Privacy Policy

Last updated: 2026-07-05

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Sören Padel
Örträsk 48
935 93 Norsjö
Sweden

Email: info@alitero.eu
Phone: +46 7676 95415 / +49 157 3004 1651

2. Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing:

  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email addresses)
  • Content data (e.g., text entries, photographs, location data)
  • Usage data (e.g., pages visited, access times)
  • Meta/communication data (e.g., IP addresses, browser information)

3. Legal Basis

The following is an overview of the legal bases of the GDPR on which we process personal data:

  • Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract Performance (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party.
  • Legitimate Interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller.

4. Security Measures

We implement technical and organizational security measures in accordance with the state of the art:

  • Encryption of data transmission via SSL/TLS
  • Secure password storage with Argon2id hashing
  • Protection against Cross-Site-Scripting (XSS) and SQL injection
  • Regular security updates
  • Access restrictions and authorization concepts

5. Registration and User Accounts

Users can create a user account. The following data is collected during registration:

  • Username
  • Email address
  • Password (stored encrypted)

Legal basis: Contract performance (Art. 6(1)(b) GDPR).
Storage duration: Data is stored as long as the user account exists. After account deletion, data will be deleted within 30 days, unless legal retention obligations apply.

6. User Content and Location Data

Registered users can create locations (Points of Interest) with the following data:

  • Name and description of the location
  • GPS coordinates (longitude and latitude)
  • Address
  • Category and properties
  • Photographs
  • GPX track files

Important Notice: Even entries marked as "private" or "shared" can be viewed by moderators and administrators of this platform. This is necessary to ensure compliance with our terms of use and to remove abusive content.

Legal basis: Contract performance and legitimate interests.
Storage duration: Until deletion by the user or until account deletion.

7. Web Analytics with Umami

We use Umami, a privacy-friendly web analytics software, to create anonymous visitor statistics.

Privacy-friendly analytics: Umami does not collect personal data, does not use cookies, and respects "Do Not Track" settings. Only anonymous, aggregated statistics are created.

The following data is collected anonymously:

  • Pages visited (without personal identification)
  • Approximate location (country/region only, no precise localization)
  • Browser and operating system used
  • Referring website
  • Screen resolution

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) in improving our service.
No consent required: As no personal data or cookies are used, no consent is required.

8. Cookies and Local Storage

We only use technically necessary cookies and local storage:

  • Session cookie: For login and session management (deleted when browser closes)
  • Language setting: Storage of the selected language
  • Theme setting: Storage of the selected display mode (light/dark mode)
  • CSRF token: Protection against Cross-Site Request Forgery

Legal basis: These cookies are strictly necessary for the operation of the website.

9. No Disclosure to Third Parties

We do not share your personal data with third parties unless:

  • You have given your explicit consent
  • Disclosure is required to fulfill legal obligations
  • Disclosure is made to processors in compliance with Art. 28 GDPR

10. Hosting

Our website is hosted on servers within the European Union. The hosting provider processes data on our behalf and is contractually obligated to comply with the GDPR.

11. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint (Art. 77 GDPR)

To exercise your rights, please contact: info@alitero.eu

12. Account Deletion

You can delete your user account at any time in the account settings or by contacting us via email. Upon deletion:

  • All your personal data will be deleted
  • All content you created (locations, images, GPX tracks) will be deleted
  • Recovery is not possible

13. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to comply with changed legal situations or when changes are made to the service. The current version can always be found on this page.