Legal Document ยท GDPR / DSGVO

Privacy Policy

This Privacy Policy explains how Fahrnex processes personal data for website visits, account access, customer support, billing, and operation of the cloud-based SaaS platform.

Effective / Last UpdatedJuly 2, 2026
RegulationGDPR / DSGVO
JurisdictionGermany ยท Hesse
GDPR CompliantTLS EncryptedConsent-Based Analytics
01

Controller & Contacts

Controller

Fahrnex

ย 

Owner:

Umme Hanna Meskat

Address

Birkenallee 30

36037 Fulda

Germany

Privacy Contact

Questions regarding this Privacy Policy or personal data processing may be sent to:

ย 

privacy@fahrnex.de

Supervisory Authority

Der Hessische Beauftragte fรผr Datenschutz und Informationsfreiheit

ย 

Website:

https://datenschutz.hessen.de

02

Processing Activities And Legal Bases

Website, contact, and demo requests

Data: Name, email address, optional phone number, company, job title, fleet size, message content, preferred contact channel, language, and technical request metadata.

Purpose: Responding to enquiries, preparing demos, qualifying Enterprise requests, and keeping sales/support context.

Legal basis: Art. 6(1)(b) GDPR for pre-contractual requests and Art. 6(1)(f) GDPR for business communication and service security.

Retention: Enquiries are kept while the request is active and then retained only as needed for business documentation or legal obligations.

Account, authentication, and security

Data: Name, email, password hash, session cookies, email verification state, password reset tokens, role, locale, login/session activity, and admin acting-user context.

Purpose: Creating accounts, signing users in, protecting accounts, sending verification/password emails, and preventing misuse.

Legal basis: Art. 6(1)(b) GDPR for account delivery and Art. 6(1)(f) GDPR for security and abuse prevention.

Retention: Account data is kept while the account exists. Security logs and reset/verification tokens are limited according to operational need.

Vehicle operations

Data: Vehicle details, VIN lookups, mileage, reminders, service logs, expenses, uploaded documents, document metadata, telemetry provider settings, and related support history.

Purpose: Providing the Fahrnex SaaS features for vehicle maintenance, reminders, documents, expenses, analytics, telemetry, and support.

Legal basis: Art. 6(1)(b) GDPR for product delivery and Art. 6(1)(f) GDPR for product reliability and support.

Retention: Vehicle and document records remain available while the account is active or until the user deletes them, subject to legal retention duties.

Consent-based website and product analytics

Data: Aggregated event names, public page paths, referrer domain, campaign parameters, inferred visit intent, device/browser category, language, account identifiers where applicable, timestamps, limited non-sensitive metadata such as plan type or feature category, and Google Analytics 4 measurement data where visitors opt in.

Purpose: Understanding public-page interest, campaign performance, feature usage, reliability, conversion, and support demand. Google Analytics 4 should load only after analytics consent, while non-essential advertising and retargeting storage remain disabled.

Legal basis: Art. 6(1)(a) GDPR for consent-based analytics and Art. 6(1)(f) GDPR for product improvement, operational insight, and service reliability where data is processed without non-essential cookies.

Retention: Analytics events are kept only as long as needed for product and operational reporting, then aggregated or deleted according to the retention policy.

Billing, subscriptions, and invoices

Data: Plan, subscription status, invoice data, billing name, billing email, payment preferences, Stripe checkout references, refund claims, and invoice PDFs.

Purpose: Managing paid plans, invoices, refunds, payment confirmation emails, and accounting records.

Legal basis: Art. 6(1)(b) GDPR for billing performance and Art. 6(1)(c) GDPR for statutory tax/accounting duties.

Retention: Commercial and accounting records may be retained for statutory retention periods, commonly up to 10 years in Germany depending on record type.

Support tickets and notifications

Data: Ticket subject, category, priority, messages, assigned admin, notification settings, notification logs, and reply history.

Purpose: Providing customer support, documenting support actions, and sending support replies or reminders.

Legal basis: Art. 6(1)(b) GDPR for support related to the service and Art. 6(1)(f) GDPR for support quality and dispute documentation.

Retention: Support records are kept while needed for customer service, product quality, and legal defence.

03

Service Providers And Data Recipients

The specific providers used by Fahrnex may change over time. This section describes provider categories rather than individual vendors unless legally required.

Fahrnex uses service-provider categories only where needed to host, operate, secure, support, analyze, and improve the service. These providers process personal data only to the extent necessary for the relevant service.

Cloud hosting and storage providers

Hosting the backend application, databases, file storage, operational monitoring, and related security controls.

EU/EEA regions are used where reasonably available for production workloads.

Frontend hosting and delivery providers

Serving the public website and web application, including static assets and deployment-related processing.

Content delivery may involve global infrastructure depending on visitor location and provider configuration.

Payment service providers

Processing payment checkout, subscription references, billing workflows, invoices, refunds, and related payment events when paid features are used.

EU/EEA and international processing may occur according to the provider's data processing terms.

Email delivery providers

Sending account verification, password reset, billing, support, reminder, and service notification emails.

EU/EEA or international processing may occur depending on delivery routing and provider configuration.

Development and deployment tooling providers

Operating source code, deployment, incident investigation, and support workflows. Personal data is not intentionally stored there, but limited log or support context may be processed if needed to resolve issues.

International processing may occur for development and deployment operations.

Optional integration and communication providers

Calendar export, telemetry integrations, SMS, WhatsApp, or similar optional features when configured or enabled by the user.

Only used for the relevant optional feature; international processing may occur depending on the provider.

Analytics providers

Providing consent-based website and product analytics where analytics features are enabled.

International processing may occur depending on the provider configuration and visitor consent.

04

Cookies

Fahrnex uses cookies and similar browser storage to operate the website and app securely, remember preferences, and measure usage where consent has been granted. Non-essential cookies require consent.

Necessary cookies

Necessary cookies support core website and account functions such as secure sessions, authentication, language preferences, and essential consent storage.

Functional cookies

Functional cookies may store interface preferences or similar settings that improve usability without being strictly required for every visit.

Analytics cookies

Analytics cookies or similar storage are used only where analytics features are enabled and only after the visitor has given consent.

Users can manage cookie preferences through the cookie settings link.

05

Additional Privacy Information

International Data Transfers

Where service providers process personal data outside the European Economic Area, Fahrnex uses appropriate safeguards such as European Commission Standard Contractual Clauses or other legally recognized transfer mechanisms.

Automated Decision-Making

Fahrnex does not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

Childrenโ€™s Privacy

Fahrnex is not directed to children under the age of 16.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. The latest version will always be available on this page.

06

Your Rights

  • Right of access under Art. 15 GDPR
  • Right to rectification under Art. 16 GDPR
  • Right to erasure under Art. 17 GDPR
  • Right to restriction of processing under Art. 18 GDPR
  • Right to data portability under Art. 20 GDPR
  • Right to object under Art. 21 GDPR
  • Right to withdraw consent at any time under Art. 7 GDPR
  • Right to lodge a complaint with a supervisory authority under Art. 77 GDPR
07

Security Measures

  • HTTPS/TLS encryption for website and API traffic
  • Access controls and authentication safeguards for administrative and user access
  • Hosting-level security protections such as firewall or platform security controls
  • Access to personal data limited to persons who need it for their role
09

Contact For Privacy Requests

Need help with your data?

Questions regarding this Privacy Policy or personal data processing may be sent to:

privacy@fahrnex.de

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at privacy@fahrnex.de. We may request additional information to verify your identity before processing your request. We will respond within the time required by applicable law.

View Impressum