The controller responsible for the processing of personal data on Bozoo is:

Volker Bohn
Asgardstr. 62
81925 München, Germany
Email: privacy@bozoo.com

If you have any questions about this policy or how we handle your data, contact us at the address above.

This policy explains what personal data we collect when you visit Bozoo, subscribe to our newsletter, submit a product listing, or make a payment, why we process it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR).

a) Visiting the website

When you access Bozoo, our hosting provider automatically processes technical data needed to deliver the site securely, including your IP address, date and time of the request, the requested page, and your browser/operating system. This is necessary to operate and secure the service (Art. 6(1)(f) GDPR – legitimate interest).

b) Newsletter

If you subscribe to our newsletter, we store your email address. We process it on the basis of your consent (Art. 6(1)(a) GDPR) and only to send you the newsletter. You can withdraw your consent at any time with effect for the future by contacting us. Newsletter addresses are stored in our database and are not currently shared with an external newsletter provider.

c) Product listing submissions

When you submit a product for the directory, we process the data you provide: product name, company name, contact email, website URL, tagline, description, suggested category, country, optional notes, your chosen listing plan, and any generated logo or screenshot. We use this to review, communicate about, and (if approved) publish your listing. The legal basis is the performance of a contract or pre-contractual steps at your request (Art. 6(1)(b) GDPR) and our legitimate interest in operating a curated directory (Art. 6(1)(f) GDPR).

d) Submission autofill assistant (optional)

If you use the optional autofill feature when submitting, we retrieve publicly available information about the website you enter in order to pre-fill the form. To do this, the submitted URL and extracted page content may be transmitted to the following service providers:

• OpenAI, L.L.C. (USA) – to generate a draft description.
• Google LLC (USA) – to retrieve the website's favicon.
• thum.io (USA) – to generate a website screenshot.

This involves a transfer to the United States (see section 6). The legal basis is your request to use the feature and our legitimate interest in an efficient submission process (Art. 6(1)(b) and (f) GDPR). If you prefer not to use these services, you can fill in the form manually.

e) Payments

Paid listings are processed through our payment provider Mollie. When you pay, you are directed to Mollie's secure checkout; the payment data (e.g. card or bank details) is processed by Mollie, not by us. We only store the payment status, the amount, and the Mollie payment reference linked to your listing. The legal basis is performance of a contract (Art. 6(1)(b) GDPR).

f) Transactional emails

We send service emails (e.g. submission confirmations, review decisions, and payment links) using our email provider Brevo. For this we process your email address and the content of the message. The legal basis is performance of a contract and our legitimate interest in reliable communication (Art. 6(1)(b) and (f) GDPR).

g) Administrator accounts

For our own staff who manage the directory, we store an email address and a hashed password, and we keep an internal audit log of administrative actions for security and accountability (Art. 6(1)(f) GDPR).

Bozoo does not use tracking, analytics, or advertising cookies. We only set a strictly necessary session cookie when an administrator logs in to the protected admin area. This cookie is required for the login to function and does not require consent.

We use carefully selected service providers who process data on our behalf under data processing agreements. The main recipients are:

• Hetzner Online GmbH (Germany) – server hosting.
• DigitalOcean LLC – managed database hosting. Our database is located in the EU (Frankfurt, Germany); the provider is a US company.
• Mollie B.V. (Netherlands) – payment processing.
• Brevo / Sendinblue SAS (France) – transactional email delivery.
• OpenAI, Google, and thum.io (USA) – only when you use the optional autofill feature (see section 3d).

We do not sell your personal data and do not share it for third-party advertising.

Most processing takes place within the EU/EEA. Where data is transferred to providers in the United States (e.g. Mollie's and our database provider's parent groups, or the optional autofill services), such transfers are safeguarded by the European Commission's Standard Contractual Clauses and/or the provider's certification under an applicable adequacy framework. You can request more information about these safeguards using the contact details in section 1.

We keep personal data only as long as necessary for the purposes described above or as required by law. Submission and billing records are retained while a listing is active and for the period required by applicable accounting and tax obligations. Newsletter addresses are kept until you unsubscribe. Technical server logs are stored for a limited period for security purposes and then deleted or anonymised.

Under the GDPR you have the right to:

• access the personal data we hold about you (Art. 15);
• have inaccurate data corrected (Art. 16);
• have your data erased (Art. 17);
• restrict processing (Art. 18);
• data portability (Art. 20);
• object to processing based on legitimate interests (Art. 21); and
• withdraw consent at any time, without affecting prior processing (Art. 7(3)).

To exercise any of these rights, contact us using the details in section 1.

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or the place of the alleged infringement. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA), Promenade 18, 91522 Ansbach, Germany.

We use appropriate technical and organisational measures to protect your data, including TLS encryption for all traffic, restricted database access, and hashed administrator credentials.

We may update this policy to reflect changes to our service or legal requirements. The current version is always available on this page, with the date of the last update shown below.