GDPR Compliance

How FEBVSLog protects your data in accordance with the General Data Protection Regulation

GDPR Compliant Platform

FEBVSLog is designed from the ground up to comply with the EU General Data Protection Regulation (GDPR, Regulation 2016/679). All data is stored on EU-based servers and processed in accordance with GDPR principles.

Our GDPR Commitments

FEBVSLog adheres to the following GDPR principles:

  • Lawfulness, fairness, and transparency — we collect only the data necessary to provide the service and are transparent about how it is used
  • Purpose limitation — your data is used only for the purposes described in our Privacy Policy
  • Data minimisation — we collect only the minimum data required for the service to function
  • Accuracy — you can update or correct your data at any time through the Profile settings
  • Storage limitation — data is retained only as long as your account is active
  • Integrity and confidentiality — all data is encrypted in transit (HTTPS) and passwords are hashed using bcrypt

Your GDPR Rights

Right of Access

You can request a complete copy of all personal data we hold about you at any time by contacting [email protected].

Right to Rectification

You can correct inaccurate personal data directly through the Profile settings in your dashboard, or by contacting us.

Right to Erasure ('Right to be Forgotten')

You can request complete deletion of your account and all associated data. We will process deletion requests within 30 days.

Right to Data Portability

You can export all your procedure data at any time in CSV format from the Export tab. This gives you a machine-readable copy of your data.

Right to Restrict Processing

You can request that we limit how we process your data while a dispute or review is ongoing.

Right to Object

You can object to the processing of your personal data at any time. Contact us at [email protected].

Data Storage and Security

All FEBVSLog data is stored on secure, EU-based servers. The following technical and organisational measures are in place to protect your data:

  • All connections encrypted via HTTPS/TLS 1.3
  • Passwords hashed using bcrypt (never stored in plain text)
  • Session authentication using signed, HTTP-only cookies
  • Database access restricted to application server only (no public access)
  • Regular security updates and dependency audits

Data Transfers

FEBVSLog does not transfer your personal data outside the European Economic Area (EEA). All data processing and storage occurs within the EU.

Cookies

FEBVSLog uses only one cookie: a strictly necessary session cookie that maintains your login state. This cookie:

  • Is HTTP-only (not accessible to JavaScript)
  • Is Secure (only transmitted over HTTPS)
  • Does not track you across other websites
  • Expires when you sign out or after a period of inactivity

We do not use advertising cookies, third-party analytics cookies, or any non-essential cookies. No cookie consent banner is required as we use only strictly necessary cookies.

Legal Basis for Processing

We process your personal data under the following GDPR legal bases:

  • Contract performance (Art. 6(1)(b)) — processing your account and procedure data to provide the logbook service you registered for
  • Legitimate interests (Art. 6(1)(f)) — maintaining security logs and preventing fraud

Data Protection Officer

For all GDPR-related enquiries, data subject requests, or to report a data protection concern, please contact:

Email: [email protected]
Response time: Within 30 days of receipt

You also have the right to lodge a complaint with your national data protection supervisory authority. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

For more details, see our full Privacy Policy.