This English version is a convenience translation provided for ease of understanding; in the event of any discrepancy, the German version (Datenschutzerklärung) prevails.
The protection of your data matters to us. This policy applies to the website herbtrack.de. A separate privacy policy applies within the HerbTrack platform (app.herbtrack.de).
There is currently no obligation to appoint a data protection officer.
We host this website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The servers are located in Germany; no transfer to third countries takes place. Processing is based on our legitimate interest in the secure and efficient provision of the website (Art. 6(1)(f) GDPR). A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner.
This website keeps no permanent access log files: the upstream reverse proxy does not record individual page views. During operation, only technical operational logs of the server containers are produced (e.g. start-up and error messages). These are rotated automatically and limited in size (older entries are overwritten); no analysis relating to your person takes place. They serve exclusively the secure operation, error analysis and defence against attacks — the legal basis is our legitimate interest in the functionality and IT security of the website (Art. 6(1)(f) GDPR). In order to deliver the page, your browser necessarily transmits your IP address for technical reasons; we do not systematically store it or combine it with other data to identify you.
This website makes do with a minimum of cookies and sets no tracking or marketing cookies. No tracking takes place; in our view, a cookie banner is therefore not required. If you do not wish to store cookies, you can prevent this at any time in your browser settings — the website remains fully usable.
Specifically: if you are logged in to the HerbTrack app, the app sets a non-sensitive hint cookie (herbtrack/presence) on the shared domain. It contains no personal data, only the information “logged in: yes/no”, so that we can show you the “To the app” button at the top instead of “Create account”. The legal basis for this evaluation is our legitimate interest in convenient user guidance (Art. 6(1)(f) GDPR). The cookie is removed when the validity specified by the app login expires or upon logout. The actual session cookie of the app is never shared with this website.
We embed the “Poppins” font self-hosted (via @nuxt/fonts). As a result, loading the page establishes no connection to Google servers and transmits no IP address to third parties.
If you contact us by email, we process the details you provide in order to handle your enquiry. The legal basis is Art. 6(1)(b) GDPR where your enquiry concerns the conclusion or performance of a contract, otherwise Art. 6(1)(f) GDPR (our legitimate interest in responding to enquiries). Providing your data is voluntary; however, without it we cannot answer your enquiry. We do not pass on this data and delete it as soon as the enquiry has been dealt with and no retention obligations apply.
Via buttons such as “Create account” or “To the app”, you are redirected to the HerbTrack platform (app.herbtrack.de). Only there — after your input — does further processing take place; the platform’s own privacy policy applies to it.
You have the following rights regarding your personal data: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and the right to object to processing (Art. 21 GDPR). Where processing is based on consent, you may withdraw it at any time with effect for the future (Art. 7(3) GDPR) without affecting the lawfulness of processing carried out up to that point. On this website, we currently process data exclusively on a statutory basis (Art. 6(1)(b) and (f) GDPR) — we do not obtain separate consent. You may object at any time, pursuant to Art. 21 GDPR, to processing based on Art. 6(1)(f). No automated decision-making, including profiling (Art. 22 GDPR), takes place on this website.
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg).
For security reasons, this site uses TLS encryption. You can recognise an encrypted connection by the “https://” and the padlock symbol in your browser’s address bar. The encryption serves the security of data transmission and fulfils our obligation to implement appropriate technical measures (Art. 32 GDPR).
This privacy policy is current as of June 2026. As the website develops or legal requirements change, it may become necessary to amend it.