DATA PRIVACY


Data protection declaration for website operators according to the requirements of the GDPR

The trustful handling of your data is our top priority. We want to give you the greatest possible protection of your privacy. We process your data provided by the use of the website only within the scope of the consent you have given and the legal data protection regulations. Processing is based on this data protection declaration. The use of our website is usually possible without providing personal data. Insofar as personal data (e.g. name, address or email address) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent. We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. It is not possible to completely protect data from third-party access. We hereby expressly object to the use of contact data published within the framework of the imprint obligation by third parties for sending unsolicited advertising and information material. The site operators expressly reserve the right to take legal action in the event that unsolicited advertising information is sent, such as spam e-mails. The data protection declaration will be updated if necessary. We will inform you about the updated conditions on the screen and then ask you to accept the changed conditions.

Status of data protection declaration: August 2020

1. Responsible authority

Kimodu GmbH
Represented by Managing Director Rainer Manetstätter

An der Flur 5d, 85604 Zorneding, Germany

Tel .: +49.8106.9998.481
Email: contact@kimodu.com

2. Data collected

We collect personal data based on your consent, to fulfill the contract and / or to fulfill a legal obligation. Personal data is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address or user behavior. Information for which we can make no (or only disproportionate) reference to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (such as collecting, querying, using, storing or transmitting) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention requirements. If we process your personal data for the provision of certain services, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

2.1 Provision and use of the website

a. Type and scope of data processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which access is made (referrer URL)
- The browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

b. Legal basis
Art. 6 para. 1 lit. f GDPR serves as the legal basis. The processing of the data mentioned is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.

c. Storage period
As soon as the above data is no longer required to display the website, it will be deleted. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is consequently no possibility for the user to object. Further storage can take place in individual cases if this is required by law.

2.2 Contact form

a. Type and scope of data processing
On our website we offer you to contact us using the form provided. As part of the submission process of your request via the contact form, reference is made to this data protection declaration to obtain your consent. If you use the contact form, the following personal data will be processed about you:
- Name
- Email
- Message

Providing your email address serves the purpose of assigning your request and being able to respond to you. When using the contact form, your personal data will not be passed on to third parties.

b. Legal basis
The data processing described for the purpose of establishing contact is carried out in accordance with Art. 6 Para. 1 lit. a GDPR on the declaration of consent you voluntarily submitted below:
By entering my data and clicking the "Send request" button, I declare my consent to the processing of my email address, my name and customer number for answering my contact request. I have read and accept the current data protection declaration. I can revoke this consent at any time with future effect by contacting contact@kimodu.com.
You can revoke your consent to the use of your personal data at any time by sending an email to the above-mentioned email address with future effect.

c. Storage period
As soon as the request you have made and the matter in question has been finally clarified, the personal data processed via the contact form will be deleted by you. Further storage can take place in individual cases if this is required by law.

2.3 Processing of personal data for advertising purposes (newsletter)

a. Type and scope of data processing
We would be happy to inform you about news, offers and topics related to Kimodu CRM and our services in our newsletter if you have given us your consent or if this corresponds to the legal regulations.

- Email address

By registering (double opt-in procedure) for the newsletter using your email address, you agree to receive the newsletter. The data collected will only be used to send the newsletter. Our newsletter is sent via the service provider Mailchimp. The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

b. Legal basis
The processing of your email address for sending the newsletter is based on Art. 6 Para. 1 lit. a GDPR on the declaration of consent you voluntarily submitted below:

Declaration of consent for the newsletter:

"I agree that Kimodu GmbH processes my personal data in order to be informed regularly about news, offers, services and general topics of Kimodu GmbH by email. My personal data is processed in accordance with the provisions of the data protection declaration. I can withdraw my consent to Kimodu GmbH at any time." You can revoke your consent to receive the newsletter and the associated data collection and storage at any time. The revocation takes place via a link in the newsletter or by informal notification to Kimodu GmbH, An der Flur 5d, 85604 Zorneding, Germany or by email to contact@kimodu.com.

c. Storage period
Your email address will be saved for as long as you have subscribed to the newsletter. After unsubscribing from the newsletter, your email address will be deleted. Further storage can take place in individual cases if this is required by law.

3. Disclosure of data

We only pass on your personal data to third parties if:
- You expressly consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR
- this is legally permissible and according to Art. 6 para. 1 sentence 1 lit. b GDPR is required to fulfill a contractual relationship with you
- according to Art. 6 Para. 1 S. 1 lit. c GDPR for the transfer there is a legal obligation to transfer
- according to Art. 6 Para. 1 S. 1 lit. f GDPR is necessary to protect legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

4. Rights of those affected

As a person affected by the processing of your data, you can assert certain rights with us in accordance with the GDPR and other relevant data protection regulations. The following section contains explanations about your rights as a data subject under the GDPR.
According to the GDPR, you have the following rights vis-à-vis Kimodu in particular:
Right to information under Art. 15 GDPR: You can request information from us at any time about your data that we hold about you. This information concerns, among other things, the data categories processed by us, for what purposes we process them, the origin of the data if we did not collect it directly from you, and, if applicable, the recipients to whom we have transmitted your data. You can get a free copy of your data from us. If you are interested in additional copies, we reserve the right to charge you for the additional copies.
Right to correction according to Art. 16 GDPR: You can ask us to correct your data. We will take reasonable measures to keep your data that we hold and process about you correctly, completely and up to date, based on the most current information available to us.
Right to deletion according to Art. 17 GDPR: You can ask us to delete your data, provided the legal requirements are met. According to Art. 17 GDPR this can be the case if
- the data is no longer required for the purposes for which it was collected or otherwise processed;
- you withdraw your consent, which is the basis of the data processing, and there is no other legal basis for the processing;
- you object to the processing of your data and there are no overriding legitimate reasons for the processing, or you object to the data processing for direct marketing purposes;
- the data has been processed unlawfully unless processing is necessary,
- to ensure compliance with a legal obligation that requires us to process your data;
- in particular with regard to statutory retention periods;
- to assert, exercise or defend legal claims.
Right to restriction of processing according to Art. 18 GDPR: You can ask us to restrict the processing of your data if
- You contest the accuracy of the data for the period of time it takes us to verify the accuracy of the data;
- the processing is unlawful and you refuse to have your data deleted and instead request a restriction of use;
- we no longer need your data, but you need it to assert, exercise or defend legal claims;
- You have objected to the processing, as long as it is not certain whether our legitimate reasons outweigh yours.
Right to data portability according to Art. 20 GDPR: Upon your request, we will transfer your data - insofar as this is technically possible - to another person responsible. However, you only have this right if the data processing is based on your consent or is necessary to carry out a contract. Instead of receiving a copy of your data, you can also ask us to send the data directly to another person you have specified.
Right to object according to Art. 21 GDPR: You can object to the processing of your data at any time for reasons that arise from your particular situation, provided the data processing is based on your consent or on our legitimate interests or that of a third party. In this case we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or we need your data to assert, exercise or defend legal claims.

Deadlines for the fulfillment of data subject rights
We always strive to respond to all inquiries within 30 days. However, this period may be extended for reasons that relate to the specific right of the data subject or the complexity of your request.

Restriction of information on the fulfillment of data subject rights
In certain situations, due to legal requirements, we may not be able to provide you with all of your data. If we have to reject your request for information in such a case, we will also inform you of the reasons for the rejection.

Complaint to regulatory authorities
Kimodu takes your concerns and rights very seriously. However, if you believe that we have not sufficiently responded to your complaints or concerns, you have the right to file a complaint with a competent data protection authority.

5. Cookies and tracking on our websites

Our websites sometimes use so-called cookies. Cookies do no damage to your computer and contain no viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". Most of them will be automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies enable us to recognize your browser the next time you visit. Session cookies are usually first party cookies (such as those created by our underlying WordPress CMS) that are sent back to the website on which they were created. Third party cookies are cookies from external third party providers whose plugins / services use a website. These are sent to another website to which they belong (such as performance cookies from Google Analytics).
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

There are two types of cookies:

Cookies without consent
Strictly necessary cookies, also called "strictly necessary", guarantee functions without which you would not be able to use this website as intended. These cookies are used exclusively by Kimodu and are therefore so-called first party cookies. They are only saved on your device during the current browser session. Strictly necessary cookies ensure, for example, that when switching pages, the functionality of a switch from http to https and thus compliance with increased security requirements for data transmission is guaranteed. Your consent is not required for the use of strictly necessary cookies.

Cookies requiring approval
Cookies, which according to the above definition are not absolutely necessary to use the website, fulfill important tasks. Without these cookies there are functions that enable comfortable browsing on our website, e.g. pre-filled forms or the shopping cart are no longer available. Settings you have made cannot then be saved and must therefore be queried again on each page.

Kimodu also integrates third party content into this website. Examples of this are the integration of Google Analytics. These third-party providers can theoretically set cookies while you visit our website and thereby receive information about your surfing behavior. Please visit the websites of third-party providers for more information about their use of cookies. If you have decided not to grant or withdraw your consent to the use of cookies that require consent, only those functionalities of our website will be made available to you, the use of which we can guarantee without these cookies. Areas of our website that potentially offer the technical possibility of integrating third-party content and thus setting third-party cookies are no longer available to you in this case.

Categories
Depending on their function and purpose, cookies can be divided into four categories: Strictly Necessary Cookies, Functional Cookies, Performance Cookies and Cookies for Marketing Purposes.

Strictly necessary cookies
Strictly necessary Cookies are required so that you can move around a website and use its properties. Without these cookies, functionalities cannot be guaranteed, for example that actions performed during a visit (e.g. text entry or search) are retained, even when navigating between individual pages of the website.

Functional cookies
Functional cookies enable a website to save information that has already been given (e.g. navigation tree type, filter settings for viewing) and to offer the user improved, more personal functions. Functional cookies are used, for example, to enable requested functions such as playing teasers. These cookies collect anonymized information, they cannot track your movements on other websites.

Performance cookies (user tracking)
Performance cookies collect information about how a website is used - such as which pages a visitor visits most frequently and whether he receives error messages from a page. These cookies do not store any information that allows the user to be identified. The information collected is aggregated and thus evaluated anonymously. These cookies are only used to improve the performance of a website and thus the user experience.

Marketing cookies
Cookies for marketing purposes are used to display advertisements that are relevant to the user and tailored to his interests. They are also used to limit the number of times an ad appears and to measure the effectiveness of advertising campaigns. You register whether you have visited a website or not. This information can be shared with third parties, e.g. B. Advertisers can be shared. Cookies to improve targeting and advertising are often linked to page functionalities of third parties.

The website itself uses no cookies

Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

6. Data security

We protect your personal data from the risks associated with data processing, in particular from unauthorized access, use or publication. For this purpose, we maintain appropriate technical and organizational measures in accordance with Art. 32 GDPR (so-called TOM’s), which are based on the current state of the art. The following security measures are used as an example to protect your personal data from misuse or other unauthorized processing:
- Access to personal data is restricted only to a limited number of authorized persons for the stated purposes.
- The data collected is only transmitted in encrypted form.
- Sensitive data such as passwords are only stored in encrypted and non-reversible form.
- The IT systems for processing the data are technically isolated from other systems to prevent unauthorized access e.g. through hacking.
- Access to the IT systems is constantly monitored in order to identify and prevent abuse at an early stage.

Our website and general services are provided by our long-time hosting provider Host Europe GmbH, Welserstraße 14, 51149 Cologne, Germany, on German servers in the DataCenter Cologne and alternatively in Strasbourg, France.