Privacy Policy
Data Controller
Primaris e.U.
Patrick Blanka
Kapuzinerstraße 43a
4020 Linz, Austria
Email: contact@tablestage.com
Phone: +43 677 990 017 84
What Data We Collect
Contact via Email
If you contact us by email, we process:
- Your name (if provided)
- Your email address
- The content of your message
Providing this data is necessary to respond to your inquiry. If you do not provide it, we cannot process your request.
Payment Data
When you purchase a license, payments are processed by Creem.io, operated by Armitage Labs OÜ (Estonia), acting as our Merchant of Record. Creem is the seller of record and independently collects and processes payment data (credit card details, billing address, name, email, and order details) as a data controller on its own infrastructure. We do not have access to your full payment details. Creem shares your email address and transaction details with us for license fulfillment and customer support.
See Creem's privacy policy for details on how they handle payment data.
Automatically Collected Data
We use Plausible Analytics to understand aggregate website usage. Plausible transiently processes your IP address to generate a daily-rotating hash for unique visitor counting. The raw IP address is never stored. No cookies are used, no personal data is retained, and no visitors are tracked across websites or devices.
Newsletter / Release Updates
If you sign up for release notifications, we process your email address to send you occasional updates about new TableStage features and releases. Sign-up uses double opt-in: we email a confirmation link, and you are only added to our list after you click it. You can unsubscribe at any time via the link in every email. These emails are sent through our processor Mailjet (see Recipients below).
Legal Basis for Processing
We process personal data based on the following legal grounds under the GDPR:
- Art. 6(1)(b) - Contract performance: For processing purchases and delivering software licenses, and for responding to pre-contractual inquiries via email.
- Art. 6(1)(f) - Legitimate interest: For responding to general email inquiries and website analytics. Our legitimate interest does not override your rights, as Plausible processes no personal data.
- Art. 6(1)(a) - Consent: For sending release-notification emails, where you have signed up and confirmed via double opt-in. You may withdraw your consent at any time by unsubscribing.
Analytics
We use Plausible Analytics for aggregate website usage statistics. Our legitimate interest (Art. 6(1)(f) GDPR) is understanding how visitors use our website to improve it. Plausible is GDPR-compliant. It does not:
- Use cookies or similar tracking technologies
- Store personal data or personally identifiable information
- Track visitors across websites or devices
- Store IP addresses (IPs are transiently processed and immediately hashed with a daily-rotating salt)
- Access or store information on your device
Plausible does not constitute access to terminal equipment within the meaning of Austrian TKG 2021 §165(3), as it relies solely on standard HTTP protocol headers and does not read from or write to your device.
For details, see Plausible's data policy.
Cookies & Local Storage
This website does not set any cookies or use local storage. Payments are handled on Creem's own checkout pages: when you click the "Buy" button you are redirected to Creem's hosted checkout, so no third-party checkout scripts or cookies are loaded on this website. Any cookies used during checkout are set by Creem on its own domain and are governed by Creem's privacy policy.
Recipients of Your Data
Your personal data may be shared with the following recipients:
- Hetzner Online GmbH (Germany) - Data processor for server hosting. A Data Processing Agreement is in place pursuant to Art. 28 GDPR.
- Mailjet SAS (France) - Data processor for transactional and newsletter email delivery (license codes, subscription confirmations, release updates). Processes your email address and email content. Established in the EU. A DPA is in place.
- Plausible Insights OÜ (Estonia, hosted in Germany) - Data processor for website analytics. No personal data is stored. A DPA is in place.
- Armitage Labs OÜ (Estonia), trading as Creem - Independent controller for payment processing as Merchant of Record. Processes name, email, billing address, and payment/order details. Established in the EU/EEA. Where Creem engages sub-processors outside the EEA (including payment-infrastructure providers), such transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses.
- softWORKZ Innovation Inc. (Canada) - Data processor for software license management (SoftwareDNA). Processes email address, license key, hardware identifiers, and IP address for license activation. Data transfers from the EU to Canada are covered by the EU adequacy decision (PIPEDA).
International Data Transfers
Most data processing takes place within the European Union / EEA (Germany for hosting and analytics; Estonia for payments via Creem). Data is also transferred to Canada (softWORKZ / SoftwareDNA) for license validation, covered by the EU adequacy decision for organizations subject to PIPEDA (Decision 2002/2). Creem, as an independent controller, may engage sub-processors (including payment-infrastructure providers) located outside the EEA; such transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses, as described in Creem's privacy policy.
Storage & Security
All data is stored on servers operated by Hetzner Online GmbH in Germany (EU). Data is encrypted in transit using TLS.
Retention
Email correspondence is retained for up to 7 years where required by Austrian tax record-keeping obligations (Bundesabgabenordnung), or deleted after resolution of your inquiry if no such obligation applies.
Payment transaction records are retained by Creem in accordance with their retention policy and applicable tax/accounting obligations.
Plausible Analytics retains no personal data. Aggregate statistics are kept indefinitely.
Your Rights (GDPR Art. 15-21)
Under the GDPR, you have the right to:
- Access - Request a copy of the personal data we hold about you (Art. 15)
- Rectification - Request correction of inaccurate data (Art. 16)
- Erasure - Request deletion of your personal data (Art. 17)
- Restriction - Request restricted processing (Art. 18)
- Data portability - Receive your data in a machine-readable format (Art. 20)
- Object - Object to processing based on legitimate interest (Art. 21)
To exercise any of these rights, contact us at contact@tablestage.com. We will respond within one month.
You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at, www.dsb.gv.at.
Automated Decision-Making
We do not use automated decision-making or profiling as defined in Art. 22 GDPR.
Changes to This Policy
We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when the latest changes were made. We will notify you of material changes by posting a prominent notice on our website.
Contact
If you have questions about this privacy policy or our data practices, contact us at contact@tablestage.com. See our Imprint for full operator details.