Privacy policy
Kangoolutions GmbH
Thank you for visiting our homepage. Kangoolutions takes the protection of personal data very seriously. As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the supplementary provisions of the Federal Data Protection Act (BDSG-neu).
Below you will find out what activities we carry out during your visit to our website in accordance with the applicable data protection legislation, what information we may collect and in what form it is processed.
This general privacy policy applies to all online services of Kangoolutions. This includes websites, functions and content as well as external online presences, such as our social media profiles. In addition to the following general information and mandatory information, we have compiled additional individual data protection information for individual online offers for you. There we inform you about offer-specific data processing procedures and in particular about the cooperation with external service providers who provide services such as web tracking, reach measurement or advertising services for us under our strict control.
Any changes to our privacy policy will be updated on this page to keep you informed about the data that Kangoolutions stores and uses.
1. Controller
The controller pursuant to Art. 4 (7) GDPR and other national data protection laws of the member states of the European Union as well as other data protection regulations is
Kangoolutions GmbH
Im Mediapark 5
50670 Cologne
E-Mail:
2. Data protection officer / contact person for data protection issues
If you have any questions, suggestions or comments on the subject of data protection and the enforcement of your rights, please get in touch with our contact person for data protection issues:
Richard Hitzl
Kangoolutions GmbH
Im Mediapark 5
50670 Cologne
E-Mail:
3. Definitions of terms
In our privacy policy, we use terms that are used and defined in the GDPR. We would like to explain the most important terms so that you know what they mean.
3.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This basically includes any handling of personal data such as collection, storage, modification, use, transmission, dissemination, erasure or destruction, etc.
3.3 Controller
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller must ensure the permissibility of data processing through the use of technical and organizational measures that are subject to regular review.
3.4 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
3.5 Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3.6 Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
3.7 Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
3.8 Consent
Consent is an expression of self-determination under data protection law. It is the voluntary, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates that they consent to the processing of their personal data. Consent that has been given can be revoked at any time.
4 General information on data processing
4.1 Scope of the processing of personal data
In principle, we only process your personal data to the extent necessary to provide our online offers, content and services. The collection and use of your personal data only takes place regularly after you have given your consent or if the processing of the data is permitted by legal regulations.
4.2 Legal basis for the processing of personal data
In data protection, the so-called prohibition with reservation of permission applies. This means that the processing of personal data is generally unlawful unless the data subject has given consent or it is legitimized by a legally regulated reason for permission. We are obliged to inform you of the legal basis for data processing.
If we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
In the case of processing operations that are necessary for the performance of a contract concluded between you and us or for the implementation of pre-contractual measures, Art. 6 para. 1 lit. b GDPR serves as the legal basis.
If the processing of personal data is necessary to fulfill a legal obligation to which we are subject, such as statutory retention and storage obligations, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
If the processing is necessary to protect our legitimate interests or those of a third party and if your interests, fundamental rights and freedoms do not outweigh the former interest, the processing of personal data is legitimized by Art. 6 para. 1 lit. f GDPR.
If cookies or cookie-like technologies are used in the context of data processing, the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is carried out in accordance with § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR and further data processing in accordance with Art. 6 para. 1 GDPR.
If the use of cookies is deemed absolutely necessary, this is done on the basis of Section 25 (2) TDDDG and further data processing in accordance with Art. 6 (1) GDPR.
4.3 Disclosure of personal data to third parties and processors
In principle, we do not pass on any personal data to third parties without your express consent. If we nevertheless disclose your data to third parties in the course of processing, transfer it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal bases. For example, we transmit data to payment service providers if this is necessary for the fulfillment of the contract. If we are obliged to do so by law or by court order, we must transfer your data to authorities entitled to receive information.
In some cases, we use carefully selected external service providers to process your data. If data is passed on to service providers as part of so-called order processing, this is done on the basis of Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us. We only commission processors who offer sufficient guarantees that suitable technical and organizational measures are taken to ensure that processing is carried out in accordance with the requirements of the GDPR and BDSG-new and guarantees the protection of your rights.
4.4 Data transfer to third countries
The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area as part of the use of third-party services.
We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. As a rule, we will request your consent in accordance with Art. 49 GDPR. Alternatively, your data may be processed on the basis of special guarantees, such as the EU Commission’s officially recognized determination of a level of data protection corresponding to the EU, the Data Privacy Framework (DPF) or compliance with officially recognized special contractual obligations, so-called “standard contractual clauses”.
4.5 Deletion of data and storage duration
We will delete or block your personal data as soon as the purpose for which it was stored no longer [applies.In](http://applies.in/) addition, however, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject.This applies, for example, to data that must be stored for commercial or tax law reasons, such as billing data for subscriptions.
Your data will be blocked or deleted if a storage period prescribed by these regulations expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4.6 Existence of automated decision-making
We do not use automated decision-making or profiling.
5. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR.
You have the following rights vis-à-vis us as the controller:
5.1 Right to revoke a declaration of consent under data protection law
If the processing of personal data is based on consent given, you have the right to withdraw this consent at any time. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
5.2 Right to information
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you can request the following information
– the purposes of the processing;
– the categories of personal data being processed;
– the recipients or categories of recipient to whom the personal data have been or will be disclosed, including, in the case of transfer to a third country or to an international organization, the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
– the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
– the existence of a right to lodge a complaint with a supervisory authority
if the personal data is not collected from you, all available information about the origin of the data
– the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
We will provide you with a copy of the personal data that is the subject of the processing within one month of receiving your request for information. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, we will provide you with the information in a commonly used electronic format, unless you specify otherwise.
5.3 Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
5.4 Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
– You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
– You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing.
The personal data has been processed unlawfully.
– The personal data must be erased for compliance with a legal obligation in Union or Member State law.
– The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
If we have made the personal data concerning you public and we are obliged to delete it, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to erasure (“right to be forgotten”) does not exist insofar as the processing is necessary
– for exercising the right of freedom of expression and information
– for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
– for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR
– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
– for the establishment, exercise or defense of legal claims.
5.5 Right to restriction of processing
You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:
you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
you have objected to processing pending the verification whether our legitimate grounds override yours.
If processing has been restricted in accordance with the above conditions, this personal data – apart from being stored – will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.
5.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent or on a contract and carried out by automated means.
In exercising your right to data portability, you may have the personal data transmitted directly from us to another controller, where technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
5.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding the ePrivacy Directive, you may exercise your right to object by automated means using technical specifications.
5.8 Automated decisions in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
– is necessary for the conclusion or performance of a contract between you and us
– is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
– with your express consent.
We will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.
5.9 Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, https://www.ldi.nrw.de/kontakt/ihre-beschwerde.
6. Use of our online services
In principle, you can use our online services without disclosing your identity. In this section, we explain when and in what context we process data when you use our online services, which services from service providers and cooperation partners we have implemented, how they work and what happens to your data.
6.1 Data collection when you visit our websites
If you use our websites purely for information purposes, i.e. if you do not disclose any other information to us, e.g. via the contact form, we only collect the personal data that your browser transmits to our servers. When you visit our websites, we collect the following data, which is technically necessary for us to be able to display our websites to you and to ensure stability and security.
– IP address of the user
– Date and time of the request
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request originates
– Operating system of the user
– Language and version of the browser software.
The collection of the data is necessary to display the websites and the storage of the data in log files is necessary for the operation of our websites and to maintain IT security.
This data is temporarily stored in the log files of our system for a maximum of seven days. Storage beyond this period is possible, but in this case the IP addresses are shortened so that it is no longer possible to identify the accessing client and the data is anonymized.
The storage of information in the end user’s terminal equipment or access to information is carried out in accordance with Section 25 (2) TDDDG. Data processing is carried out on the basis of our legal obligation to ensure IT security in accordance with Art. 6 para. 1 lit. c) in conjunction with Art. 32 GDPR.
6.2 Contact forms and e-mail contact
You will find contact forms and email links (mailto) on our online offers that can be used to contact us electronically. In this way, we fulfill the legal requirement to enable quick electronic contact with us in accordance with Art. 6 para. 1 lit. c GDPR. If your request relates to the fulfillment of a contract or the implementation of pre-contractual measures, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Otherwise, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us in accordance with Art. 6 para. 1 lit. f GDPR. The personal data transmitted in the course of your respective request will be processed exclusively for the intended purpose. We delete the inquiries if they are no longer required and no statutory archiving obligations apply.
6.3 External links
Our online offer contains links to other websites. We have no influence on whether their operators comply with data protection regulations.
7. Use of cookies
Cookies are stored on your end device when you use our websites. These are small text files that are sent from a website to the user’s browser and stored by it. Various data can be stored in cookies, which can be read by the body that sets the cookie. As a rule, they contain a characteristic character string (ID) that enables the browser to be uniquely identified when the website is called up again or a page change is made.
If cookies are used, the data processing is regularly based on your consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) (a) GDPR. If we consider the use of cookies to be absolutely necessary, this is done on the basis of Section 25 (2) No. 2 TDDDG. Further processing is carried out in accordance with Art. 6 para. 1 GDPR.
7.1 Necessary cookies
Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Name:
pll_language
Provider:
Purpose:
Used to remember the language selected by the user when they return to the website. This cookie is also used to retain the language information if it is not available by other means.
Expiration:
1 year
8. External service providers
The Kangoolutions service is technically dependent on cooperation with external service providers. You will find an overview of these providers below.
8.1 Webhosting with All-Inkl
We host our website with All-Inkl. The provider is ALL-INKL.COM – Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter: All-Inkl). Details can be found in All-Inkl’s privacy policy: https://all-inkl.com/datenschutzinformationen/.
The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 (1) lit. f GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and, if necessary, to be able to pursue attacks and claims arising from them.
The purposes of data processing are
- Professional hosting of the website and ensuring its operation
- To maintain operational and IT security
- Anonymous evaluation of access behavior to improve our offer and, if necessary, to pursue claims
While you are visiting our website, our web server, i.e. the computer on which this website is stored, usually automatically saves data such as
- the full Internet address (URL) of the website you are visiting
- browser and browser version (e.g. Chrome 87)
- the operating system used (e.g. Windows 10)
- the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
- the host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121)
- date and time
in files, the so-called web server log files.
There is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
8.2 WordPress and WordPress plugins
We use WordPress to design our website. WordPress is GDPR-compliant and is not a tool that collects a lot of personal or legally sensitive data by default. The use of WordPress is in the interest of an appealing presentation of our online offers and is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). We also use the following WordPress plugins:
8.2.1 Polylang (https://polylang.pro/)
We use the Polylang program for the multilingualism of our website. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. Polylang generates the functional cookie pll_language. It stores a language preference for the visitor to support multilingual websites. These cookies remain stored for one year and are then deleted. The use of Polylang is in the interest of an appealing presentation of our online offers and is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information on data protection compliance can be found here: https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/
8.2.2 SlimStat (https://wp-slimstat.com/)
The controller has integrated the WordPress plugin Slimstat Analytics into this website to collect statistical data. Slimstat Analytics is open source software, provider: Jason Crouse, New York City, USA. Slimstat Analytics is installed within the same data structure as the website you are currently visiting. Data is therefore not forwarded to third parties and/or abroad. Slimstat Analytics may set its own cookie at the start of a visit to improve the analysis of the visit. The plugin is configured to anonymize the visitor’s IP number. Furthermore, the browser request “Do Not Track” – if set in the visitor’s browser – is also observed. The use of Polylang is in the interest of an appealing presentation of our online offers and is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information on data protection compliance can be found here: https://wp-slimstat.com/privacy-policy/
8.3 Microsoft Forms
For people who want to apply to Kangoolutions, we use Microsoft Forms as a contact form and application form.
The following categories of personal data are processed when using Microsoft Forms:
- Name
- Country of residence
- Date of birth
- e-mail address
- Telephone number
- SAP knowledge
- General questions to get to know us
Who can fill out this form
- Everyone
By submitting this form, you agree that we may use your data and that we may contact you for further steps in the application process. Your data will be collected for this purpose and processed for the following purposes with the legal basis for the implementation of a pre-contractual measure (Art. 6 para. 1 lit. b) GDPR).
Furthermore, when using Microsoft Forms, only necessary cookies (functional cookies) and thus those in accordance with Section 25 (2) No. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG) are used.
Kangoolutions only uses the M365 software and services of these licenses or allows them to be used (privacy by design or privacy by default) to the extent that this is possible in compliance with data protection law and where Microsoft is the processor. Applications that do not comply with data protection law are deactivated centrally via IT or set to comply with data protection law. This also applies to Microsoft Forms.
Our service providers integrated by way of order processing (current status) have access to the data as follows:
- Microsoft Ireland Operations LimitedOne Microsoft PlaceSouth County Business ParkLeopardstownDublin 18Ireland
- Microsoft Enterprise Service Privacy (Processor 2 Processor / P2P)Microsoft CorporationOne Microsoft WayRedmond, Washington 98052, USAPurpose: Access to Microsoft multi-factor authentication for the purpose of service provision in the Georegion Germany or Georegion Europe; also access to documents and communication via M365 services and software
The data centers used by Kangoolutions are primarily located in Germany and otherwise in the EU.
Third country transfers are carried out in compliance with the GDPR by Microsoft Enterprise Service Privacy based on a Data Processing Addendum (DPA) and Standard Contractual Clauses (SCC) with Microsoft Enterprise Service Privacy (P2P, i.e. between processor and subcontractor) as well as additional safeguards from MS, unless data protection is not to be observed here either due to the anonymization of the data. These are extended information obligations, liability clauses and agreements that Microsoft will have inquiries from US authorities clarified in court in advance.
Where data is transferred to third countries, Microsoft always uses state-of-the-art encryption. Microsoft guarantees that the company – even if it is legally obliged to disclose the data to security authorities – will not disclose the encryption key or make it possible to circumvent the encryption.
9. Online offers on social media platforms
We offer online services on various social media platforms in order to provide information there and to be able to contact you. We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offerings, the platform operator stores cookies in your browser in which your usage behavior and interests are stored for market research and advertising purposes. The platform operators use the usage profiles obtained in this way – usually across all devices – to display personalized advertising to you. Data processing may also affect people who are not registered as users with the respective social media platform. Your data may be processed outside the European Union, which may make it more difficult to enforce your rights. However, when selecting such social media platforms, we ensure that the operators undertake to comply with EU data protection standards.
The processing of your personal data when you visit one of our social media offerings is based on our legitimate interests in a diverse external presentation of our company and the use of an effective means of information and communication with you. The legal basis for this is the consent you have given to your platform operator in accordance with Art. 6 para. 1 lit. a GDPR. Detailed information on data processing in connection with the use of our social media offerings, opt-out options and the assertion of information rights can be found in the privacy policy of the respective platform operator.
9.1 Google+/YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy policy: https://policies.google.com/privacy Opt-out: https://adssettings.google.com/authenticated
9.2 LinkedIn
Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Privacy policy: https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
10. Google Fonts (local hosting)
We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European region. We have embedded the Google fonts locally, i.e. on our web server – not on Google’s servers. There is therefore no connection to Google servers and therefore no data transfer or storage. Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, fonts can be used without uploading them to your own server. However, to prevent information from being transferred to Google servers in this context, we have downloaded the fonts to our server. In this way, we act in compliance with data protection regulations and do not send any data to Google Fonts.
11. Children
Our offer is generally aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.
12. Changes
From time to time it is necessary to make changes to our privacy policy. You will be informed of the changes here.
Cologne, July 15, 2024