Privacy Policy

As of: 26.01.2026
This Privacy Policy informs you about how we process personal data when you use our website/application ("Jobilino"), create an account, request a demo or contact us. The content is based on the information obligations under Art. 13 GDPR.

1. Scope

For users in the EU/EEA, the GDPR applies. For users in Switzerland, we additionally take into account the revised Swiss Federal Act on Data Protection (revFADP).

2. Definitions

"Personal data" means any information relating to an identified or identifiable person. "Processing" means any operation performed on such data (e.g. collection, storage, transmission, deletion).

3. What Data We Process (Categories)

Depending on usage, we process in particular:

  • Master data: Name, company, position, address
  • Contact data: Email, phone number
  • Account/login data: Username, password (hashed), roles/permissions
  • Usage/device data: IP address, log files, device identifiers, app version, timestamps
  • Contract and payment data: Plan, term, billing address, payment status
  • Communication data: Content of your enquiries (support, demo, emails)
  • Working time/project data (if you use the solution in production): time entries, project assignments, and where applicable location data only when activated.

4. Purposes and Legal Bases (EU/EEA)

We process data for the following purposes:

  1. Provision of website/app, security, error analysis
    Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operation/security)
  2. Contract/registration/demo/support (account, trial access, customer service)
    Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract)
  3. Accounting & statutory obligations
    Legal basis: Art. 6(1)(c) GDPR (legal obligation)
  4. Marketing/product information (e.g. updates, offers, demo invitations)
    Legal basis: Art. 6(1)(f) GDPR (legitimate interest) and/or Art. 6(1)(a) GDPR (consent), depending on what the applicable law in the DACH region requires. (See Section 10.)

Note Switzerland: Under the revFADP we transparently disclose the purpose, recipients, retention period and rights; a "legal basis" as defined by the GDPR does not exist in identical form there, but the transparency obligation is central.

5. Hosting, Server Logs and Technical Provision

When you access our website/app, technically necessary data is processed (e.g. IP address, time, page accessed, user agent). This processing is necessary to deliver the content and to defend against attacks.

Recipients: Hosting/infrastructure service providers as data processors: [provider, country].
Third-country transfers: If providers are located outside the EU/EEA/Switzerland: only with appropriate safeguards (e.g. standard contractual clauses).

6. Cookies, SDKs and Consents (Website)

We use:

  • Technically necessary cookies/local storage (e.g. login session, language, security)
  • Optional cookies/tools (e.g. analytics/marketing), only with consent, where legally required.

For Germany the following additionally applies: access to information on end devices (cookies/similar technologies) generally requires consent, unless it is strictly necessary for the transmission or for a service explicitly requested (§ 25(2) TTDSG).

7. Contact (Email, Form, Telephone)

When you contact us (e.g. demo request, support, account creation), we process your details to handle the enquiry and for follow-up questions.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual) or (f) (efficient communication).

8. Customer Account, Use of the Software (SaaS)

Upon registration and use, we process the data necessary to provide the service (account, roles, working time/project data, configurations).
Legal basis: Art. 6(1)(b) GDPR.

Data processing agreement: If you use Jobilino as a company and process employee data, you are generally the "controller" and we are the "data processor". In this case we conclude a DPA/AVV.

9. Recipients / Categories of Recipients

We only share data where this is necessary:

  • IT/hosting/support service providers (data processors)
  • Payment/billing service providers (if used)
  • Communication tools (email, ticketing, chat)
  • Authorities/tax advisors (if required by law)

10. Direct Marketing & Contact with Customers/Prospects (Email & Telephone)

We would like to be transparent: We also use contact data to stay in touch with customers and prospects – e.g. for scheduling, support, follow-up questions, product-related information and (where permitted) offers.

  • Email: We only send promotional emails within the legally permissible framework (e.g. with consent or within the context of an existing customer relationship with an opt-out option).
  • Telephone: Telephone marketing is particularly sensitive from a legal perspective. In Germany the general rule is: unsolicited marketing calls without (prior) consent are not permitted; in the B2B sector, "implied consent" is sometimes discussed, but this is subject to strict requirements. We comply with the applicable rules in each case and document any required consents.

Objection/opt-out: You may object to the processing of your data for direct marketing purposes at any time (see Section 13).

11. Retention Period / Deletion

We store personal data only for as long as is necessary for the respective purpose. Thereafter, the data is deleted or anonymised, unless statutory retention obligations or compelling reasons (e.g. establishment/defence of claims) prevent this.

Typical examples (adjustable):

  • Support/contact enquiries: until completion + [e.g. 6–24 months] for traceability
  • Contract/invoice data: in accordance with statutory retention periods
  • Account: until deletion by the user/company + technical residual periods/backups

12. Data Security

We implement appropriate technical and organisational measures (TOMs) to protect data (e.g. access controls, encryption, backups, logging).

13. Your Rights (EU/EEA) and Rights in Switzerland

EU/EEA (GDPR): You have in particular the right to access, rectification, erasure, restriction, data portability and the right to object. You also have the right to withdraw consent at any time (with effect for the future) and to lodge a complaint with a supervisory authority.

Switzerland (revFADP): You have, among other things, the right to information and may, under certain conditions, request rectification or deletion.

Objection to direct marketing: If we process data on the basis of legitimate interests for direct marketing, you may object at any time; we will then no longer process that data for this purpose.

14. Third-Country Transfers

If we use service providers outside the EU/EEA/Switzerland, we only transfer data where appropriate safeguards exist (e.g. adequacy decision, standard contractual clauses) and additional protective measures are in place where required.

15. Changes to this Privacy Policy

We may update this Privacy Policy (e.g. when new features/tools are introduced). We publish the current version on our website/in the app.

Developed & supported in Austria

GDPR-compliant data protection

Fast, personal support

Newsletter: practical know-how on time tracking

Legal updates, industry tips and product news – concise, a few times a year. Unsubscribe anytime.