Kenkou - Privacy Policy

Privacy Policy

Last update: 31.01.2022

In the following we inform about the collection of personal data when using – our webiste https://kenkou.io/ – our profiles on the social media sites Facebook, Instagram, Twitter, LinkedIn and Xing.

Personal data is all data that can be related to you personally, e.g. your e-mail address, your IP address or your browser.

Contact details

Data controller within the meaning of art. 4 para. 7 EU-General Data Protection Regulation (GDPR) is Kenkou GmbH, legally represented by Matthias Puls, Wöhlertstrasse 14, 10115 Berlin, +49 (0)30 28043586, e-mail: support@kenkou.de.

Our Data Protection Offcier is heyData UG (haftungsbeschränkt), Landsberger Straße 155, 80687 München, www.heydata.eu, tel. 089 41325320, e-Mail: info@heydata.de.

Scope of data processing, processing purposes and legal basis

The scope of the processing of your data, processing purposes and legal basis are described in detail below. The following are generally applicable as the legal basis for data processing:

Art. 6 para. 1 s. 1 it. a GDPR serves us as the legal basis for processing operations for which we obtain your consent.
Art. 6 para. 1 s. 1 lit. b GDPR is the legal basis insofar as the processing of your personal data is necessary for the performance of a contract, e.g. if you purchase a product from us or if we perform a service for you. This legal basis also applies to processing which is necessary for pre-contractual measures, e.g. in the case of inquiries about our products or services.
Art. 6 para. 1 s. 1 lit. c GDPR is applicable if we fulfil a legal obligation by processing your personal data, as may be the case under tax law.
Art. 6 para. 1 s. 1 lit. f GDPR serves as a legal basis if we can invoke legitimate interests in processing your data, e.g. for cookies that are required for the technical operation of our website.

Storage duration

Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Your rights

You have the following rights against us with regard to your personal data:

Right of access,
Right to correction or deletion,
Right to limit processing,
Right to object to the processing,
Right to data transferability,
Right to revoke a given consent at any time.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

Obligation to provide data

Within the scope of our business relationship, you only need to provide us with personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract.

Mandatory data are marked as such.

No automatic decision making in individual cases

As a matter of principle, we do not use a fully automated decision-making process in accordance with article 22 of the GDPR to establish and implement the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

Making contact

When you contact us by e-mail or telephone, the data you provide (e.g. your e-mail address and your name) will be stored by us to answer your questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in answering any inquiries addressed to us. We delete the data arising in this context after storage is no longer required or restrict processing if there are legal obligations to retain data.

Data processing on our website

Home

Collection and use of personal data

When you use the website for information purposes, i.e. if you do not send us information separately, we collect the personal data that your browser sends to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. These data are:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (concrete page)
Access Status/HTTP Status Code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

This data is also stored in log files. They are deleted when their storage is no longer required, at the latest after 14 days.

Hoster

We host our systems on the basis of a data processing agreement (Art. 28 GDPR) on servers of an external provider located in the EU. Although the processing of personal data is not an original task of the hoster, it cannot be ruled out that the hoster may nevertheless access personal data.

Contact form

If you contact us via the contact form on our website, we will save the data requested there and the content of your message.

The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in answering inquiries addressed to us.

We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal obligations to retain data.

If we use the services of a third party provider within the scope of our contact form, you will find further information on this provider under “Third party tools” below.

On our website you have the possibility to subscribe to a free newsletter. The data provided during registration will be processed exclusively for sending the newsletter.

By clicking on the corresponding field on our website, you declare your consent to the processing of your data. Therefore, the legal basis is Art. 6 para. p. 1 lit. a GDPR. You can revoke your consent at any time, e.g. by sending an e-mail to the above email address or via the link provided for this purpose in the newsletter. The processing of your data until revocation remains lawful even in the event of revocation.

If you have already used services from us or purchased goods, we reserve the right to inform you from time to time by e-mail about our similar offers, if you have not objected to this. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to send out direct advertising (recital 47 GDPR). You can object to the use of your e-mail address for advertising purposes at any time without additional cost, for example by using the link at the end of each e-mail or by sending an e-mail to the above email address.

To send the newsletter, we use Mailchimp, a service of The Rocket Science Group, LLC, 512 Means St., Suite 404 Atlanta, GA 30318, USA (hereinafter “Mailchimp”), on the basis of an data processing agreement (Art. 28 GDPR). The security of the data transfer to the USA is guaranteed by standard data protection clauses adopted by the EU Commission (Art. 46 (2) (c) GDPR), which we have agreed with Mailchimp. In addition, Mailchimp has contractually agreed to further guarantees that additionally secure the data, e.g. informing data subjects about requests from US authorities before releasing the data and making the requests public in a transparency register.

Job offers

We publish vacant positions in our company on our website or on pages linked to the website.

The processing of your data provided in the context of the application is carried out for the purpose of the application procedure. The legal basis is Art. 88 para. 1 GDPR in connection with § 26 Abs. 1 Federal Data Protection Act, as far as the data are necessary for our decision to establish an employment relationship. We have marked data required for the application procedure accordingly or refer you to them. If you do not provide these data, we will not be able to process your application.

Further data are voluntary and not required for an application. If you provide further information, the basis for this is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

Please do not include in your CV and cover letter information about political opinions, religious beliefs, and similar sensitive data. They are not required for your application. However, if you do provide such data, we will not be able to prevent them from being processed in the context of your processing of your CV or cover letter. Their processing is then also based on your consent (Art. 9 para. 2 lit. a GDPR).

Finally, we process your data for further application procedures if you have given us your consent to do so. In this case the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

We pass on your data to the responsible employees of the human resources department and to the employees who are otherwise involved in your application process.

If we enter into employment with you after the application process, we will not delete your information until the employment ends. Otherwise, we will delete your data no later than six months after receiving your application.

If you have given us your consent to also use your data for further application procedures, we will only delete your data one year after receiving your application.

Third party tools

Our website uses the third-party tools listed below. These may use cookies, pixels and similar technologies to help you get the most out of our website. Cookies are small text files that your web browser stores on your end device. Cookies help to make our website more user-friendly, effective and secure. Pixels are small, mostly transparent graphics placed on websites and help to collect information about the online behaviour of users.

Further information about the various tools, e.g. about their providers, the legal basis of data processing and any data transfer to a non-EU country can be found in the following list:

Google Analytics

If the site visitor has given his or her consent, we use Google Analytics, a web analysis service of Google LLC (“Google”), on the basis of a data processing agreement (Art. 28 GDPR). The service uses cookies. The cookies generate information about the use of the website by site visitors, including information about pages accessed, the completion of “”website objectives”” (e.g. contact requests and newsletter subscriptions), the behavior on the pages (e.g. clicks, scrolling behavior and length of stay), the approximate location (country and city), the IP address of the page visitor (in abbreviated form so that no clear assignment is possible), technical information such as browser, internet provider, terminal device and screen resolution, and source of the visit (i.e. via which website or which advertising medium a page visitor came to us). This information is usually transferred to a Google server in the USA and stored there. The legal basis for processing is the consent of the site visitor (Art. 6 para. 1 s. 1 lit. a GDPR). If site vistors wish to revoke their consent, they can contact us at the contact details given above. The revocation does not affect the legality of the processing until revocation.

Google uses this information to evaluate the use of our website by site visitors, to compile reports on the activities on this website and to provide us with additional services related to the use of this website and the use of the internet. This data can be used to create pseudonymized user profiles of the site visitors. Google does not combine the IP address transmitted by the visitor’s browser with other data.

Further information on the use of data by Google can be found in Google’s privacy policy (https://policies.google.com/privacy). The personal data of site visitors will be deleted or anonymized after 14 months. The security of data transfer to the USA is guaranteed by standard data protection clauses adopted by the EU Commission (Art. 46 para. 2 lit. c GDPR), which we have agreed on with Google.

Facebook-Pixel und Custom Audiences

On our website, we use the “Visitor Action Pixel” of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on the basis of a contract for processing orders (Art. 28 GDPR).

The Visitor Action Pixel enables us to track the behavior of page visitors after they have been directed to our website by clicking on a Facebook advertisement (so-called “conversion”). We may also use this information to measure the effectiveness of Facebook Ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook can link this data to your Facebook account and also use it for its own advertising purposes in accordance with Facebook’s Data Usage Policy. In addition, based on the information collected with the Facebook pixel, we may serve ads to Facebook users who have previously visited our site through the “Custom Audiences” service. The data processed includes Facebook user ID, IP address, browser information, non-sensitive custom data, Facebook cookie information, referrer URL, pixel-specific data, pixel ID, social media friend network, usage data/user behavior, views and interactions with content and advertisements and services, content viewed, device information, marketing campaign success, transaction information, hardware/software type, browser type, device operating system, geographic location, cookie ID, information from third-party sources, user agent and conversions. For more information, please visit https://www.facebook.com/about/privacy/.

The Visitor Action Pixel is triggered by Facebook when our website is called up and can store a cookie on the visitor’s device. If the page visitor then logs in to Facebook or visits Facebook when logged in, the visit to our website is noted in his or her profile. The data collected about him or her remains anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective profile of the page visitor is possible and can be used by Facebook as well as for our own market research and advertising purposes.

The legal basis for the use of this service is the consent of the page visitor (Art. 6 para. 1 sentence 1 lit. a GDPR). Visitors to the site can revoke their consent at any time by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.

The security of the data is ensured as the contract with Facebook contains standard contract clauses according to Art. 46 para. 2 lit. c GDPR, which have been adopted by the EU Commission.

Hotjar

We use the web analysis service Hotjar of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter “Hotjar”) on the basis of a data processing agreement (Art. 28 DSGVO). Hotjar uses, among other things, cookies that are stored locally in the cache of the web browser of site visitors and that enable an analysis of the use of our website by site visitors. Personal data can be stored and evaluated in this way. This includes the site visitor’s activity (e.g. which pages he visited and which elements he clicked on), device and browser information (especially the IP address and operating system) and a tracking code in the form of a pseudonymized user ID. The information collected in this way is transferred by Hotjar to a server in Ireland and stored there in anonymized form.

Further information on how Hotjar processes the data can be found at https://www.hotjar.com/legal/policies/privacy.

By using Hotjar, we can better understand the needs of our site visitors and optimize the services offered on this website. The legal basis for the processing of users’ personal data is generally the user’s consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR. Site visitors can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.

The above-mentioned data will be stored for as long as necessary to fulfill the purposes described in this data protection declaration or as required by law.

HubSpot

We use HubSpot, a software of HubSpot Inc., USA, for various marketing and CRM activities on the basis of a data processing agreement (Art. 28 GDPR). This software helps us to better coordinate our marketing strategy and to optimize the content provided to you by means of statistical analyses and evaluations of the logged user behavior. Hubspot processes the following data:

Geographic position
Browser type
Navigation information
Reference URL
Performance data
Information about how often the application is used
HubSpot subscription service credentials
Files that are displayed on site
Domain names
Viewed pages
Aggregated use
Version of the operating system
Internet service provider
IP address
Device identification
Duration of the visit
Where the application was downloaded from
Operating system
Events that occur within the application
Access times
Clickstream data
Device model and version

The legal basis of the processing is the consent of the user (Art. 6 para. 1 sentence 1 lit. a DSGVO). Visitors to the site can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.

For further information please refer to the HubSpot privacy policy at http://www.hubspot.com/privacy-policy. The security of the data transfer to the USA is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR), which we have agreed with HubSpot.

WordPress Stats

This website uses the WordPress tool Stats on the basis of a data processing agreement (Art. 28 GDPR) to statistically analyze visitor traffic. The provider is Automattic Inc, 60 29th Street # 343, San Francisco, CA 94110-4929, USA (hereinafter “WordPress”). WordPress uses cookies that are stored on your computer and that enable an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address is anonymized after processing and before storage “WordPress Stats” cookies remain on your device until you delete them. The storage of “WordPress Stats” cookies is based on their consent (Art. 6 para. lit. a GDPR). Site visitors can revoke their consent by contacting us at the contact details provided above. The revocation does not affect the lawfulness of the processing until the revocation.

More information can be found in WordPress’ privacy policy at https://automattic.com/privacy/. The security of the data transfer to the USA is guaranteed by standard data protection clauses adopted by the EU Commission (Art. 46 para. 2 lit. c DSGVO), which we have agreed with WordPress.

Calendly

For online-appointment-arrangement, we use a tool from Calendly LLC, BB&T Tower 271 17th St NW, Atlanta, GA 30363 (hereinafter referred to as “Calendly”) on the basis of a data processing agreement. When using the appointment service, name, IP address at the time of the appointment, agreed date and time are transmitted to Calendly. The security of the data passed on to Calendly in the USA is ensured because our contract with Calendly includes standard data protection clauses adopted by the EU Commission (Art. 46 para. 2 lit. c GDPR). Further information on data processing can be found in Calendly’s privacy policy (https://calendly.com/pages/privacy).

This data is necessary for online-appointment-arrangement, therefore the legal basis is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR).

Data processing in social media

We are represented in the social networks below to present our company and our services. The operators of these networks regularly process your data for advertising purposes. Among other things, they create user profiles from your online behavior, which are used, for example, to show you on the pages of the networks and also otherwise on the Internet advertising that corresponds to your interests. For this purpose, the operators of the networks store information on your usage behavior in cookies on your computer. Furthermore, it cannot be ruled out that the operators will combine this information with other data. This is especially the case if you have an account in the network and are logged in to it. Further information and instructions on how you can object to the processing of your data by the site operators can be found in the data protection declarations of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process your data there. This can result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users.

If you contact us via our company profiles, we process the data you provide us with in order to answer your inquiries. This is in our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

We are represented on the following social media pages:

Facebook (Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – We are jointly responsible with Facebook for the processing of your data when you visit our fan page on the basis of an agreement in accordance with Art. 26 GDPR. Facebook explains which data are processed exactly at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can exercise your rights against us as well as Facebook. However, according to our agreement with Facebook, we are obliged to forward your requests to Facebook, so that you will receive a faster response if you contact Facebook directly.
Instagram (Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Privacy Policy: https://help.instagram.com/519522125107875)
LinkedIn (Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Privacy Policy: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out)
Twitter (Operator: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; privacy policy: https://twitter.com/de/privacy; possibility to change the personalization of the displayed publication: https://twitter.com/personalization)
Xing (Operator: New Work SE, Dammtorstraße 30, 20354 Hamburg; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung)