Privacy Policy
Preamble
With the following privacy statement, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").
Data Controller
Kurskontrolle UG (haftungsbeschränkt)
Jahnstraße 43
41564 Kaarst
Phone: +49 2131 3843398
Email: hello@kurskontrolle.com
Authorized Representative: Dr. Simon Lichte
Overview of Processing
The following overview summarizes the types of data processed, the purposes of their processing, and refers to the categories of data subjects affected.
Types of Data Processed
- Inventory Data (e.g., names, addresses)
- Content Data (e.g., entries in online forms)
- Contact Data (e.g., email, phone numbers)
- Meta/Communication Data (e.g., device information, IP addresses)
- Usage Data (e.g., visited websites, interest in content, access times)
- Contract Data (e.g., subject of the contract, duration, customer category)
- Payment Data (e.g., bank details, invoices, payment history)
Categories of Data Subjects
- Business and Contractual Partners
- Prospects
- Communication Partners
- Customers
- Users (e.g., website visitors, users of online services)
Purposes of Processing
- Provision of Contractual Services and Customer Service
- Contact Requests and Communication
- Security Measures
- Direct Marketing
- Reach Measurement
- Office and Organizational Procedures
- Affiliate Tracking
- Management and Response to Inquiries
- Feedback
- Marketing
- Profiles with User-Related Information
- Provision of Our Online Offering and User-Friendliness
Relevant Legal Bases
Below, you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or registered office. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.
- Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Performance of a Contract and Pre-Contractual Inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG), which contains specific provisions on the right to access, erasure, objection, the processing of special categories of personal data, and automated decision-making including profiling. Data protection laws of the individual federal states may also apply.
Security Measures
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access, as well as access, input, disclosure, and ensuring availability and separation of the data. We have also established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. We take the protection of personal data into account as early as the development or selection of hardware, software, and processes, in line with the principle of data protection by design and by default.
We rely on TLS/SSL encryption technology (HTTPS) to protect user data transmitted via our online services from unauthorized access. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL, signaling to users that their data is being transmitted securely and in encrypted form.
Transfer of Personal Data
In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients may include service providers tasked with IT functions or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with recipients to ensure the protection of your data.
Deletion of Data
The data processed by us will be deleted in accordance with legal requirements as soon as the consents permitted for processing are revoked or other legal permissions cease to apply (e.g., if the purpose of processing this data no longer exists or the data is not necessary for the purpose).
If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims.
As part of our privacy notices, we may provide users with additional information regarding the deletion and retention of data that specifically applies to the respective processing operations.
Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and read information from them. They can be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analyzing visitor flows.
We use cookies in accordance with legal requirements and obtain prior consent from users unless such consent is not legally required. Consent is not necessary if the storage and retrieval of information is strictly necessary to provide users with a service they have expressly requested. We use a cookie consent management procedure (Klaro) to manage and document user consents.
Storage Duration
- Temporary Cookies (Session Cookies): Deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
- Permanent Cookies: Remain stored even after the end device is closed. The login status can be saved, or preferred content displayed on revisits. Unless we provide explicit information about storage duration, users should assume cookies are permanent with a storage duration of up to two years.
Users can revoke their given consent at any time and object to processing in accordance with legal requirements under Art. 21 GDPR. Users can also declare their objection through their browser settings.
Business Services
We process data of our contractual and business partners, e.g., customers and prospects, in the context of contractual and comparable legal relationships, as well as related measures and communication with the contractual partners, e.g., to respond to inquiries.
We process this data to fulfill our contractual obligations, including the obligations to provide the agreed services, warranty obligations, and remedies in case of performance issues. We also process the data based on our legitimate interests in proper and efficient business management, as well as security measures to protect our contractual partners and business operations from misuse.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data must be retained for legal archiving reasons (e.g., typically 10 years for tax purposes).
- Types of Data Processed: Inventory data; payment data; contact data; contract data; usage data; meta/communication data.
- Data Subjects: Customers; prospects; business and contractual partners.
- Legal Bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR); legal obligation (Art. 6(1)(c) GDPR).
Provision of the Online Offering and Web Hosting
To provide our online offering securely and efficiently, we utilize the services of web hosting providers from whose servers the online offering can be accessed. The data processed may include all information relating to the users of our online offering that arises during use and communication, including IP addresses.
Collection of Access Data and Log Files: We collect data on every access to the server (server log files). These may include the address and name of the accessed web pages and files, the date and time of access, amount of data transferred, browser type and version, operating system, referrer URL, and IP addresses. Server log files are used for security purposes (e.g., to prevent server overload and DDoS attacks) and to ensure server utilization and stability.
- Types of Data Processed: Content data; usage data; meta/communication data.
- Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
Hetzner: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland. Privacy Policy
Special Notes on Applications (Apps)
We process the data of the users of our application to the extent necessary to provide the application and its functionalities, to monitor its security, and to further develop it. We may also contact users in compliance with legal requirements if the communication is necessary for the administration or use of the application.
- Storage of a Universal and Unique Identifier (UUID): The application stores a Universally Unique Identifier (UUID) for analytics and user settings purposes. This identifier is generated upon installation, remains stored between starts and updates, and is deleted when users remove the application.
- Device Permissions: The use of our application may require user permissions to access certain device functions or data. These permissions must be granted by users and can be revoked at any time in device settings. Denying permissions may affect the functionality of our application.
- No Location History: Location data is used only on a one-time basis and is not processed to create a location history or movement profile.
- Types of Data Processed: Inventory data; meta/communication data; payment data; contract data.
- Legal Bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Acquisition of Applications via App Stores
Our application is obtained through online platforms operated by other service providers (app stores). In addition to our privacy notices, the privacy policies of the respective app stores also apply, particularly regarding reach measurement and interest-based marketing on those platforms.
- Apple App Store: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Privacy Policy
- Google Play: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy
Registration, Login, and User Account
Users can create a user account. During the registration process, users are informed of the required mandatory details, which are processed for the purpose of providing the user account based on the fulfillment of contractual obligations. The processed data includes login information (username, password, and an email address).
As part of the use of our registration and login functions, we store the IP address and the time of each user action. This storage is based on our legitimate interests as well as those of the users in protecting against misuse and other unauthorized use. This data is not disclosed to third parties unless necessary to pursue our claims or there is a legal obligation to do so.
- Types of Data Processed: Inventory data; contact data; content data; meta/communication data.
- Purposes of Processing: Provision of contractual services and customer service; security measures; management and response to inquiries.
- Legal Bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Contact and Inquiry Management
When contacting us (e.g., via contact form, email, telephone, or social media) and within the scope of existing user and business relationships, the details of the inquiring individuals are processed to the extent necessary to respond to the contact inquiries and any requested measures.
The handling of contact inquiries in the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to pre-contractual inquiries and, otherwise, based on legitimate interests in addressing the inquiries and maintaining user or business relationships.
- Types of Data Processed: Inventory data; contact data; content data.
- Data Subjects: Communication partners.
- Legal Bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Push Notifications
With the consent of users, we may send so-called "push notifications" — messages displayed on the screens or browsers of users even when our online service is not actively being used.
To subscribe to push notifications, users must confirm the prompt from their browser or device. This consent process is documented and stored. A pseudonymous identifier (so-called "push token") or the device ID is stored for this purpose. Users can modify receipt of push notifications at any time in their browser or device notification settings.
- Legal Bases: Consent (Art. 6(1)(a) GDPR); performance of a contract (Art. 6(1)(b) GDPR).
Communication via Messenger
We use messengers for communication purposes. You can also contact us through alternative means, e.g., via telephone or email.
In the case of end-to-end encryption, the content of messages is not viewable, not even by the messenger providers themselves. However, messenger providers can still determine that and when communication partners communicate with us, as well as process technical information about the devices used and, depending on device settings, location information (metadata).
- Types of Data Processed: Contact data; usage data; meta/communication data.
- Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Services used:
- Instagram: Privacy Policy
- Facebook Messenger: Privacy Policy
- LinkedIn: Privacy Policy
- X (formerly Twitter): Privacy Policy
Newsletters and Electronic Notifications
We send newsletters, emails, and other electronic notifications only with the consent of the recipients or based on a legal permission. To subscribe, it is generally sufficient to provide your email address.
Double-Opt-In Procedure:Subscription to our newsletter takes place via a double-opt-in procedure. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent registration with someone else's email address. The registration process is logged to demonstrate compliance with legal requirements.
- Types of Data Processed: Inventory data; contact data; meta/communication data; usage data.
- Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
- Opt-Out: You can cancel the receipt of our newsletter at any time via the unsubscribe link at the end of each newsletter or by contacting us directly.
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as "reach measurement") is used to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors as pseudonymous values. This allows us to determine at what times our online offering, its functions, or content are most frequently used and to identify areas that require optimization.
IP addresses of users are stored but we use an IP masking procedure (pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored in the context of web analysis; only pseudonyms are used.
- Types of Data Processed: Usage data; meta/communication data.
- Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Google Analytics: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is loaded only after consent through our Klaro cookie consent manager. Google Analytics may process usage data, meta/communication data, and shortened IP addresses to help us understand and improve the use of our online offering. Privacy Policy
Presences in Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.
User data may be processed outside the European Union. Furthermore, user data within social networks is typically processed for market research and advertising purposes, and usage profiles can be created based on user behavior and interests.
For a detailed description of the respective processing methods and opt-out options, we refer to the privacy policies of the operators of the respective networks.
- Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
Platforms we use:
- Instagram: Privacy Policy
- Facebook: Privacy Policy
- LinkedIn: Privacy Policy
- X (formerly Twitter): Privacy Policy
- YouTube: Privacy Policy
Plugins and Embedded Functions as Well as Content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (third-party providers), including graphics, videos, or maps.
The integration always requires that the third-party providers process the IP address of the users, as they could not send the content to their browser without the IP address. Third-party providers may also use pixel tags (web beacons) for statistical or marketing purposes.
- Types of Data Processed: Usage data; meta/communication data; inventory data; contact data; content data.
- Legal Bases: Consent (Art. 6(1)(a) GDPR); performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).
Rights of Data Subjects
As a data subject, you are entitled to the following rights under the GDPR:
- Right to Object (Art. 21 GDPR): You have the right to object at any time to the processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR. If personal data is processed for direct marketing, you have the right to object at any time to such processing.
- Right to Withdraw Consent: You have the right to withdraw your consent at any time.
- Right to Access (Art. 15 GDPR): You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data and a copy of it.
- Right to Rectification (Art. 16 GDPR): You have the right to request completion or correction of inaccurate data concerning you.
- Right to Erasure (Art. 17 GDPR): You have the right to demand that data concerning you be deleted without delay, subject to legal requirements.
- Right to Restriction of Processing (Art. 18 GDPR): You have the right to request a restriction of the processing of data concerning you.
- Right to Data Portability (Art. 20 GDPR): You have the right to receive data concerning you in a structured, commonly used, and machine-readable format.
- Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State where you habitually reside, work, or where an alleged infringement occurred.
Modification and Updating of the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or any other individual notification becomes necessary.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to verify the details before contacting them.