Privacy Policy
Last updated: May 2026
1. Who we are
Techventura GmbH ("Plandesk", "we", "us") is the data controller for personal data collected through our website at plandesk.io and our platform (the "Service").
Techventura GmbH
Oberhafenstraße 1
20097 Hamburg, Germany
Amtsgericht Hamburg, HRB 168980
Data protection contact: hello+dpo@plandesk.io
Supervisory authority: Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI) — datenschutz.hamburg.de
2. What data we collect
| Category | Examples | Why |
|---|---|---|
| Identity | Name, job title | Account creation and invoicing |
| Contact | Email, phone, billing address | Service delivery and support |
| Account | Company name, VAT number, country | Workspace configuration |
| Usage | Pages visited, features used, click events | Product improvement |
| Device | IP address, browser type, OS | Security and fraud prevention |
| Communications | Support tickets, email threads | Customer support |
| Financial | Billing history, subscription plan | Payment processing |
We do not collect special category data (health, biometric, racial origin) unless you explicitly provide it in documents you upload to the Service.
3. Legal basis for processing
| Activity | Legal basis | GDPR article |
|---|---|---|
| Providing the Service | Performance of contract | Art. 6(1)(b) |
| Invoicing and tax records | Legal obligation | Art. 6(1)(c) |
| Security monitoring and fraud detection | Legitimate interest | Art. 6(1)(f) |
| Product analytics | Legitimate interest | Art. 6(1)(f) |
| Marketing emails | Consent | Art. 6(1)(a) |
| Compliance with Finanzamt and other authorities | Legal obligation | Art. 6(1)(c) |
4. How long we keep your data
| Data type | Retention period | Legal basis |
|---|---|---|
| Account and profile data | Duration of contract + 3 years | Dispute resolution |
| Invoices and financial records | 10 years | § 147 AO, § 257 HGB |
| Commercial correspondence | 6 years | § 257 HGB |
| Support tickets | 3 years | Legitimate interest |
| Session and device data | 30 days | Security |
| Marketing preferences | Until you withdraw consent | Art. 6(1)(a) GDPR |
| Audit logs | 10 years | Regulatory requirement |
When you close your account we delete or anonymise your personal data within 30 days, except where we are required by law to retain it longer.
5. Who we share data with
We do not sell your data. We share it only with the following categories of processors, each bound by a Data Processing Agreement (Art. 28 GDPR):
| Processor type | Purpose | Location |
|---|---|---|
| Cloud infrastructure | Hosting and storage | Germany (EU) — Hetzner |
| Payment processor | Subscription billing | EU |
| Transactional email | Account notifications | EU |
| Analytics | Aggregated product metrics | EU |
All processors are located in the European Economic Area or operate under adequate transfer mechanisms (Art. 44–49 GDPR).
6. International transfers
Our primary infrastructure runs on Hetzner servers in Germany. We do not transfer personal data outside the EEA without either an adequacy decision (Art. 45 GDPR) or Standard Contractual Clauses (Art. 46(2)(c) GDPR).
7. Your rights
Under GDPR and the German Bundesdatenschutzgesetz (BDSG) you have the following rights. To exercise any of them, email hello+dpo@plandesk.io and we will respond within 30 days.
| Right | What it means |
|---|---|
| Access (Art. 15 GDPR) | Receive a copy of all personal data we hold about you |
| Rectification (Art. 16 GDPR) | Correct inaccurate or incomplete data |
| Erasure (Art. 17 GDPR) | Request deletion — subject to legal retention obligations |
| Restriction (Art. 18 GDPR) | Limit how we process your data |
| Portability (Art. 20 GDPR) | Receive your data in JSON or CSV format |
| Object (Art. 21 GDPR) | Opt out of processing based on legitimate interest |
| Withdraw consent (Art. 7 GDPR) | Withdraw marketing consent at any time |
You also have the right to lodge a complaint with the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI) at datenschutz.hamburg.de, or with the supervisory authority of your place of residence or workplace.
8. Cookies
We use the following categories of cookies:
| Category | Purpose | Can you opt out? |
|---|---|---|
| Strictly necessary | Session management, authentication | No — required for the Service |
| Functional | Preference storage | No — required for the Service |
| Analytics | Aggregated usage metrics | Yes — via cookie banner |
| Marketing | Retargeting (plandesk.io only) | Yes — via cookie banner |
You can manage your preferences at any time via the cookie settings link in the footer.
9. Security
We protect your data with:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Role-based access control — staff access only what they need
- Audit logging of all access to personal data
- Regular security reviews
In the event of a data breach likely to affect your rights, we will notify you and the HmbBfDI within 72 hours of becoming aware (Art. 33 GDPR).
To report a security vulnerability: hello+security@plandesk.io
10. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact hello+dpo@plandesk.io and we will delete it promptly.
11. Changes to this policy
We will update this page when our practices change and notify you by email if the change is material. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
Data controller: Techventura GmbH
Address: Oberhafenstraße 1, 20097 Hamburg, Germany
Data subject requests (GDPR Art. 15–22): hello+dpo@plandesk.io
General enquiries: hello@plandesk.io