Privacy- and Security-Statement of lunorsys


Introduction and Overview

This Document Privacy- and Security-Statement of lunorsys consists of multiple parts. The main parts are

General Privacy- and Security-Statements of lunorsys


This part regulate the general behavior of the entire company with regard to the privacy and data security of/for our customers and business partners.

Contact and responsible Persons

Lunorsys Technologie GmbH
Freiheitsstraße 124
15745 Wildau
Managing directors: Georg Lubrich
Phone number: +49 (0)176 231 95 401
E-mail address:

Basic Principles for processing data; Legal basis

This privacy statement explains to you the nature, scope and purpose of the personal data processed within our online offering and the websites, functions and content associated with it (hereinafter jointly referred to as “online offering” or “website”) as well as within the products, solutions and consulting services of our company (hereinafter referred to as “products and services”). The privacy statement applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offering or our products and solutions are handled.

As regards the use of terms such as “personal data” or “data processing”, we refer to the definitions in Art. 4 General Data Protection Regulation (GDPR).

The personal data of the users processed within the scope of the online offering, products and services include the general data (e.g. names and addresses of customers), contract data (e.g. services used, names of the responsible persons, payment information), usage data (e.g. the visited pages of our website, interest in our products) and content data (e.g., entries in contact forms).

The term “user” covers all categories of data subjects affected by data processing. These include our business partners, customers, interested parties and other visitors to our website. Terms such as “user” are used in a gender-neutral sense.

We process users’ personal data only in compliance with the relevant data protection regulations. This means that users’ data is only processed if legal permission has been given for this. This refers in particular to data processing that is necessary for providing our contractual services (e.g. processing of orders) and online services, or that is required by law or if consent has been given by the user as well as on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our website and in securing our online offering within the meaning of Art. 6 (1) lit. f. GDPR, particularly for range measurement, creating profiles for advertising and marketing purposes, collecting access data and using the services of third parties).

The legal basis for obtaining consent is Art. 6 (1) lit. a. and Art. 7 GDPR, the legal basis for processing data to enable us to perform our services and carry out contractual measures is Art. 6 (1) lit. b. GDPR, the legal basis for processing data to enable us to fulfil our legal obligations is Art. 6 (1) lit. c. GDPR and the legal basis for processing data to preserve our legitimate interests is Art. 6 (1) lit. f. GDPR.

Security Measures

We apply organisational, contractual and technical security measures in accordance with the latest technological standards to ensure that the provisions of the data protection laws are complied with and to thereby protect the data processed by us from accidental or intentional manipulation, loss, destruction or from access by unauthorised persons.

The security measures include in particular the encrypted transmission of data between your browser and our server.

Data Transfer to Third-Parties and Third-Party Suppliers

Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) lit. b) GDPR or for legitimate interests in efficiently and effectively managing our business operations pursuant to Art. 6 (1) lit. f. GDPR.

If we use subcontractors to provide our services, we will take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

If content, tools or solutions of other providers (hereinafter jointly referred to as “third party providers”) are used within the scope of this privacy statement and their named offices are domiciled in a third country, it must be assumed that data is transferred to the country of domicile of the third party providers. Third countries are countries in which the GDPR is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data is transferred to third countries either if there is an appropriate level of data protection, if the user has consented to the aforesaid transfer or other legal permission has been obtained.


If you have any problems using our products, you may contact our support team. We use a Ticketing-System (Service-Management-System) to handle your support request. To stay in contact to you we process and store data (e.g. name of the requesting person, e-mail, company, the description of the support request) in that Service-Management-System.

Depending on the issue we may request files (screenshots, logfiles, example data files), which you are free to give to us. All files, including any data that is transferred with them, are only used by us to analyze and solve your individual issues, nothing further.

We use the Service-Management-System “Jira Cloud” of the service provider Atlassian. This Service- Management-System “Jira Cloud” transfers any data over the internet to the Atlassian services. The data is stored there. Privacy policy:


When contacting us (for example via the contact form, e-mail, fax, letter, personal conversation or telephone (this list is not complete)), the user’s details may be processed in order to handle the contact request and its settlement in accordance with Art. 6 (1) lit. b) GDPR.

The user data may be stored in our Customer Relationship Management System (“CRM system”) or comparable inquiry system.

User rights

Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.

Users also have the right to demand correction of their incorrect data, to have the processing of their personal data restricted or have it deleted, and are entitled, where applicable, to exercise their rights in respect of data portability and, in the event of suspicion of unlawful data processing, to file a complaint at the competent supervisory authority.

Users can also revoke their consent, in all cases with effect for the future.

Deletion of data

The data stored by us will be deleted as soon as it is no longer required for the intended purpose and provided no legal obligations exist to retain said data. If the user’s data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax reasons.

In accordance with legal requirements, the storage period for commercial accounts, inventories, opening balance sheets, annual financial statements, business letters, accounting vouchers etc. under section 257 (1) HGB (German Commercial Code) is 6 years and for accounts, records, management reports, accounting vouchers, commercial and business letters, taxation-relevant documents etc. under section 147 (1) AO (German Fiscal Code) 10 years.

Revocation right

Users may at any time object to the future processing of their personal data in accordance with the statutory provisions. The objection may in particular be lodged against processing for the purposes of direct marketing.

Changes to the Privacy Statement

We reserve the right to change our privacy statement in order to adapt it to altered legal situations or in the event of changes to the service or data processing. However, this only applies to declarations regarding data processing. If users are required to give consent or components of the privacy statement contain provisions concerning the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of the privacy statement.

Privacy-Statements for websites and webservices


All of the following statements in this section relate to the use of websites and webservices provided by lunorsys.

The statements are collected here so that one can refer here from the various other sections.

These statements may apply to a specific website or webservice. For each website or webservice you will find a specific section in this document stating which of the statements here apply to the specific website or webservice.

If you do not find a specific section for the website or webservice you are interested in, you have to assume that all of the following sibling sections apply.

Collecting Access Data and Logfiles

On the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website (or webservice) accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is generally stored for maximum of 3 months and then deleted. Lunorsys evaluates the log data only for purposes so that the service can be operated, made secure and optimized. In some cases it is necessary to store the some data of the log files longer than the period mentioned above. These cases are:


Cookies are items of information that are transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

We use “session cookies” that are stored solely for the duration of the current visit to our website (e.g. to enable your login status or the shopping cart function to be stored and thereby enable our online offering to be used in the first place). A random-generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when, for example, you finish using our online service and log out or close your browser.

If users do not wish cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. Please note that the exclusion of cookies can restrict some of the functionalities of this online offering.

You may oppose the use of cookies for range measurement and advertising purposes via the network advertising initiative’s opt-out page under and via the US website or the European website

Google Analytics

We use Google Analytics, a web analytics service provided of Google Inc. (“Google”) on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our online offering within the meaning of Art. 6 (1) lit. f. GDPR). Google uses cookies. The information generated by the cookie about how our online offering is used is usually transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement which guarantees compliance with the European data protection laws.

Google uses this information on our behalf to evaluate how our online offerings are used, to compile reports on the activities within this online offering and provide us with other services associated with the use of this online service and the internet. Pseudonymous user profiles of the users can be created from the processed data.

We use Google Analytics solely with activated IP anonymisation. This means that Google abbreviates the user’s IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being saved by selecting the appropriate settings on their browser; they can also prevent the data generated by the cookies and relating to their use of the online offering from being collected by Google as well as prevent aforesaid data from being processed by Google by downloading and installing the browser plug-in available under the following link:

As an alternative to the browser add-on or for browsers on mobile devices, please click this link to prevent Google Analytics from collecting data from this website in the future. An opt-out cookie will then be stored on your device. If you delete your cookies, you must activate this link again.

Deactivating Google Analytics

Further information on the use of data by Google, the setting possibilities and means of opt-out can be found on the Google website:

We use the “Google Tag Manager” to integrate and manage Google’s analysis and marketing services into our website.

Integrating Services and Contents of Third Parties

As part of our online offering, we use content or service offerings of third parties on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our online offering within the meaning of Art. 6 (1) lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter jointly referred to as “content”). This always presupposes that the third-party providers of this content can note the user’s IP address, otherwise they would not be able to send the content to the browsers of the aforesaid users without the IP address. The IP address is therefore required for presenting this content. We endeavour to only use the content of providers that use the IP address solely for the distribution of content. Third parties can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can include technical information about the browser and operating system, referring websites, visiting times and other information about the use of our website, and can also be linked to such information from other sources.

Below is a list of the third-party providers and their contents, along with links to their privacy statements which contain further information on how data is processed and on the opt-out possibilities, some of which have already been named here:

Privacy-Statements for the website ‘’

The website or has the following privacy statements.

All statements of the section 2 General Privacy- and Security-Statements of lunorsys apply.

This website uses cookies so the statements of section 3.3 Cookies apply.

This website uses Google Analytics so section 3.4 Google Analytics apply.

This website uses content of third-party providers so the section 3.5 Integrating Services and Contents of Third Parties apply. The website uses content of the following third-party services/providers. Explicitly mentioned

This website has a contact form so the section 2.8 Contact apply.

This website uses logfiles so the section 3.2 Collecting Access Data and Logfiles apply.

Common Privacy- and Security-Statements for all Atlassian Cloud Apps


The statements in this section apply to all Atlassian Cloud Apps provided by lunorsys.

Lunorsys Apps provides hosted services (“Cloud Apps”) for Atlassian Cloud Products. The Apps are delivered through the Atlassian Connect App framework (“Atlassian Connect”). Cloud Apps can be identified by the “Cloud” category in the corresponding Atlassian Marketplace listing.

For every Atlassian Cloud App provided by lunorsys the statements of the section General Privacy- and Security-Statements of lunorsys apply.

For each Atlassian Cloud App provided by lunorsys you will find a specific section in this document. That section describes the privacy statements for that specific app more in more detail.

Customer Data

We do not have any access to customer data beyond the information provided by Atlassian Marketplace over the course of evaluating or purchasing our products and are not going to change that in the future. Therefore, we do not use this data for e.g. analysis, except for data anonymized by Atlassian.

Responsibility border between Atlassian and lunorsys

Respecting section 8.4 (d) of the Atlassian Marketplace Vendor Agreement ( ) it shall be made clear that Atlassian is not responsible for the privacy, security or integrity of End User Data as defined in the Atlassian Marketplace Vendor Agreement section 8.4. (a) collected or processed by lunorsys or by lunorsys’s marketplace apps.

Privacy- and Security-Statements for the “Version Info” - App


These statements refers to the Atlassian Cloud App “Version Info” produced by lunorsys.

All statements of the section General Privacy- and Security-Statements of lunorsys apply.

All statements of the section Common Privacy- and Security-Statements for all Atlassian Cloud Apps apply.

What data is accessed/processed by this app

To fulfill the purpose of this app, the app is reading/accessing the version information of the Confluence Cloud page on which the “Version Info”-Macro has been placed on. This information is transferred from the Atlassian Servers to the servers running the app. This information is then only reformatted and send back as the result of the “Version Info”-Macro.

What data is stored/collected by this app


The app is a webservice and uses logfiles. Therefor the statements in section Collecting Access Data and Logfiles apply.

Where is the data stored

The app servers are located in Germany near Frankfurt. The log files are stored there. It is possible that in future lunorsys will change the geographical location to be closer to the Atlassian Servers to achieve short response times.