Privacy Policy

This Privacy Policy informs you – ResAiler, Heidkamp 5, 27321 Emtinghausen, Germany – as a user about the type, scope and purpose of the processing of personal data (hereinafter: "Data") on the website resailer.de and in the associated web app. The protection of your data and your privacy is of central concern to us. We comply with the legal provisions of data protection, in particular the GDPR, the Federal Data Protection Act (BDSG), the Telecommunications-Digital Services Data Protection Act (TDDDG) and the Digital Services Act (DDG).

Controller according to Art. 4 No. 7 GDPR:

Resailer

Heidkamp 5

27321 Emtinghausen

Germany

Email: support@resailer.de

Phone: +49 1629384775

Represented by Managing Director: Patrick Siemens

Our Data Protection Officer is:

Patrick Siemens

Email: support@resailer.de

Phone: +49 1629384775

We process your personal data for the following purposes and on the following legal bases:

Operation of the Website and Web App: Technical connection data (IP address, browser type, device, access times, page views) is processed to provide, maintain and improve resailer.de (Art. 6(1)(f) GDPR, legitimate interest in functional operation and IT security).

Registration and User Account: To create a user account and authentication, we store the registration data you enter or the information provided via OAuth (Google) (Art. 6(1)(b) GDPR, contract performance).

Photo Uploads, AI Analysis and Text Generation: The photos you upload and the associated information are processed for the purpose of analysis and generation of valuation texts. Personal data may be contained in the image and in metadata. The legal basis is your consent (Art. 6(1)(a) GDPR), which you actively give with the upload function. Automated decision-making within the meaning of Art. 22 GDPR does not take place; the valuation results are always non-binding, a binding decision is not made automatically.

Payment Processing via Stripe Payments: When using paid services, required payment data (name, address, email, order and payment data, possibly bank details, partial card data, transaction number) is transmitted to Stripe International Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, and Stripe, Inc., 510 Townsend St., San Francisco, CA 94103, USA. Processing serves contract fulfillment (Art. 6(1)(b) GDPR) and is carried out in compliance with data protection via a concluded data processing agreement and on the basis of Standard Contractual Clauses or the Data Privacy Framework. Stripe may process data for its own purposes as a controller (Art. 6(1)(f) GDPR).

Single Sign-On via Google OAuth: For authentication via Google OAuth, your login data is transmitted by Google. The information necessary for registration (name, email address) is processed. Provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis is Art. 6(1)(b) GDPR (contract performance); possibly Art. 6(1)(a) GDPR (consent).

Hosting and Access via Cloudflare: The operation and delivery of the website is carried out via Cloudflare Inc., 701 Townsend St., San Francisco, CA 94107, USA. Technical connection data such as IP address and access times are processed, particularly for attack detection and bandwidth optimization. Data transmission is legally secured by concluding a data processing agreement and through Standard Contractual Clauses or certification under the Data Privacy Framework.

Database and Backend (Neon/Prisma): User data is stored and processed in the databases provided by Neon (Neon, Inc., 75 5th Avenue, New York, NY 10003, USA). Storage takes place on servers in the EU area or in international data centers under implementation of Standard Contractual Clauses. A data processing agreement according to Art. 28 GDPR is also concluded here.

Consent Management (Cookies): Insofar as we use cookies that are necessary for the technical provision of the site (e.g. session cookies, consent status), processing is based on Art. 6(1)(f) GDPR or §25(2) TDDDG. Other cookies, in particular for analysis or marketing purposes, we only use with express consent according to Art. 6(1)(a) GDPR and §25(1) TDDDG.

Contact Form, Support: For inquiries via our contact form or support channels, the information you provide (name, email, concern, communication history) is processed for handling (Art. 6(1)(b) and (f) GDPR).

We store your personal data only for as long as necessary for the purposes for which they were collected or statutory retention obligations exist (e.g. commercial and tax law obligations up to ten years for payment data, §257 HGB and §147 AO). After the purpose ceases to apply or the statutory periods expire, your data will be deleted or anonymized.

Within the framework of using Stripe, Google OAuth, Cloudflare and Neon/Prisma, a transfer of personal data to countries outside the EU (especially USA) may occur. This is done on the basis of adequacy decisions, Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, as respectively implemented and certified.

Our service providers are contractually obligated to comply with European data protection standards and to protect the data through technical and organizational measures.

You have the following rights under the GDPR:

Right to information about the processed data (Art. 15 GDPR)

Right to rectification of incorrect data (Art. 16 GDPR)

Right to erasure ("right to be forgotten") (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object to processing (Art. 21 GDPR)

Right to withdraw consent (Art. 7(3) GDPR)

Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact: support@resailer.de

There is no fully automated decision-making with legal effect or similarly significant impairment within the meaning of Art. 22 GDPR. The AI-assisted valuation results serve exclusively for orientation and recommendation; a final sales decision always lies with the user. Should a recommendation algorithm for automated selection of sales platforms be activated in individual cases, the possibility for human review and decision is always ensured.

Within the framework of using OAuth (Google), Stripe and Cloudflare, the respective privacy policies of these providers apply additionally. You can find these at:

Google: https://policies.google.com/privacy?hl=en

Stripe: https://stripe.com/privacy

Cloudflare: https://www.cloudflare.com/privacypolicy/

We implement appropriate technical and organizational measures to ensure the security of your data. These include, among others, encryption during data transmission (SSL/TLS), access restrictions to user accounts and databases, regular audits and backups, as well as employee training.

For the AI-assisted photo upload and analysis, we have conducted a Data Protection Impact Assessment according to Art. 35 GDPR. In particular, we have examined:

Which data is processed.

What risks arise.

What measures minimize the risks.

We inform you transparently according to the EU AI Act (from August 2024) and AI Regulation (from August 2026) about which AI systems you interact with and that the results are AI-based and non-binding.

When visiting the site for the first time, you will be actively informed about the use of cookies. You have the option to withdraw your consent or adjust cookie settings at any time. Necessary cookies (e.g. for login, consent management) are set regardless of your consent, all other cookies (analysis, tracking) only with your respective consent.

We reserve the right to update this Privacy Policy in case of changes to the legal situation, the scope of services or data processing. You can always find the current version at www.resailer.de/datenschutz.