Privacy Policy
Section 1: General information
Your personal data are processed by us solely in accordance with the provisions of German data protection law and the data protection laws of the European Union (EU). In addition to the information on the purpose of processing, legal basis, recipients and period of storage, the following provisions also provide information on your rights and on the controllers processing your data. This Privacy Policy applies only to our website. If you follow any links on our website to access other websites, please see the information on those websites about how they deal with your data.
Section 2: Contact
(1) Purpose of processing
We process the personal data you provide us with by email, via the contact form, etc. to respond to your queries and deal with your requests. You are not obligated to provide us with your personal data. However, if you do not provide your email address we will be unable to respond to you by email.
(2) Legal basis
Art. 6 (1) (a) of the General Data Protection Regulation (GDPR) forms the legal basis for the processing of your data if you have granted us your express consent. If we process your data to take steps prior to entering into a contract, then Art. 6 (1) (b) of the GDPR forms the legal basis for this. In all other cases (particularly when using a contact form) the legal basis is Art. 6 (1) (f) of the GDPR.
(3) Categories of recipients
Hosting service providers, delivery service providers in the case of direct marketing
(4) Period of storage
Your data are erased when it can be inferred from the circumstances that your query or the relevant facts have been conclusively clarified.
However, if a contract is concluded, the data required by commercial and tax law will be stored by us for the legally stipulated time period – usually ten years (cf. Section 257 of the German Commercial Code (HGB), Section 147 of the German Tax Code (AO)).
Section 3: Comments
(1) Purpose of processing
You have the option of posting a comment. Your data (e.g. name/pseudonym, email address, website) are then only processed for the purpose of publishing your comment.
(2) Legal basis
The legal basis for this processing is Art. 6 (1) (f) of the GDPR.
(3) Legitimate interest
Our legitimate interest is the public exchange of user opinions on specific topics and products. Publishing the comments helps to achieve transparency and allows the formation of opinions. Your interest in protecting your data remains preserved as you may post your comment under a pseudonym.
(4) Period of storage
No specific period of storage is envisioned. You may request that your comment is erased at any time.
Section 4: Information on cookies
The legal basis for using cookies is Section 25 of the German Telecommunications-Telemedia Data Protection Act (TTDSG) alongside the provisions of the GDPR. A distinction is made between cookies that are strictly necessary for operating our online services and those that are not. Strictly necessary cookies may also be placed without your consent. Non-essential cookies, however, always require your consent, even when this is not required by the GDPR (for example if the legal basis is a legitimate interest or the data is not personal data).
We ask for your consent before we save non-essential cookies.
There are various ways you can prevent your device from accepting cookies:
- When accessing our website you can use the Consent Manager to decide which cookies to accept and not accept. Sometimes you will only be able to accept or reject all cookies or certain groups of cookies.
- You can also change your browser settings to never accept cookies. If you reject all cookies, this may result in certain functions being lost which rely on cookies.
- You can also open websites in private browsing mode. Private browsing does not allow cookies to be placed and all cookies are cleared when you close the website.
- In addition, some browsers/browser plug-ins have the option of different default settings which accept or reject all cookies as standard.
(1) Purpose of processing
Different types of cookies are used and stored on your computer whenever you use our website. Cookies are small text files that are stored on your computer or mobile device when you visit our website. By collecting cookies, we are able to gather different kinds of information. We use the following types of cookies:
- Cookies may be necessary for the proper functioning of our website. By placing cookies we can determine, for example, that you have visited our website.
- We can also provide you with more user-friendly services that would be impossible to provide without the use of cookies.
- With the help of cookies, information and services on our website can be optimised to meet the specific requirements of the user, for example. As mentioned earlier, cookies allow us to recognise you on our website. The purpose of this recognition is to make it easier for you to use our website.
- Cookies may, however, also be used for analysing website use. These analyses determine, for instance, how many users visited the website and where the website could be improved. These analyses, however, do not establish a connection between you and the statistics created on the basis of the data collected. If cookies are being used by us for the purpose of website analysis, you will be informed of this.
- With the help of cookies, information and services on our website can be optimised to meet the specific requirements of the user, for example. As mentioned earlier, cookies allow us to recognise you on our website. The purpose of this recognition is to make it easier for you to use our website.
(2) Cookies used
(3) Legal basis
Art. 6 (1) (a) of the GDPR forms the legal basis if you have given us your consent. In all other cases, Art. 6 (1) (f) of the GDPR serves as the legal basis for processing as we have a legitimate interest in using cookies.
(4) Legitimate interest
Our legitimate interest lies in the proper functionality of our website. User data collected by means of strictly necessary cookies is not used to create user profiles, preserving your interests in protecting your data. Other types of cookies help us to continually improve our website and to make our website as convenient to use as possible.
(5) Period of storage
Strictly necessary cookies are generally deleted upon closing your browser. Permanently stored cookies have different lifetimes ranging from a few minutes to several years.
(6) Right to withdraw and RIGHT TO OBJECT
If you have given your consent, you may withdraw it at any time with future effect, provided your consent is not in relation to necessary cookies.
Section 5: Our social media profiles
5.1. Instagram
We have a company Instagram (Meta) profile. We use this to introduce our company, to engage directly with you and for our own advertising.
(1) Purpose of processing
Meta provides us with analysis data about the use of our company profile. This gives us an insight into how successful our individual communication measures have been.
Please see Meta’s Privacy Policy for more information about data protection: https://privacycenter.instagram.com/policy
(2) Legal basis
Analysis of usage behaviour on our Instagram profile. The legal basis is your consent, which you gave when signing up for your Instagram account.
In accordance with a judgment of the Court of Justice of the European Union (CJEU), Meta and Kolibri are joint controllers responsible for the use of this analysis data pursuant to Art. 26 of the GDPR. Meta has issued a corresponding Controller Addendum (https://www.facebook.com/legal/terms/page_controller_addendum). In this agreement Meta assumed sole responsibility for all questions of data protection. If you want to assert your rights under the GDPR in relation to the data processed by Page Insights you should contact Meta directly via your Meta account. You are also free to contact us with your concerns in accordance with the statutory provisions on joint controllership. We will then pass these concerns on to Meta.
Meta user name, comments, Likes and pages accessed within Facebook/Instagram as well as the time of the action
(4) Categories of recipient
Meta Platforms Inc., contactable via Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland for us as an organisation in the EU. Meta guarantees that data will be dealt with in accordance with the EU standard for data protection by concluding standard contractual clauses relating to data protection.
(5) Period of storage
Meta is responsible for determining how long data are stored for.
5.2. LinkedIn
We have a company LinkedIn profile. We use this to introduce our company, to engage directly with you and for our own advertising.
(1) Purpose of processing
LinkedIn provides us with analysis data about the use of our company profile. This gives us an insight into how successful our individual communication measures have been.
Please see LinkedIn’s Privacy Policy for more information about data protection: https://www.linkedin.com/legal/privacy-policy
(2) Legal basis
Analysis of usage behaviour on our LinkedIn profile. The legal basis is your consent, which you gave when signing up for your LinkedIn account.
(3) Data categories
LinkedIn user name, comments, Likes and pages accessed within LinkedIn as well as the time of the action
(4) Categories of recipient
LinkedIn Corp., contactable via LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland for us as an organisation in the EU. LinkedIn guarantees that data will be dealt with in accordance with the EU standard for data protection by concluding standard contractual clauses relating to data protection.
(5) Period of storage
LinkedIn is responsible for determining how long data are stored for.
5.3. Xing
We have a company Xing profile. We use this to introduce our company, to engage directly with you and for our own advertising.
(1) Purpose of processing
Xing provides us with analysis data about the use of our company profile. This gives us an insight into how successful our individual communication measures have been.
Please see Xing’s Privacy Policy for more information about data protection: https://privacy.xing.com/en/privacy-policy
(2) Legal basis
Analysis of usage behaviour on our Xing profile. The legal basis is your consent, which you gave when signing up for your Xing account.
(3) Data categories
Xing user name, comments, Likes and pages accessed within Xing as well as the time of the action
(4) Categories of recipient
New Work SE (operator of xing.com), Dammtorstraße 30, 20354 Hamburg, Germany. Data is not transferred to third countries.
(5) Period of storage
Xing is responsible for determining how long data are stored for.
Section 6: Webinars/video conferences
We offer webinars via video conference. You may take part with and without video/audio signal, a profile picture, background image, raising your hand or being active in the chat. Your camera and microphone will only be accessed with your corresponding consent.
All participants are asked to give their consent before video conferences are recorded. If recording does take place it may be automatically or manually transcribed.
Fully or partially taking screenshots or making recordings is expressly prohibited. This behaviour is a breach of data protection. Secretly recording the words spoken may be a criminal offence. We reserve the right to take corresponding legal action of any type.
(2) Legal basis
Use of a video conference to take part in a webinar to fulfil a contract. The legal basis for recordings is your consent.
(3) Data categories
User name, email address; attendance times; video/audio signal; video/audio recording (only with consent); audio transcript (only after recording); chat activity, mute status; profile data (profile picture, contact data, background image), log file (IP address, device identification, activity log)
(4) Categories of recipient
Providers of video conference systems. If the provider transfers data to third countries, the provider guarantees that data will be dealt with in accordance with the EU standard for data protection.
(5) Period of storage
If the webinar is not recorded, all data are erased at the end of the video conference. If the video conference is recorded, the recordings are erased as soon as the last purpose for which the recording was made has been achieved.
Section 7: General infrastructure
7.1. Emails, contact directory, calendar
(1) Purpose of processing
We use exchange accounts to record data groups together. Emails that you send to us or receive from us, as well as contact data you provide us with or meeting dates are stored on the servers of our hosting provider and a copy is stored locally.
(2) Legal basis
Use of email boxes, calendars and contact directories. The legal basis is our legitimate interest.
(3) Data categories
Name, contact data, company data, business area of your company, your job title, your area of responsibility, location, time and reason for each contact as well as additional information if required, for example regarding your availability or the matters discussed; time an email was sent/received; content of an email and other typical meta data from an email
(4) Categories of recipient
Our provider, who hosts the exchange server, is obligated to adhere to data protection in accordance with a Data Processing Agreement. The provider is located in the EU and uses data centres in the EU, but belongs to a US company. If the provider transfers data to third countries as a result of its affiliation with its Group company, the provider guarantees that data will be dealt with in accordance with the EU standard for data protection by concluding standard contractual clauses relating to data protection.
(5) Period of storage
We store emails and entries as long as required to fulfil the purpose of storage.
7.2. Telephone calls
(1) Purpose of processing
Our telephone system records your telephone number plus the time and duration of the call.
(2) Legal basis
Telephone communication. The legal basis is the preparation for or fulfilment of a contract or a legitimate interest in communicating with you, depending on the subject of the call.
(3) Data categories
Telephone number; time of the call; name, if applicable
(4) Categories of recipient
Telephone communication provider who is subject to the secrecy of telecommunications. Data is not transferred to third countries.
(5) Period of storage
Depends on the subject of the call.
7.3. IT administration
(1) Purpose of processing
We use external providers to administer, maintain and service our IT. These providers do not deal with the content of the personal data processed by us. However, maintaining databases and other system units may result in providers becoming aware of personal data. All our providers have entered into corresponding contracts under which they are expressly obligated to maintain the confidentiality and secrecy of any data they may become aware of.
(2) Legal basis
Using external providers for IT administration. The legal basis is our legitimate interest.
(3) Data categories
Any type of data
(4) Categories of recipient
IT providers who are obligated to adhere to data protection under a Data Processing Agreement or other form of confidentiality obligation. Data is not transferred to third countries.
(5) Period of storage
External providers do not independently store data.
Section 8: Newsletter
(1) Purpose of processing
If you subscribe to our newsletter, your email address will be used for marketing purposes, which means that we will send you information about products from our range in the newsletter. For statistical purposes, we may analyse the links clicked on in the newsletter. We are unable, however, to identify the particular person clicking on the link. The following consent is expressly given by you separately or during the ordering process if applicable: newsletter subscription
(2) Legal basis
The legal basis for this processing is Art. 6 (1) (a) of the GDPR.
(3) Categories of recipients
Providers who send newsletters, if applicable
(4) Period of storage
Your email address for sending the newsletter is only stored for the duration of your subscription or until we stop publishing the newsletter.
Section 9: Rights of the data subject
If your personal data are processed, then you are referred to as the data subject as defined in the GDPR and have the following rights that may be exercised against us:
1. Right of access
You may request information about your personal data that are processed by us. (Art. 15 GDPR, Section 34 BDSG (German Data Protection Act))
2. Right to rectification
You have the right to rectification and/or completion from us, provided that the processed personal data concerning you are incorrect or incomplete. (Art. 16 GDPR)
3. Right to restriction of processing and erasure
You may request that the processing of your data be restricted and the erasure of your data. In order to do so your interests must not conflict with any retention obligations that have a higher priority. (Art. 17 and 18 GDPR, Section 35 BDSG)
4. Right to data portability
You have the right to request that we provide you with the data you have provided to us in a machine-readable format for transmission to third parties. (Art. 20 GDPR)
5. Right to object
You have the right to object to the processing of your data in accordance with Art. 21 GDPR if the legal basis for processing your data is a legitimate interest pursuant to Art. 6 (1) (f) GDPR. If the data is processed for direct marketing purposes you do not need to justify your objection in any way; in all other cases your objection must be based on grounds relating to your particular situation.
6. Right to withdraw consent given under data protection law
You have the right to withdraw your consent given under data protection law at any time. The withdrawal of consent does not affect the lawfulness of any processing carried out on the basis of such consent before its withdrawal. (Art. 7 (3) GDPR)
7. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority – in particular in the member state of your habitual residence, your place of work or the place of the alleged violation – if you are of the view that the processing of your personal data is in violation of the GDPR.
The supervisory authority, with whom the complaint has been lodged, shall provide the complainant with information on the progress and the outcome of the complaint, including the possibility of a legal remedy pursuant to Art. 78 of the GDPR.
Controller responsible for data processing:
Kolibri Online GmbH
Bernstorffstrasse 128
22767 Hamburg, Germany
Telephone: +49 405247774-0
hello@kolibri-online.com
Contact details of our Data Protection Officer:
Kolibri Online GmbH
Data Protection Officer
Bernstorffstrasse 128
22767 Hamburg, Germany
datenschutz@kolibri-online.com
This Privacy Policy was prepared by janolaw AG and amended by us.