Privacy Policy - Dashboard Manager

1. At a Glance

This privacy policy explains how Dashboard Manager processes personal data when you use the platform as an employee, administrator, or tenant representative.

Which parties act as controllers and how to reach them.
Which categories of personal data are processed within Dashboard Manager.
For which purposes, on what legal basis, and for how long data is stored.
Which processors are involved and which data protection rights you can exercise at any time.

2. Controllers

Dashboard Manager operates as a multi-tenant service. Your organisation remains the controller for all content, user administration, and HR-related data. Dashboard Manager acts as a technical processor on behalf of the tenant.

The specific responsible organisation results from your service agreement or invitation to Dashboard Manager.

Technical Service Provider (Dashboard Manager)
Dashboard Manager, Hansemannplatz 1, 52062 Aachen, Germany. Contact: [email protected]

3. Categories of Personal Data

Basic data: name, email address, user ID, preferred language, roles and permissions.
Organisation and contract data: tenant, location, teams, cost centres, approval workflows.
HR and workforce data: vacation and sick-leave records, time tracking entries, tasks, reports, uploaded documents.
Communication data: chat messages, comments, notifications, approval notes.
System and support data: login timestamps, truncated IP segments, device and browser information, error logs, support tickets.
Configuration data: language preferences, dashboard layouts, calendar and filter settings.

4. Purposes & Legal Bases

Processing is carried out pursuant to Art. 6 (1) lit. b GDPR (performance of a contract), Art. 6 (1) lit. c GDPR (legal obligations), and Art. 6 (1) lit. f GDPR (legitimate interests in security, support, and product development).

Provision of platform functionality (e.g. leave management, time recording, task management, chat).
Authentication, authorisation, and secure session handling including necessary cookies.
Convenience features such as language preferences, dashboards, calendar and filter presets.
Operation, troubleshooting, performance monitoring, and abuse prevention.
Compliance with statutory retention, documentation, and reporting obligations and support for the tenant in employment-related processes.

5. Cookies & Language Preferences

We only use cookies that are technically required. These include session cookies for secure login, tokens against cross-site request forgery, and optional preference cookies. You can delete persistent cookies in your browser; without session cookies you cannot sign in.

Session cookies for authentication (removed after logout or automatic session expiry).
CSRF and security cookies protecting against manipulation.
Optional preference cookies (e.g. interface language or recent calendar selections).

6. Location & Log Data

To maintain security we process IP-related data only in truncated or pseudonymised form.

Storage of partial IP addresses, timestamps, tenant and user IDs for successful and failed sign-ins (default retention: 90 days).
Deriving an anonymised country code from infrastructure headers (e.g. Cloudflare) to propose the correct language and detect abuse.
Technical event logs (error codes, latency, browser version) for stability and performance monitoring (default retention: 30 days).
Support and maintenance logs where you raise a ticket or request assistance.

7. Recipients & Processing on Our Behalf

Data is processed exclusively within the EU/EEA. Transfers to third countries take place only when an adequacy decision or appropriate safeguards (such as EU Standard Contractual Clauses) exist.

Hosting and infrastructure partners within the EU providing servers, databases, and backups.
Content delivery and security services (e.g. web application firewall, DDoS protection) safeguarding the platform.
Transactional email or push notification providers for system messages.
Support and maintenance partners who may obtain limited administrative access under strict confidentiality agreements.

8. Retention & Deletion

Personal data is stored only as long as required for contract performance, statutory retention (e.g. employment, commercial, or tax law), or to establish, exercise, or defend legal claims. Security logs are typically removed after 90 days; rolling backups are overwritten after a maximum of 30 days. Once a user account is deleted, production data is removed immediately and remaining backup copies expire automatically.

9. Security & Confidentiality

We use state-of-the-art encryption (TLS) for data in transit, role-based access control for stored data, and tight administrative access governed by logging and regular reviews. Updates, penetration testing, incident response and backup procedures protect confidentiality, integrity, and availability.

10. Responsibilities of the Organisation

Your organisation remains the controller for all workforce and business data you manage in Dashboard Manager.

Ensuring a lawful basis for processing (e.g. employment contract, works council agreement).
Responding to data subject requests within statutory deadlines and documenting the outcome.
Maintaining deletion and retention schedules and cleansing data in line with HR, legal, and compliance requirements.
Exporting or backing up information if statutory retention outside the platform is necessary.

11. Your Data Protection Rights

Data subjects may exercise the following rights at any time. We support your organisation in handling these requests.

Right of access to personal data processed about you (Art. 15 GDPR).
Right to rectification of inaccurate or incomplete data (Art. 16 GDPR).
Right to erasure (Art. 17 GDPR) where statutory retention does not prevail.
Right to restriction of processing (Art. 18 GDPR) and right to object (Art. 21 GDPR).
Right to data portability in a structured, commonly used, machine-readable format (Art. 20 GDPR).
Right to withdraw consent with effect for the future.
Right to lodge a complaint with a competent supervisory authority.

12. Updates to this Privacy Policy

We review and update this privacy policy regularly. Last update: 01.02.2025.

13. Contact

For data protection enquiries please contact the Dashboard Manager privacy team:

Email: [email protected]