1. General Information

The protection of your personal data is an important concern to me as the responsible private individual. I process your data confidentially and in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection regulations.

This privacy policy informs you about the type, scope and purpose of processing personal data within the framework of the "KVR Alert München" service.

2. Data Controller

3. Purpose of the Service

"KVR Alert München" notifies registered users by email about newly available appointments at selected citizen offices in Munich. For this purpose, preferences such as concerns, preferred locations and desired time slots are stored and processed.

4. What Data is Processed?

a) During Registration:

• Email address
• Authentication data (e.g., via Supabase Auth, Apple or Google login)

b) After Registration:

• Specified concern (e.g., ID card application)
• Desired citizen offices
• Preferred time period for appointments
• Consent to notification

c) Technically Automatically Collected Data During Website Visit (Vercel):

• IP address
• Date and time of access
• Browser type and version
• Operating system used

This technically collected data is not permanently stored, not combined with other data and not analyzed.

5. Data Processing and Sharing

a) Supabase

Supabase is used for user management, storage of preferences and authentication. Data is stored on servers in the EU where available.

b) Email Service Providers

The following email service providers are used to send appointment notifications:

• Mailjet
• Resend

Your email address is processed in each case. The emails contain exclusively appointment-related information – no advertising.

c) No Unauthorized Disclosure

Your data will not be sold, not used for advertising purposes and not passed on to third parties without your consent – except when legally required to do so.

6. Legal Basis

The processing of your data is carried out in accordance with Art. 6 para. 1 lit. a GDPR – based on your explicit consent, e.g., during registration or when specifying your notification preferences.

7. Storage Duration

Your data will be stored as long as you actively use the service.

You can delete your account at any time. This will also completely delete your stored data.

Technically automatically collected data (e.g., for appointment comparisons) is regularly anonymized or deleted.

8. Your Rights

As a data subject, you have the following rights:

• Information about stored data (Art. 15 GDPR)
• Correction of incorrect data (Art. 16 GDPR)
• Deletion of your data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Withdrawal of your consent (Art. 7 para. 3 GDPR) – at any time with effect for the future

Please direct corresponding requests to: info@kvr-alert-muenchen.de

9. External Services and Data Transfer to Third Countries

The tools used (e.g., Supabase, Mailjet, Resend, Vercel) may process data outside the EU – particularly in the USA.

Care is taken to ensure that data is only transmitted to providers that either:

• are certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR), or
• with whom a contract based on EU Standard Contractual Clauses (SCCs) has been concluded (Art. 46 GDPR).

Further information can be found in the respective privacy policies of the providers:

• Supabase
• Mailjet
• Resend
• Vercel

10. Changes to This Privacy Policy

I reserve the right to adapt this privacy policy in case of changes to the service or legal requirements. The current version is always available on this page.

11. Cookies and Tracking

This website does not use cookies and no tracking services (such as Google Analytics, Matomo, etc.). No user profiles are created, no cookies are set and no personal tracking data is collected.