Privacy Policy

Effective: April 2026 (v1.0)

This is a translation of the German original. In case of any discrepancy between language versions, the German version shall prevail. The binding German version is available at businessnavigator.app/agb.

1. Data Controller

INREMA Unternehmensberatung GmbH, Rentmeister-Wilthelm-Weg 16, 33181 Bad Wünnenberg, Germany. Email: datenschutz@businessnavigator.app

2. Data Protection Officer

Andreas Rüdiger · datenschutz@businessnavigator.app

3. Hosting

Exclusively on servers located in Germany (DomainFactory GmbH, Ismaning). A data processing agreement under Art. 28 GDPR is in place.

4. Legal Bases

Art. 6(1)(a) GDPR (consent), (b) (contract performance), (c) (legal obligations), (f) (legitimate interests).

5. Registration and Account Data

We process: first name, last name, email, password (Argon2id hash), billing address (if provided), plan, language preference. Purpose: platform services, authentication, billing. Retention: during contract + 10 years for invoicing (§ 147 AO).

6. Contact Form

Name, email, message content — used solely to respond to your inquiry. Retention: until inquiry resolved, then 6 months.

7. Newsletter (Double Opt-In)

Email address. Confirmed via double opt-in. Legal basis: consent. Unsubscribe link in every newsletter.

8. Cookies

Technically necessary cookies (session, CSRF, language preference bn_lang) are always active. Analytics cookies (Google Analytics 4) only after your explicit consent via our cookie banner. IP anonymization is enabled.

9. Third-Party Processors

Hosting (DomainFactory, DE), payments (Stripe, IE), email delivery (sslout.de, DE), AI services for BN Business Guide. DPAs are in place.

10. Your Rights (Arts. 15–22 GDPR)

Access, rectification, erasure, restriction of processing, data portability (machine-readable JSON export available in account settings), objection, withdrawal of consent at any time. Right to lodge a complaint with a supervisory authority (LDI NRW).

11. Consent Log

We maintain a consent log for proof purposes: user ID, name, email, consent type, document version, IP address, user agent, timestamp, language. After account deletion the log is retained 3 years (legitimate interest, Art. 6(1)(f) GDPR), then deleted.

12. Security Measures

TLS encryption, Argon2id password hashing, session & CSRF tokens, rate limiting, HSTS preload, Content Security Policy, two-factor authentication, hardened server (UFW firewall, fail2ban, daily security updates), daily backups, role-based access control, audit logging.

13. Automated Decision-Making

We do not use automated individual decision-making under Art. 22 GDPR.

14. Changes

We may adapt this policy to maintain legal compliance or reflect service changes. The current published version applies.

INREMA Unternehmensberatung GmbH · businessnavigator.app · Effective: April 2026 · The German version is legally binding.