Privacy Policy

Version note: This English version is provided for convenience. The German version is binding in case of discrepancies.

1. Controller

Albina Alijaj (Sole Proprietorship / Einzelunternehmen)

Ludgeristraße 112 B, 59379 Selm, Germany

Email: info@aleoservices.com

2. Overview of processing

We process personal data in accordance with the GDPR and applicable cookie rules. “Personal data” means any information relating to an identified or identifiable person (e.g., name, email, IP address).

3. Website access data (server logs)

When you visit the website, technical data is processed automatically (server log files), such as:

  • IP address
  • date/time of access
  • requested page/file
  • referrer URL
  • browser/operating system
  • status codes and data volume

Purpose: operating the website, security, troubleshooting, abuse prevention.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Retention: generally only as long as technically necessary; longer only where needed for security incidents.

4. Hosting (Hostinger)

Our website is hosted with Hostinger. Hostinger processes data necessary to provide hosting (including server logs).

Legal basis: Art. 6(1)(f) GDPR (secure and stable operation) and, where you use account/platform functions, Art. 6(1)(b) GDPR (performance of contract).

Processor agreement: We use a data processing agreement (Art. 28 GDPR) where applicable.

International transfers: Depending on server locations/subprocessors, data may be processed outside the EU/EEA. Where this occurs, we use appropriate safeguards (e.g., Standard Contractual Clauses) as required by the GDPR.

5. Accounts (registration and login)

If you create an account, we process in particular:

  • email address
  • password (stored only as a hash; not in plain text)
  • optional profile/account information
  • technical metadata (e.g., account ID, timestamps)

Purpose: account creation, authentication, providing platform features, security.

Legal basis: Art. 6(1)(b) GDPR (contract/steps prior to contract) and Art. 6(1)(f) GDPR (security).

Retention: until you delete your account or we delete it under these terms; longer retention may apply where legally required.

6. Marketplace features (listings, bookings, chat, reviews, reports)

6.1 Provider listings (services, prices, images)

Providers can upload content (service descriptions, prices, images, availability, etc.). This may include personal data depending on the content.

Purpose: publishing and managing listings; enabling search and discovery.

Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR (platform operation).

6.2 Booking and appointment management (LatePoint)

We use a booking/appointment plugin (e.g., LatePoint). Depending on usage, we may process:

  • booking details (service, date/time, provider)
  • customer data entered for the booking (e.g., name, contact)
  • booking status/administrative information

Purpose: initiating and managing booking requests between customers and providers.

Legal basis: Art. 6(1)(b) GDPR.

6.3 Chat between customers and providers

If you use chat, we process:

  • message content
  • metadata (participants, timestamps)

Purpose: communication to arrange services and bookings.

Legal basis: Art. 6(1)(b) GDPR.

6.4 Reviews

If you leave a review, we process:

  • review text/content and rating
  • reference to the listing/provider
  • account identifier/username (where applicable)

Purpose: transparency, quality assurance, community functionality.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a review system) and/or Art. 6(1)(b) GDPR (part of platform service).

6.5 Reports (flagging content)

If you report a listing/content, we process:

  • the report content and reason
  • reference to the reported listing
  • identifiers of the reporting user (where applicable)

Purpose: moderation, abuse prevention, enforcement of platform rules, legal compliance.

Legal basis: Art. 6(1)(f) GDPR.

7. Payments (provider subscriptions)

Providers can purchase monthly subscriptions. We process:

  • transaction and billing data (amount, time, status)
  • invoice data where required (e.g., name/address if collected)
  • payment references/IDs

Payment services: Payments are processed via external payment providers (e.g., Klarna and a credit-card payment processor). We share the data necessary to process the payment with the relevant payment provider.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (legal obligations, e.g., accounting/tax retention where applicable).

Retention: statutory retention periods may apply to billing records.

8. Google Maps

We embed Google Maps to display locations/maps. When Google Maps loads, data (such as your IP address) may be transmitted to Google, and Google may set cookies or similar technologies.

Legal basis: consent (Art. 6(1)(a) GDPR) via your cookie/consent banner (except where strictly necessary).

Withdrawal: you can withdraw consent at any time via cookie settings.

9. Cookies and consent management

We use cookies and similar technologies:

  • Strictly necessary cookies (e.g., login, security, essential functionality)
  • Optional cookies/technologies (e.g., Google Maps) only after consent

You can manage your choices through the cookie banner/settings.

10. Recipients of personal data

Depending on how you use the platform, we may share data with:

  • hosting provider (Hostinger)
  • embedded services (e.g., Google Maps)
  • payment providers (e.g., Klarna and credit-card processor)
  • IT/support providers acting as processors
  • authorities/courts where we are legally required to do so

11. International transfers including Kosovo (important)

Because Aleo operates as a marketplace, providers may be located outside the EU/EEA, including Kosovo.

When you (as a customer) communicate with a provider or initiate a booking, we may share relevant personal data with that provider (e.g., your name/contact details you provide, booking details, chat messages). This can involve a transfer to a “third country” under the GDPR.

  • Purpose: enabling communication and service arrangement between customer and provider.
  • Legal basis: Art. 6(1)(b) GDPR (contract/steps prior to contract) and, for moderation/security, Art. 6(1)(f) GDPR.
  • Safeguards: Where we can, we use appropriate safeguards such as Standard Contractual Clauses. Please note that data protection levels in third countries may differ from those in the EU/EEA, and there may be risks (e.g., enforcement/access by local authorities under local law).

12. Retention

We keep personal data only as long as necessary for the purposes described above or as required by law. After that, we delete or anonymize it.

13. Your rights

Under the GDPR, you have the right to:

  • access (Art. 15)
  • rectification (Art. 16)
  • erasure (Art. 17)
  • restriction (Art. 18)
  • data portability (Art. 20)
  • object to processing based on legitimate interests (Art. 21)
  • withdraw consent at any time (Art. 7(3)) with effect for the future

To exercise your rights, contact: info@aleoservices.com

14. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. As the controller is based in Germany, the competent authority is generally the data protection authority in North Rhine-Westphalia (NRW), Germany.

15. Security

We implement technical and organizational measures to protect data (e.g., TLS/SSL encryption, access controls, security measures appropriate to risk).

16. Changes to this Privacy Policy

We may update this Privacy Policy if our services, legal requirements, or processing activities change.

Sign In

Don't have an account yet? Register

Forgot password?

Register

Reset Password

Please enter your username or email address, you will receive a link to create a new password via email.