Skip to content
justReporting
Home/Privacy Policy

Privacy Policy (Datenschutzerklärung)

This policy explains what happens to your personal data when you visit zfge.justreporting.eu. It aligns with the parent company policy at justreporting.eu/legal-and-privacy, and is scoped to the services actually running on this subdomain.

1. Data Controller

justReporting GmbH Wirtschaftsprüfungsgesellschaft
Rheinpromenade 2, 40789 Monheim am Rhein, Germany
Phone: +49 173 536 7762
E-Mail: [email protected]
Managing Director: Jannik Hassel

A data protection officer has not been appointed; appointment is not mandatory for our organisation size under Art. 37 GDPR / § 38 BDSG.

2. What Data Is Processed on This Website

We collect only the data strictly necessary to serve the website and, if you actively request it, to book a consultation or reply to your e-mail.

  • Server log files (browser, OS, referrer, IP address, timestamp) — collected by our hosting provider for security and technical operation, deleted after 14 days.
  • Consent preferences — stored locally in your browser (localStorage, key zfge-consent); never transmitted to us.
  • Booking data (name, e-mail, chosen slot) — only if you actively use the Cal.com booking widget.
  • E-mail content — only if you contact us at [email protected].

We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any other advertising / retargeting tool on this subdomain. We use Plausible Analytics, which is cookie-free, does not collect any personal data, and does not require consent under GDPR — details in Section 2a.

2a. Web Analytics (Plausible)

We use Plausible Analytics (Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia) to understand which pages visitors read and how they arrive. Plausible is a privacy-friendly, cookie-free analytics tool. It does not track users across sites, does not collect any personal data, and does not set cookies.

Data collected: URL path, HTTP referer, browser type, operating system, device type, country (derived from IP, IP is discarded). No cross-site tracking, no user profiles, no fingerprinting.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in understanding website usage in aggregate. Because no personal data is processed and no cookies are set, consent is not required (Art. 5(3) ePrivacy Directive / § 25 TTDSG).

Privacy policy: plausible.io/privacy

3. Hosting (Hetzner)

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Servers located in the EU. Data processing agreement (Art. 28 GDPR) in place.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in secure and efficient provision of our website.

Privacy policy: hetzner.com/legal/privacy-policy

4. Cloudflare (DNS + CDN)

We use Cloudflare (Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA) for DNS routing and protection against malicious traffic. Cloudflare receives the IP address of visitors and basic connection metadata to resolve requests.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in a secure, performant and reliably reachable website.

Data transfer to the USA is secured by the EU-US Data Privacy Framework (Cloudflare is certified) and by Standard Contractual Clauses for onward processing. Data processing agreement with Cloudflare in place.

Privacy policy: cloudflare.com/privacypolicy

5. Cookies and Consent

This website does not set tracking, analytics or advertising cookies. We only store your consent decision locally in your browser (localStorage), which is strictly necessary to remember that you have seen the notice.

No third-party script loads data from services outside our own infrastructure. All external-looking interactions (booking, contact) go through services we operate ourselves — see sections 6 and 7.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) for strictly necessary storage of your consent choice. No § 25(1) TDDDG consent is required because we do not store or read information on your device for purposes other than strictly necessary.

6. Appointment Scheduling (Cal.eu — EU-hosted)

For scheduling consultations we use Cal.eu, operated by Cal.com Europe Ltd. (EU-hosted instance of the Cal.com scheduling platform). The booking widget is embedded on our contact page.

Data processed: Your name, e-mail address, the time slot you select and any information you voluntarily enter in the booking form.

Purpose: Scheduling and administration of your consultation request.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request) for processing the booking itself; Art. 6(1)(a) GDPR + § 25(1) TDDDG (consent) for loading the embedded widget and any technical cookies it may set. You can withdraw consent by clearing your browser storage for this site.

Data transfer: Servers of Cal.com Europe Ltd. are located within the EU. A data processing agreement (Art. 28 GDPR) is in place.

Retention: Until the booking is completed plus statutory retention periods where applicable (e.g. § 51b WPO — 10 years for audit-related records). Cal.com retains booking metadata in accordance with its own privacy policy.

Provider privacy policy: cal.com/privacy

7. Contact by E-Mail

If you write to us at [email protected], we store your e-mail, name and message solely to respond to your enquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) for engagement-related enquiries; Art. 6(1)(f) GDPR (legitimate interest) for general questions.

Retention: messages are deleted when the purpose is fulfilled, subject to statutory retention periods (e.g. § 51b WPO — 10 years for audit-related records).

8. Self-Hosted Fonts

Plus Jakarta Sans and Inter are served from our own servers. We do not connect to Google Fonts or any external font provider — no IP of visitors is sent to third parties just because of fonts.

9. Professional Secrecy

As a licensed German Wirtschaftsprüfungsgesellschaft we are bound by professional secrecy under § 43 WPO and § 203 StGB. Any information you share with us in the context of a professional engagement is strictly confidential — independent of, and in addition to, GDPR data protection obligations.

10. Your Rights as a Data Subject

You have the following rights under the GDPR at any time, free of charge:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). For us the competent authority is LDI NRW — Kavalleriestr. 2–4, 40213 Düsseldorf.

To exercise any of these rights, please contact us at [email protected].

11. SSL/TLS Encryption

This site uses SSL/TLS encryption for all requests. You can recognise an encrypted connection by the "https://" prefix in your address bar and the lock symbol shown by your browser.

12. Updates & Reference to the Full Policy

We keep this policy aligned with the full parent-company privacy policy at justreporting.eu/legal-and-privacy. In case of any divergence, that parent policy governs for services not running on this subdomain.

Last updated: 20 April 2026