity of our outgoing emails, we authenticate them using SPF, DKIM and DMARC. They are sent via a mail server located in Germany. The legal basis is Art. 6 (1) (b) and (f) GDPR.
8. Customer Account and Use of VidiClock (SaaS)
For the use of VidiClock, we process the data arising during registration and ongoing operation. This includes in particular login and access data, master data, company data, employee data, usage data and billing data. The processing serves to fulfil the contract concluded with your company. The legal basis is Art. 6 (1) (b) GDPR.
VidiClock is built to be multi-tenant capable: a separate database is operated for each customer company, so that the data of different customers is technically isolated from one another. The data is stored for the duration of the contractual relationship and beyond that within the scope of the statutory retention periods.
Note: Insofar as we process personal data of a customer company's employees on its behalf (e.g. working hours and duty rosters), VidiScope GmbH acts in this respect as a processor pursuant to Art. 28 GDPR. The controller in the data protection sense is in this case the respective customer company. The details are governed by a separate data processing agreement.
9. Payment Processing
Online payment processing is currently not active. Should we integrate a payment service provider (e.g. Stripe or SumUp) in the future, we will update this privacy policy accordingly and inform you about the associated data processing.
10. Disclosure of Data to Third Parties
Your personal data is only disclosed to third parties if you have consented, if this is necessary for the performance of a contract, if there is a legal obligation, or if a legitimate interest justifies the disclosure. Insofar as we use service providers who process data on our behalf, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.
11. Data Transfer to Third Countries
Personal data is only transferred to countries outside the European Union or the European Economic Area if an adequacy decision by the European Commission exists, if appropriate safeguards (in particular EU standard contractual clauses) are in place, or if one of the conditions of Art. 49 GDPR is met.
12. Your Rights
Within the scope of the statutory requirements, you have the following rights with regard to the personal data concerning you:
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR)
- right to object to processing (Art. 21 GDPR)
- right to withdraw consent given (Art. 7 (3) GDPR)
To exercise your rights, please contact datenschutz@vidiscope.com.
13. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to other remedies, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
14. Changes to This Privacy Policy
We adapt this privacy policy as soon as changes to our data processing or changed legal frameworks make this necessary. You can always find the current version at https://vidiclock.com/datenschutz.
Last updated: June 2026