Pallet Terminal
Back to homepage

Privacy Policy

1. Responsible Parties

This website is jointly operated by:

GS26 e.U.
Hauptstraße 136/6, 2372 Gießhübl, Austria
UID-Nr.: ATU70102159
Julian Meninger
Hadikgasse 64, 1140 Vienna, Austria
UID-Nr.: ATU82750168

2. Collection and Processing of Personal Data

When visiting our website, technical information is automatically collected (e.g. IP address, browser type, access time). This data is used exclusively to provide and secure the website and is not merged with other data sources.

Furthermore, we only collect personal data when you voluntarily provide it to us – for example, by signing up via our test signup form.

3. Test Signup Form

When you sign up via our test signup form, we collect your email address. This is used exclusively to contact you regarding access to the Pallet Terminal App.

Legal basis: Art. 6(1)(a) GDPR (consent). You can revoke your consent at any time by sending an email to info@hekner.com .

Data processor: The data submitted via the form is processed through the service Formspark (Formspark SRL, Belgium). Formspark acts as a data processor in accordance with Art. 28 GDPR.

4. Hosting

This website is hosted by Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). When accessing our pages, server log data is automatically collected. Vercel processes this data on our behalf based on a data processing agreement. Data transfer to the USA is based on the EU-US Data Privacy Framework.

5. Web Analytics (Vercel Analytics)

We use Vercel Analytics to evaluate website usage. Vercel Analytics works without cookies and does not collect personal data. Only aggregated, anonymous metrics are collected (e.g. page views, loading times).

6. Cookies

This website does not use tracking cookies. Technically necessary cookies may be used that are required for the operation of the website.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact info@hekner.com.

8. Pallet Terminal Mobile App (iOS / Android)

This section applies in addition to the foregoing provisions when you use our mobile app "HEKNER Paletten-Rücknahme / Pallet Terminal" on an iOS or Android device.

The app is provided to you via the Apple App Store (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) or the Google Play Store (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When you download and install the app, the respective store operator may process personal data (e.g. Apple ID, device ID, time of download). We have no influence over this processing; it is governed by the privacy policy of the respective provider.

9. User account

Using the app requires a user account. We process the following data:

  • First and last name
  • Email address
  • encrypted password (bcrypt hash, not stored in plain text)
  • role and organisation membership (e.g. employee, company administrator)
  • email verification status and timestamps for verification and password reset
  • session and authentication data (JWT tokens, server sessions)

Purpose: Authentication, assigning reports you create to the relevant organisation, app security and abuse prevention.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in secure operation).

10. Device permissions

The app only requests permissions it actually needs. You can revoke them at any time in your device settings.

  • Camera (NSCameraUsageDescription): To capture stack photos and detail shots of individual pallets as part of quality documentation.
  • Photo library (NSPhotoLibraryUsageDescription): So you can optionally insert existing photos as evidence into a report.

The app does not use location data, contacts or microphone recordings and does not send push notifications. There is no cross-app tracking within the meaning of Apple’s App Tracking Transparency (ATT); therefore no ATT prompt is shown.

11. Content created in the app (reports, photos, classifications)

When you create a return report, we process in particular the following data:

  • Photos of pallet stacks (four sides) and, where applicable, detail photos of damaged pallets
  • Quality classification per pallet (A, B, C, N) and quantities
  • Operator name, terminal/dock identifier, shift information
  • Supplier data (name, address) and storage location
  • technical scan metadata (e.g. mesh data, point count) – not personally identifiable
  • PDF reports generated from this

Purpose: Documentation of pallet returns towards suppliers and internally, quality assurance and evidence.

Legal basis: Art. 6(1)(b) and (f) GDPR and, where commercial or tax retention obligations apply, Art. 6(1)(c) GDPR.

12. Processors and data transfers

We use carefully selected service providers who process data solely on our instructions (Art. 28 GDPR):

  • Replit, Inc. 548 Market St #54729, San Francisco, CA 94104, USA – hosting of the backend application, the database (PostgreSQL) and stored PDF reports (object storage). Transfers to the USA are based on the EU-US Data Privacy Framework and/or EU Standard Contractual Clauses.
  • Resend (Resend, Inc.) 2261 Market Street #5039, San Francisco, CA 94114, USA – sending transactional emails (e.g. account confirmation, password reset, invitations). Transfers to the USA are based on Standard Contractual Clauses and/or the Data Privacy Framework.

We do not share your data for advertising purposes. We do not use advertising SDKs, third-party analytics trackers or crash reporting services (e.g. Firebase Analytics, Sentry, Mixpanel).

13. Storage period

  • Account data is stored for the duration of active use until the account is deleted.
  • Reports, photos and PDFs are kept as long as required for the business purpose, but at most within statutory retention periods (in Austria typically 7 years under Section 132 BAO or Section 212 UGB).
  • Session and log data are usually deleted automatically after 30 days.

14. Account and data deletion

You have the right at any time to have your user account and related personal data deleted.

  • In the app: Under Settings → Account → Delete account you can start deletion of your account directly.
  • By email: Alternatively, an informal message to info@hekner.com is sufficient.

After we receive a deletion request, your account and associated personal data will be deleted or anonymised within 30 days. Content whose retention is legally required (e.g. completed reports with tax relevance) will be restricted for the statutory retention period and then deleted.

15. Children

The app is aimed exclusively at business users and is not intended for persons under 16. We do not knowingly collect personal data from children.

16. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services.

Last updated: May 2026