GDPR Compliance

Last updated: December 31, 2025

EquipPanel is committed to complying with the General Data Protection Regulation (GDPR). This page outlines our data protection practices and your rights under GDPR.

Data Controller

Company Information

EquipPanel
Stuttgart, Germany
Email: privacy@equippanel.com

Data Protection Officer

For any questions regarding data protection, please contact our Data Protection Officer at privacy@equippanel.com

Personal Data We Collect

Account Information

  • Name and email address (required for account creation)
  • Company name and information
  • Profile photo (optional)
  • Role within your organization (Admin, Operator, Viewer)

Usage Data

  • Log entries and activity records
  • Equipment management data
  • Maintenance schedules and history
  • Document uploads and file metadata
  • Report generation history (available on Business and Pro plans only)

Technical Data

  • IP addresses and browser information
  • Device information and operating system
  • Usage analytics (anonymized where possible)
  • Authentication tokens and session data

Payment Information

  • Billing address and company details
  • Payment method information (processed securely by our payment processor)
  • Subscription and billing history
  • Note: We do not store credit card numbers or sensitive payment data

Legal Basis for Processing

Contract Performance

We process your personal data to fulfill our contractual obligations to provide you with the EquipPanel service. This includes account management, service delivery, and customer support.

Legitimate Interests

We process data for our legitimate business interests, including:

  • Service improvement and development
  • Security and fraud prevention
  • Analytics and usage optimization
  • Marketing communications (with your consent where required)

Consent

Where required by law, we obtain your explicit consent before processing your personal data for specific purposes, such as marketing communications or optional features.

Legal Obligations

We may process your data to comply with legal obligations, such as tax requirements, accounting regulations, or responding to lawful requests from authorities.

How We Use Your Data

  • To provide and maintain the EquipPanel service
  • To process your subscription and manage billing
  • To send you service-related notifications and updates
  • To provide customer support and respond to your inquiries
  • To improve our services and develop new features
  • To ensure security and prevent fraud
  • To comply with legal obligations and enforce our terms
  • To send marketing communications (only with your consent)

Data Sharing and Third Parties

Service Providers

We share your data with trusted third-party service providers who assist us in operating our service:

  • Database & Storage Providers: Database hosting and authentication services (EU-based infrastructure, GDPR compliant)
  • Payment Processor: Payment processing and subscription management (GDPR compliant, PCI DSS certified)
  • Hosting Provider: Hosting and content delivery (GDPR compliant)
  • Email Service Providers: For transactional and marketing emails (with your consent)

Data Processing Agreements

All third-party service providers are bound by data processing agreements (DPAs) that ensure they:

  • Process data only for specified purposes
  • Implement appropriate security measures
  • Comply with GDPR requirements
  • Not share data with unauthorized parties

No Sale of Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Data Retention

Active Accounts

We retain your personal data for as long as your account is active and for the duration necessary to provide our services.

Deleted Accounts

When you delete your account, we will:

  • Delete your personal data within 30 days of account deletion
  • Retain anonymized, aggregated data for analytics purposes
  • Retain billing records as required by law (typically 7-10 years for tax purposes)
  • Retain data necessary for legal claims or disputes

Backup Data

Data in backups may be retained for a limited period after deletion. After this period, backups are permanently deleted.

Your Rights Under GDPR

Right of Access

You have the right to request a copy of all personal data we hold about you. You can access your data through your account settings and view your equipment, logs, maintenance schedules, and documents.

Right to Rectification

You can update your personal information at any time through your account settings. If you need assistance, please contact us.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data by deleting your account in settings. We will process your request within 30 days, subject to legal obligations to retain certain data.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of your data.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format. You can generate reports (CSV, Excel on Starter+ plans, PDF on Starter+ plans) containing your equipment data, logs, and maintenance information through the application.

Right to Object

You can object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time through your account settings or by contacting us.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

Data Security

We implement industry-standard security measures to protect your personal data:

  • Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted.
  • Authentication: Strong password requirements and secure authentication mechanisms.
  • Access Controls: Role-based access control ensures users only access data they are authorized to view.
  • Regular Security Audits: We conduct regular security assessments and vulnerability scans.
  • Data Isolation: Multi-tenant architecture with strict data isolation between companies.
  • Backup and Recovery: Regular backups with secure storage and tested recovery procedures.
  • Incident Response: Procedures in place to detect, respond to, and notify users of data breaches.

International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • GDPR-compliant data processing agreements with service providers

Cookies and Tracking

We use cookies and similar technologies to provide and improve our services. For detailed information about our use of cookies, please refer to our Privacy Policy.

Children's Privacy

EquipPanel is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact Us

Have questions? Check our FAQ or contact us:

If you have any questions, concerns, or requests regarding your personal data or this GDPR compliance page, please contact us:

privacy@equippanel.com
support@equippanel.com

We will respond to your inquiry within 30 days as required by GDPR.