Privacy Policy

1. Controller

The controller responsible for processing personal data in connection with this website and the agentView service is:

IT-Dienstleister, Rafael Kocurek
Sole proprietorship (small business)
Görgesstraße 36
52156 Monschau
Germany

Email: rafael.kocurek@agentView.de
Support: support@agentView.de
Phone: 01605207678

2. What data we process

Depending on how you use agentView, we process in particular the following categories of data:

• Access and server data: IP address, date and time of access, requested URL, referrer, browser type, operating system and technical log data.
• Account data: name, email address, user ID, preferred language, plan and role information.
• Authentication data: for magic-link sign-ins, your email address, login token and related technical metadata; for Google or Microsoft OAuth sign-ins, the profile data released by the provider, in particular name, email address, external identifier and, if available, profile picture URL.
• Display and content data: display IDs, display configuration, assigned content, uploaded or generated HTML content, as well as status and heartbeat data of connected displays.
• Communication data: contents and metadata of support requests or system emails.
• Billing data: where you use paid services, invoice and transaction data required for contract processing.

Server log files

The hosting provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system
• Referrer URL
• Hostname of the accessing device
• Time of the server request
• IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website — server log files must be collected for this purpose.

3. Purposes and legal bases

Where you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data pursuant to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. Where you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing additionally takes place on the basis of Section 25(1) TDDDG. Consent can be withdrawn at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfil a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

In detail, we process your data based on the following legal bases:

• Art. 6(1)(b) GDPR: to provide the service, manage accounts, authenticate users, manage displays, deliver your content, perform contracts, and handle cancellations and other contract-related requests.
• Art. 6(1)(c) GDPR: to comply with legal obligations, including accounting and tax retention duties.
• Art. 6(1)(f) GDPR: for secure, stable and efficient operation of our website and systems, abuse detection, troubleshooting, IT security and defence against attacks.
• Art. 6(1)(a) GDPR: where you have given consent, especially for optional analytics or tracking features.

4. Cookies and local storage

agentView uses technically necessary cookies and browser-side storage mechanisms required to provide the service expressly requested by you. In addition, Google Analytics 4 may be used optionally on the public landing page for German- and English-speaking visitors, but only after explicit consent. The legal basis for technically necessary storage or access on your device is Section 25(2) TDDDG; optional analytics are based on Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.

• Authentication: the technically necessary agentView.Auth cookie for signing in to the web interface. Persistent web login tokens are not stored by us in the browser's localStorage.
• Account management: in limited cases temporary browser-side storage such as agentview_pending_page so redirects within the application work reliably.
• Settings: for example relay_dashboard_language_v1 to store your language preference.
• Consent management: on the public landing page, for example agentview_cookie_consent_v1 to store your cookie and privacy preferences.
• Display operation: on connected display devices, for example screen_display_id and screen_display_entry_url, so a display can remain assigned to a profile and safely fall back to the central entry URL if a relay fails.

You can configure your browser to delete or block cookies and local storage. However, doing so may make parts of agentView unavailable or non-functional.

5. Sign-in via email, Google or Microsoft

You can sign in to agentView via magic link or, optionally, via Google or Microsoft. For magic-link sign-ins, we process your email address, the login token and technical metadata required for secure sign-in. For OAuth sign-ins, we only receive the data released to us by the provider you selected.

The providers' own privacy notices also apply: Google, Microsoft.

6. Hosting, email delivery and service providers

We use external technical service providers where necessary to operate agentView. This includes in particular hosting, database, email and, where applicable, payment providers. They process data either on our behalf or as independent controllers to the extent required for their respective services.

• Hosting and infrastructure: operation of the application and storage of technical data on servers used by us.
• Email delivery: sending magic links, invitations and system messages through the SMTP or email provider configured by us.
• Payment processing: if you purchase paid services, sale, payment processing and invoicing are carried out by Paddle.com Market Limited as reseller (merchant of record). When purchasing paid services, your email address and a pseudonymised user identifier are transmitted to Paddle. Legal basis: Art. 6(1)(b) GDPR.

7. Transfers to third countries

When using Google, Microsoft or payment services, processing of personal data outside the European Union or the European Economic Area cannot be ruled out.

Transfers to Paddle are based on Standard Contractual Clauses (Art. 46(2)(c) GDPR) which Paddle has concluded with its sub-processors. For other service providers used, processing takes place either on the basis of an adequacy decision (Art. 45 GDPR) or likewise on the basis of Standard Contractual Clauses (Art. 46 GDPR). Please refer to the respective providers' privacy notices for details.

8. Retention period

We store personal data only for as long as necessary for the respective purposes or as required by law.

• Account data: generally until the account is deleted, unless statutory retention duties require longer storage.
• Display and content data: as long as the relevant account or display remains active or until the data is deleted by you.
• Log and security data: security audit logs are generally retained for up to 30 days, and operations/error logs for up to 14 days. Where possible, we use privacy-preserving pseudonymisation for certain technical identifiers.
• Billing data: in accordance with statutory commercial and tax retention periods.

9. Your rights

Access, rectification and erasure

You have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing (Art. 15 GDPR) and, where applicable, the right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of this data.

Right to restriction of processing

You have the right to request restriction of processing of your personal data (Art. 18 GDPR). This right exists in particular if you dispute the accuracy of data, the processing is unlawful, we no longer need the data, or you have objected under Art. 21 GDPR.

Right to data portability

You have the right to receive data that we process on the basis of your consent or in the performance of a contract in a commonly used, machine-readable format (Art. 20 GDPR). If you request direct transfer of data to another controller, this will only be done to the extent technically feasible.

Withdrawal of consent

Many data processing operations are only possible with your explicit consent. You may withdraw any consent already given at any time. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

Where data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21(1) GDPR).

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

Right to lodge a complaint with a supervisory authority

In the event of violations of the GDPR, you have a right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR). Our competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, Kavalleriestraße 2–4, 40213 Düsseldorf, Germany.

10. Google Analytics 4

agentView uses Google Analytics 4 exclusively on the public landing page for German- and English-speaking visitors. Google Analytics 4 is loaded only after you have explicitly consented. Without your consent, no Google Analytics scripts are loaded and no related requests are sent to Google. The Chinese version of the landing page does not load any Google Analytics script.

If you consent to the use of Google Analytics 4, the service is provided on the public landing page by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics helps us evaluate how the public landing page is used. In particular, we receive information about page views, session duration, operating systems used, and visitor origin. Processing takes place solely for reach measurement and usage analysis of the public landing page. Display pages, login, dashboard, and actual product usage are not tracked.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies). The information collected by Google about the use of this website is generally transferred to and stored on a Google server in the USA.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time using the cookie settings on the landing page.

Transfers to the USA rely on the EU-US Data Privacy Framework adequacy decision to the extent Google is certified accordingly. Further information is available at https://www.dataprivacyframework.gov/.

More information on Google Analytics data handling can be found in Google’s privacy policy.

11. No automated decision-making

We currently do not use automated decision-making within the meaning of Art. 22 GDPR in connection with this website.

12. agentView Studio (studio.agentview.de)

agentView Studio is a standalone, browser-based application for designing slideshows, available at studio.agentview.de. Studio does not require an account for design work alone; a connection to the agentView interface is only established when you publish content to your displays.

Live widgets and external data sources

Some widgets (for example weather, map, currency, RSS/news) load their content at runtime directly in the browser from external services. In doing so, the browser of the editing device (in the editor) or the display device (in the player) contacts the respective provider and transmits its IP address, which may be recorded in the provider's server log. This concerns the IP address of the editing or display device, not that of the audience in front of the screen; digital signage does not transmit viewer IP addresses.

Depending on the widget used, the following providers may receive the device IP address:

• Weather: Open-Meteo (api.open-meteo.com).
• Map and location search: OpenStreetMap or CARTO tile servers and Nominatim (nominatim.openstreetmap.org) for geocoding.
• Currency: ExchangeRate-API (open.er-api.com).
• RSS and news: the publisher feeds you configure; the content belongs to the respective publisher.
• Operator-chosen sources: for widgets such as Live JSON, Chart, Data Table, KPI Cards, Image, Gallery, Video, PDF, Web Page, Embed, YouTube/Vimeo, Live Stream or Audio Visualizer, the endpoint or media host you configure. The operator determines which address is called through the widget's configuration.

QR codes are generated entirely on the device and the fonts used are self-hosted; neither sends requests to third parties. In the editor, live widgets first show a placeholder and only fetch live data on click, so no device IP is transmitted until then (data minimisation). On a connected display, live widgets render live as intended.

These calls are generally plain data APIs (IP address in the log, no cookies, no tracking). The legal basis is Art. 6(1)(b) GDPR for providing the live content you requested and Art. 6(1)(f) GDPR for the stable operation of the display. Individual providers (such as CARTO or ExchangeRate-API) may process data outside the European Union or the European Economic Area; section 7 (Transfers to third countries) applies accordingly.

Local storage of connection data

Once you connect Studio with your agentView access, Studio stores the connection data (API key or session token) locally in your device's browser under the key avs_conn in localStorage, so that the connection to your displays persists across sessions. This is technically necessary for the publishing function you expressly requested (Section 25(2) TDDDG, Art. 6(1)(b) and (f) GDPR). The data does not leave your browser and is not used for analytics or advertising. You can remove it at any time via the "Disconnect" function in Studio or by clearing your browser storage. In addition to section 4: unlike the central web interface, agentView Studio deliberately stores this connection token locally.

13. Privacy contact

If you have questions about the processing of your personal data or want to exercise your data protection rights, contact us at rafael.kocurek@agentView.de or support@agentView.de.

Last updated: June 2026