Last update: 31.01.2022
In the following we inform about the collection of personal data when using – our webiste https://kenkou.io/ – our profiles on the social media sites Facebook, Instagram, Twitter, LinkedIn and Xing.
Personal data is all data that can be related to you personally, e.g. your e-mail address, your IP address or your browser.
Data controller within the meaning of art. 4 para. 7 EU-General Data Protection Regulation (GDPR) is Kenkou GmbH, legally represented by Matthias Puls, Wöhlertstrasse 14, 10115 Berlin, +49 (0)30 28043586, e-mail: firstname.lastname@example.org.
Our Data Protection Offcier is heyData UG (haftungsbeschränkt), Landsberger Straße 155, 80687 München, www.heydata.eu, tel. 089 41325320, e-Mail: email@example.com.
Scope of data processing, processing purposes and legal basis
The scope of the processing of your data, processing purposes and legal basis are described in detail below. The following are generally applicable as the legal basis for data processing:
- Art. 6 para. 1 s. 1 it. a GDPR serves us as the legal basis for processing operations for which we obtain your consent.
- Art. 6 para. 1 s. 1 lit. b GDPR is the legal basis insofar as the processing of your personal data is necessary for the performance of a contract, e.g. if you purchase a product from us or if we perform a service for you. This legal basis also applies to processing which is necessary for pre-contractual measures, e.g. in the case of inquiries about our products or services.
- Art. 6 para. 1 s. 1 lit. c GDPR is applicable if we fulfil a legal obligation by processing your personal data, as may be the case under tax law.
- Art. 6 para. 1 s. 1 lit. f GDPR serves as a legal basis if we can invoke legitimate interests in processing your data, e.g. for cookies that are required for the technical operation of our website.
You have the following rights against us with regard to your personal data:
- Right of access,
- Right to correction or deletion,
- Right to limit processing,
- Right to object to the processing,
- Right to data transferability,
- Right to revoke a given consent at any time.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data.
Obligation to provide data
Within the scope of our business relationship, you only need to provide us with personal data that is necessary for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract.
Mandatory data are marked as such.
No automatic decision making in individual cases
As a matter of principle, we do not use a fully automated decision-making process in accordance with article 22 of the GDPR to establish and implement the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.
When you contact us by e-mail or telephone, the data you provide (e.g. your e-mail address and your name) will be stored by us to answer your questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in answering any inquiries addressed to us. We delete the data arising in this context after storage is no longer required or restrict processing if there are legal obligations to retain data.
Data processing on our website
Collection and use of personal data
When you use the website for information purposes, i.e. if you do not send us information separately, we collect the personal data that your browser sends to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. These data are:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
This data is also stored in log files. They are deleted when their storage is no longer required, at the latest after 14 days.
We host our systems on the basis of a data processing agreement (Art. 28 GDPR) on servers of an external provider located in the EU. Although the processing of personal data is not an original task of the hoster, it cannot be ruled out that the hoster may nevertheless access personal data.
If you contact us via the contact form on our website, we will save the data requested there and the content of your message.
The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) in answering inquiries addressed to us.
We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal obligations to retain data.
If we use the services of a third party provider within the scope of our contact form, you will find further information on this provider under “Third party tools” below.
On our website you have the possibility to subscribe to a free newsletter. The data provided during registration will be processed exclusively for sending the newsletter.
By clicking on the corresponding field on our website, you declare your consent to the processing of your data. Therefore, the legal basis is Art. 6 para. p. 1 lit. a GDPR. You can revoke your consent at any time, e.g. by sending an e-mail to the above email address or via the link provided for this purpose in the newsletter. The processing of your data until revocation remains lawful even in the event of revocation.
If you have already used services from us or purchased goods, we reserve the right to inform you from time to time by e-mail about our similar offers, if you have not objected to this. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to send out direct advertising (recital 47 GDPR). You can object to the use of your e-mail address for advertising purposes at any time without additional cost, for example by using the link at the end of each e-mail or by sending an e-mail to the above email address.
To send the newsletter, we use Mailchimp, a service of The Rocket Science Group, LLC, 512 Means St., Suite 404 Atlanta, GA 30318, USA (hereinafter “Mailchimp”), on the basis of an data processing agreement (Art. 28 GDPR). The security of the data transfer to the USA is guaranteed by standard data protection clauses adopted by the EU Commission (Art. 46 (2) (c) GDPR), which we have agreed with Mailchimp. In addition, Mailchimp has contractually agreed to further guarantees that additionally secure the data, e.g. informing data subjects about requests from US authorities before releasing the data and making the requests public in a transparency register.
We publish vacant positions in our company on our website or on pages linked to the website.
The processing of your data provided in the context of the application is carried out for the purpose of the application procedure. The legal basis is Art. 88 para. 1 GDPR in connection with § 26 Abs. 1 Federal Data Protection Act, as far as the data are necessary for our decision to establish an employment relationship. We have marked data required for the application procedure accordingly or refer you to them. If you do not provide these data, we will not be able to process your application.
Further data are voluntary and not required for an application. If you provide further information, the basis for this is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).
Please do not include in your CV and cover letter information about political opinions, religious beliefs, and similar sensitive data. They are not required for your application. However, if you do provide such data, we will not be able to prevent them from being processed in the context of your processing of your CV or cover letter. Their processing is then also based on your consent (Art. 9 para. 2 lit. a GDPR).
Finally, we process your data for further application procedures if you have given us your consent to do so. In this case the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
We pass on your data to the responsible employees of the human resources department and to the employees who are otherwise involved in your application process.
If we enter into employment with you after the application process, we will not delete your information until the employment ends. Otherwise, we will delete your data no later than six months after receiving your application.
If you have given us your consent to also use your data for further application procedures, we will only delete your data one year after receiving your application.
Third party tools
Further information about the various tools, e.g. about their providers, the legal basis of data processing and any data transfer to a non-EU country can be found in the following list:
Google uses this information to evaluate the use of our website by site visitors, to compile reports on the activities on this website and to provide us with additional services related to the use of this website and the use of the internet. This data can be used to create pseudonymized user profiles of the site visitors. Google does not combine the IP address transmitted by the visitor’s browser with other data.
Facebook-Pixel und Custom Audiences
On our website, we use the “Visitor Action Pixel” of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on the basis of a contract for processing orders (Art. 28 GDPR).
The Visitor Action Pixel enables us to track the behavior of page visitors after they have been directed to our website by clicking on a Facebook advertisement (so-called “conversion”). We may also use this information to measure the effectiveness of Facebook Ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook can link this data to your Facebook account and also use it for its own advertising purposes in accordance with Facebook’s Data Usage Policy. In addition, based on the information collected with the Facebook pixel, we may serve ads to Facebook users who have previously visited our site through the “Custom Audiences” service. The data processed includes Facebook user ID, IP address, browser information, non-sensitive custom data, Facebook cookie information, referrer URL, pixel-specific data, pixel ID, social media friend network, usage data/user behavior, views and interactions with content and advertisements and services, content viewed, device information, marketing campaign success, transaction information, hardware/software type, browser type, device operating system, geographic location, cookie ID, information from third-party sources, user agent and conversions. For more information, please visit https://www.facebook.com/about/privacy/.
The Visitor Action Pixel is triggered by Facebook when our website is called up and can store a cookie on the visitor’s device. If the page visitor then logs in to Facebook or visits Facebook when logged in, the visit to our website is noted in his or her profile. The data collected about him or her remains anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective profile of the page visitor is possible and can be used by Facebook as well as for our own market research and advertising purposes.
The legal basis for the use of this service is the consent of the page visitor (Art. 6 para. 1 sentence 1 lit. a GDPR). Visitors to the site can revoke their consent at any time by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
The security of the data is ensured as the contract with Facebook contains standard contract clauses according to Art. 46 para. 2 lit. c GDPR, which have been adopted by the EU Commission.
We use the web analysis service Hotjar of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter “Hotjar”) on the basis of a data processing agreement (Art. 28 DSGVO). Hotjar uses, among other things, cookies that are stored locally in the cache of the web browser of site visitors and that enable an analysis of the use of our website by site visitors. Personal data can be stored and evaluated in this way. This includes the site visitor’s activity (e.g. which pages he visited and which elements he clicked on), device and browser information (especially the IP address and operating system) and a tracking code in the form of a pseudonymized user ID. The information collected in this way is transferred by Hotjar to a server in Ireland and stored there in anonymized form.
Further information on how Hotjar processes the data can be found at https://www.hotjar.com/legal/policies/privacy.
By using Hotjar, we can better understand the needs of our site visitors and optimize the services offered on this website. The legal basis for the processing of users’ personal data is generally the user’s consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR. Site visitors can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
The above-mentioned data will be stored for as long as necessary to fulfill the purposes described in this data protection declaration or as required by law.
We use HubSpot, a software of HubSpot Inc., USA, for various marketing and CRM activities on the basis of a data processing agreement (Art. 28 GDPR). This software helps us to better coordinate our marketing strategy and to optimize the content provided to you by means of statistical analyses and evaluations of the logged user behavior. Hubspot processes the following data:
- Geographic position
- Browser type
- Navigation information
- Reference URL
- Performance data
- Information about how often the application is used
- HubSpot subscription service credentials
- Files that are displayed on site
- Domain names
- Viewed pages
- Aggregated use
- Version of the operating system
- Internet service provider
- IP address
- Device identification
- Duration of the visit
- Where the application was downloaded from
- Operating system
- Events that occur within the application
- Access times
- Clickstream data
- Device model and version
The legal basis of the processing is the consent of the user (Art. 6 para. 1 sentence 1 lit. a DSGVO). Visitors to the site can revoke this consent by contacting us at the contact details given above. The revocation does not affect the legality of the processing until revocation.
This data is necessary for online-appointment-arrangement, therefore the legal basis is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR).
Data processing in social media
We are represented in the social networks below to present our company and our services. The operators of these networks regularly process your data for advertising purposes. Among other things, they create user profiles from your online behavior, which are used, for example, to show you on the pages of the networks and also otherwise on the Internet advertising that corresponds to your interests. For this purpose, the operators of the networks store information on your usage behavior in cookies on your computer. Furthermore, it cannot be ruled out that the operators will combine this information with other data. This is especially the case if you have an account in the network and are logged in to it. Further information and instructions on how you can object to the processing of your data by the site operators can be found in the data protection declarations of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process your data there. This can result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users.
If you contact us via our company profiles, we process the data you provide us with in order to answer your inquiries. This is in our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
We are represented on the following social media pages:
- Facebook (Operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – We are jointly responsible with Facebook for the processing of your data when you visit our fan page on the basis of an agreement in accordance with Art. 26 GDPR. Facebook explains which data are processed exactly at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can exercise your rights against us as well as Facebook. However, according to our agreement with Facebook, we are obliged to forward your requests to Facebook, so that you will receive a faster response if you contact Facebook directly.