Our Privacy Policy

Privacy Policy

Last Update: May 2025

Identity and contact details of the data controller

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Contact details of the data protection officer

You can reach out to our data protection officer as follows:

dsb@kertos.io

‍

Data Processing Activities

Scope of Processing Personal Data

Generally, we process personal data of our users only to the extent necessary to provide a functional website with our content and services. The processing of personal data is regularly carried out only with the user's consent.Exceptions are cases where prior consent is not technically possible and the processing of the data is permitted by law.

Legal Basis for Data Processing

Article 6 (1) (a) GDPR serves as the legal basis for obtaining the consent of the data subject for the processing of their data.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR is used as the legal basis. This also applies to processing necessary to carry out pre-contractual measures.

If it is necessary to process personal data to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.

If the processing of data is necessary to safeguard the legitimate interests of our company or a third party and the fundamental rights and freedoms of the data subject do not outweigh the interests of the data subject, Article 6 (1) (f)GDPR serves as the legal basis for the processing of the data.

Legal Basis for the Processing of Data on Your Device

The legal basis for the use of technically necessary cookies and the associated data processing is § 25 para. 2 TDDDG in conjunction with Article 6 (1) (f) GDPR. The processing is intended to make it easier for you to use our website and to offer you our services as desired. Some functions of our website would not work without the use of these cookies and could therefore not be offered. Our legitimate interest in processing the cookies arises from the aforementioned purposes. The cookies are deleted after the session ends (e.g., by logging out or closing the browser) or after a certain period.

The legal basis for the use of technically non-essential cookies is your consent, which you give us via the cookie banner in accordance with § 25 para. 1 TDDDG in conjunction with Article 6 (1) (a) GDPR. You can withdraw your consent for these services at any time with effect for the future or give it again by calling up your cookie and data protection settings online via our data protection information and configuring them accordingly. Alternatively, you can prevent the storage of cookies by setting your browser software accordingly. Please note that the browser settings you make only affect the browser you are using. Further detailed information can be found in the following descriptions.

Data Transfer and Storage Duration

With regard to your personal data, you have the following rights against us:

The personal data of the data subject will be deleted or restricted as soon as the purpose of their storage is fulfilled. Further storage can take place if this is provided for by the European directives and regulations or another relevant national legislator in laws or other regulations to which the controller is subject. Data will also be restricted or deleted if the storage period prescribed by the aforementioned standards expires, unless a longer storage period is necessary for the conclusion or fulfillment of the respective contract.

‍

Rights of the Data Subject

With regard to your personal data, you have the following rights against us:

Right of Access

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to access this personal data and further information, such as the processing purposes, the recipients, and the planned duration of storage or the criteria for determining the duration.

Right to Rectification

You have the right to request the rectification of inaccurate data without undue delay. Considering the purposes of processing, you have the right to request the completion of incomplete data.

Right to Erasure ("Right to be Forgotten")

You have the right to erasure if the processing is not necessary. This is, for example, the case if your data is no longer needed for the original purposes, if you have withdrawn your data protection consent declaration, or if the data has been unlawfully processed.

Right to Restriction of Processing

You have the right to restrict processing, e. g. if you believe that the personal data is incorrect.

Right to Data Portability

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.

Right to Object  

You have the right to object, on grounds relating to your particular situation, at any time to the processing of certain personal data concerning you. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.

Right to Withdraw Your Consent to Data Protection

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out based on the consent until its withdrawal.

Notwithstanding these rights, you have the right to complain to a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.

Automated Individual Decision-Making, including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision  

• is necessary for entering into, or the performance of, a contract between you and the data controller,  

• is authorized by Union or Member State law to which the data controller is subject and these legal provisions lay down suitable measures to safeguard your rights and freedoms and legitimate interests; or  

• is based on your explicit consent.  

‍

Website Operation

Description and Scope of Data Processing

Every time our website is accessed, our system automatically collects data and relevant information from the computer system of the accessing device. The following data is collected:  

• Type and version of the browser used  

• The user's operating system  

• The user's internet service provider  

• IP address  

• Date and time of access  

• Websites from which the user's system accessed our website  

• Websites accessed by the user's system via our website  

The data is stored in the logfiles of our system. The data is not stored together with other personal data of the user.  

Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to deliver the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. Storage in logfiles is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place. These purposes also represent our legitimate interest in data processing according to Art. 6 para. 1 sentence 1 lit. f GDPR.  

Legal Basis for Data Processing

The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR. The legitimate interest lies in the purpose of ensuring the functionality of the website, optimizing the website, and ensuring the security of the information technology systems.  

Duration of Storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. The session ends when the data collection for the provision of the website is completed. In the case of data storage in logfiles, this is the case at the latest after seven days. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that an assignment of the calling client is no longer possible.  

Possibility of Objection

The collection of data for the provision of the website and the storage of data in logfiles is essential for the operation of the website. Therefore, there is no possibility of objection on the part of the user.  

Third Parties

Amazon Cloud Front

On our website, we use the Amazon CloudFront service provided by Amazon Web Services, Inc. (AWS). When using our website, the following data is transmitted to AWS:

• IP address

• Date and time of request

• Content of the request (specific page)

• Access status/HTTP status code

• Transferred data volume

• Website from which the request comes (referrer)

• Browser and operating system

• Language and version of the browser software

The purpose of Amazon CloudFront is to accelerate and optimize the delivery of content on our website. The service acts as a Content Delivery Network (CDN) and helps reduce loading times of our website and ensure availability during high data traffic. Information is generally forwarded to AWS servers worldwide and temporarily stored there.

For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-US Data Privacy Framework. AWS is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. The data is stored after the transfer for a limited period necessary for the purposes of the CDN.

Due to the improvement of website performance and ensuring the provision of the website, we have a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.

More information on data protection at AWS and Amazon CloudFront can be found at:https://aws.amazon.com/de/privacy/

Google - Fonts

To display the content of our website, we use "Google Fonts", provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google").

To integrate Google Fonts, the fonts are loaded from a Google server. This usually results in the transmission of the following data:

• IP address

• Referrer URL

• Operating system

• Browser type

• Screen resolution

• Browser language setting

Your data is generally transferred to a Google server in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Article 45 GDPR. When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may collect other personal data besides the IP address. We point out that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.  

You can generally prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we point out that in this case, you may not be able to fully use all the functions of this website.

You can withdraw your consent to processing and transfer to third countries at any time. The legality of the processing carried out up to the withdrawal remains unaffected.

More information on data protection at Google can be found at: https://policies.google.com/privacy.

Kinsta

On our website, we use the service Kinsta, provided by Kinsta Inc. Kinsta Inc. is headquartered in the United States of America at: 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069-4109. When using the service, the following data is transmitted to Kinsta:

• IP address

• Referrer URL

• Operating system

• Browser information

• Duration of visit

• Device information

The purpose of Kinsta is to host our website and optimize its performance. The service helps ensure and protect the operation of the website during a high number of requests.

The information is generally forwarded to servers and stored there, which may be located in Google Cloud Platform data centers in various regions worldwide, including the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-US Data Privacy Framework. Kinsta is a member of the EU-U.S. and Swiss-U.S. Privacy Shield Framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.

Due to the necessity of hosting and optimizing our website, we have a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.

More information on data protection at Kinsta can be found at:https://kinsta.com/legal/privacy-policy/

Use of Cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. These cookies contain a string of characters that enable the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

1. Entered search terms

2. Frequency of page views

3. Use of website functions

The user data collected in this way is pseudonymized by technical measures. Therefore, it is not possible to associate the data with the accessing user. The data is not stored together with other personal data of the users.

Purpose of data processing

The purpose of using technical cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. These require that the browser can be recognized even after a page change.We need cookies for the following applications:

• Adjustment of the display to the device and the operating system.

The user data collected by technical cookies is not used to create user profiles. The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can continuously optimize our offering.

Legal basis for data processing

The legal basis for the processing of personal data using non-technical cookies is Art. 6 (1) (a) GDPR. The legal basis for the processing of personal data using technical cookies is Art. 6 (1) (f) GDPR, legitimate interests.

Duration of storage and possibility of objection and elimination

Cookies are stored on the user's device and transmitted from the user to our website. Therefore, as a user, you also have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also happen automatically. If cookies are disabled for our website, not all functions of the website may be fully usable.

If you use the Safari browser version 12.1 or higher, the cookies will be automatically deleted after seven days. This also applies to opt-out cookies used to prevent the use of tracking mechanisms.

Third parties

To manage consents for the use of cookies, we use the service Cookiebot by Usercentrics. Cookiebot helps us store and enforce your preferences regarding the use of cookies on our portal. In doing so, your consent data is transmitted to Usercentrics A/S, the operator of Cookiebot. The service provider is based in the EU and complies with the requirements of the GDPR. Further information on data protection at Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.

The data processing is necessary to provide you with the legally required consent management and to fulfill our documentation obligations. The legal basis is Article 6(1)(c) GDPR as well as Article 6(1)(f) GDPR, justified by our legitimate interest in meeting the legal requirements for consent management.

‍

‍

Communication

Email

Description and Scope of Data Processing

You can contact us via the email address provided on our website. In this case, the personal data of the user transmitted with the email will be stored. The data will be used exclusively for processing the conversation.  

Purpose of Data Processing

If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

Legal Basis for Data Processing

The legal basis for processing data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. Our legitimate interest lies in providing you with the requested information, assistance, or services and efficiently handling your inquiry. If the purpose of the email contact is the conclusion of a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

Duration of Storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data transmitted by email, this is the case when the respective conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the relevant matter has been conclusively clarified. The personal data additionally collected during the sending process will be deleted at the latest after a period of seven days.  

Possibility of Objection

The user has the option at any time to revoke their consent to the processing of personal data. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting will be deleted.  

Application By Email  

Description and Scope of Data Processing

You can send us your application by email. In doing so, we collect your email address and the data provided by you in the email, such as:

• First name, last name  

• Email address  

• Date of birth  

• Information the applicant wishes to provide  

• Address  

• Residence  

• Phone number  

• Photo  

Purpose of Data Processing

The processing of personal data from your application email serves us exclusively for processing your application.  

Legal Basis for Data Processing

The legal basis for processing your data is the initiation of a contract, carried out at the request of the data subject, Art. 6 (1) lit. b GDPR in conjunction with § 26 (1) BDSG.  

Duration of Storage

As a rule, your personal data will be stored with us until your application process is completed. If we are unable to consider your application, we will retain your application data for six months after receiving our notification thereof. If a legal dispute arises in the course of the application process, we will retain your personal data until the complete termination of the legal dispute. If we enter into an employment relationship with you, we will retain your personal application data until the end of this employment relationship in your personnel file.  

Possibility of Objection

The applicant has the option at any time to object to the processing of their personal data. In such a case, the application can no longer be considered. All personal data stored in the course of the electronic application will be deleted in this case.  

Job Portal

On our website, we use the service Personio, provided by Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. Personio is software for personnel management and applicant management. When using the service for applications, the following data is transmitted to Personio:

• Personal information (e.g., name, contact details)

• Application documents (e.g., resume, cover letter, certificates)

• Device and browser information

• IP address

• Date and time of access

The purpose of Personio is to simplify and optimize the application process. The service helps us manage applications efficiently and communicate with candidates. The information is stored and processed on servers of Personio in the European Union.

Data processing is based on Art. 6 para. 1 lit. b GDPR (initiation of a contract) and Art. 6 para. 1 lit. f GDPR (legitimate interest in the efficient execution of the application process). The data is stored for the duration of the application process and subsequently retained or deleted in accordance with statutory retention periods.

Personio, as a processor, has implemented appropriate technical and organizational measures to ensure the protection of your personal data.  

You have the right to obtain information about your stored data, have it corrected or deleted, as well as to restrict or object to the processing. Please note that deletion or objection may lead to us being unable to further process your application.

More information on data protection at Personio can be found at: https://www.personio.de/privacy-policy/

Analysis and Marketing

We use tracking and analysis tools to ensure continuous optimization and needs-based design of our website. With the help of tracking measures, we are also able to statistically record the use of our website by visitors and use the insights gained to further develop our online offering for you. If you have given us your consent to use cookies via a notice provided by us on the website ("cookie banner"), the legality of the use is also governed by Art. 6 para. 1 sentence 1 lit. a GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the processed data.

DoubleClick

To plan, execute, and manage advertising campaigns, we use "DoubleClick" provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). DoubleClick uses cookies and similar tracking technologies.  

The following personal data is transmitted to Google when using DoubleClick:  

• Number of page views,

• Behavior on other pages,

• The IP address

• Previously visited pages  

• Keywords used in search

Your data is generally transferred to a Google server in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis according to Article 45 GDPR. When using DoubleClick, it cannot be excluded that, in addition to the listed data, other personal data may also be collected by the cookies set by DoubleClick. We inform you that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.  

Processing is carried out exclusively after your explicit consent has been given. You can revoke your consent to processing and transfer to third countries at any time. The legality of the previous processing remains unaffected.  

More information on data protection at Google can be found at: https://policies.google.com/privacy.

Google Ads

This website uses Google Ads, an online advertising service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Ads enables us to place targeted advertisements in Google search results and on partner websites.

In the context of Google Ads, we use the so-called conversion tracking. When you access our website via a Google ad, Google Ads places a cookie on your device. This cookie contains information about whether you have performed certain actions on our website, such as purchasing a product or submitting a form. This information is generally transmitted to a Google server in the USA and stored there.

For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. Google is certified within this framework, which is why such transfers are based on the legal basis according to Article 45 GDPR. In addition to this, standard contractual clauses (SCC) have been concluded with Google.

When using Google Ads, it cannot be excluded that, in addition to the IP address, Google may also collect other personal data. We point out that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

Google uses the information generated by the cookies to analyze the effectiveness of the advertisements, compile reports on advertising activities, and provide other services related to website and internet usage for the website operator.

You can prevent the storage of cookies in your browser settings. However, we point out that you may not be able to use all the functions of this website to their full extent in this case.

You can revoke your consent to processing and transfer to third countries at any time. The legality of the previous processing remains unaffected.  

Further information on data protection at Google can be found at: https://policies.google.com/privacy.

Google - TagManager

This website uses the Google Tag Manager, provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Tag Manager enables the management of website tags. When you visit the website, an HTTP request is sent to Google. As a result, device information (such as your IP address) is transmitted to Google and within a Google server in the USA. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. EU-U.S.Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.  

When using the Google Tag Manager, it cannot be ruled out that the data collected by Google also captures other personal data. We would like to point out that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.  

Processing is only carried out after your explicit consent has been given. You can revoke your consent to processing and transfer to third countries at any time. The legality of the previous processing is not affected by this.  

More information on data protection at Google can be found at: https://policies.google.com/privacy.

Hubspot Analytics

We use the service "HubSpot" provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA (hereinafter referred to as "HubSpot").  

The following personal data is processed through the use of HubSpot:  

• A unique user ID in the form of a user token  

• Domain of the website  

• Date and time of visiting our website  

• Number of sessions  

The storage of the unique user ID takes place in the cookie "hubspotutk", while the other data is stored in the cookies "__hssc" and "__hstc". Further information on cookie content at HubSpot can be found at: https://knowledge.hubspot.com/de/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser.

The use of "HubSpot" allows us to monitor the website and thus supports us in improving its functionality. The data is further used to support and improve our digital marketing.  

The processing of your personal data is only carried out after explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You are entitled to revoke your consent at any time. However, this does not affect the legality of processing carried out before the revocation.  

The information is usually forwarded to a HubSpot server in the USA and stored there. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. "HubSpot" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.  

More information on data protection at "HubSpot" can be found at: https://legal.hubspot.com/de/privacy-policy

LinkedIn Conversion

This website uses conversion tracking provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (hereinafter referred to as "LinkedIn"). LinkedIn uses "cookies" and similar tracking methods such as device fingerprinting.  

The information stored in these cookies, e.g. about the time, place, and frequency of your use of our website, is usually forwarded to a LinkedIn server in the USA and stored there. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. "LinkedIn" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. In addition, standard contractual clauses (SCC) have been concluded with LinkedIn.  

When using LinkedIn, it cannot be ruled out that the cookies set by LinkedIn capture other personal data in addition to the IP address. We would like to point out that LinkedIn may transfer this information to third parties if required by law or if third parties process this data on behalf of LinkedIn.  

LinkedIn will use the information generated by the cookie about this website to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator.  

You can generally prevent the storage of cookies by adjusting your browser settings accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.  

Processing is based on your consent. You can revoke your consent to processing at any time. However, this does not affect the legality of previous processing.  

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy

Microsoft Ads

This website uses Microsoft Ads, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (hereinafter referred to as "Microsoft"), to display targeted advertisements and analyze the effectiveness of advertising.  

In the course of using Microsoft Ads, the following personal data is processed:  

• Your IP address  

• Date and time of the request  

• Pages visited on our website  

• Interactions with the advertisements  

• Click behavior and conversion data  

Data processing is carried out to display relevant advertisements that may be of interest to you and to measure the effectiveness of these advertising measures. The legal basis for this is Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in carrying out marketing measures and measuring advertising effectiveness.  

Microsoft Ads uses cookies to enable data collection. These cookies can also be used to make the advertisements more relevant to you and to track your interactions with the advertisements.  

Microsoft stores the collected data on servers in the USA. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. Microsoft is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. In addition, standard contractual clauses (SCC) have been concluded with Microsoft.  

You can prevent data collection by Microsoft Ads by disabling cookies in your browser settings or using Microsoft's opt-out tool.  

Further information on data protection at Microsoft Ads can be found at: https://privacy.microsoft.com/de-de/privacystatement

Microsoft Clarity

This website uses Microsoft Clarity, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "Microsoft"). Clarity uses "cookies" and similar tracking technologies to analyze user behavior on our website and provide visual heatmaps and session recordings.  

The information stored in these cookies, including the IP address, device model, browser type, and interaction data (e.g. clicks, scroll behavior, dwell time), is usually transmitted to a Microsoft server in the USA and stored there. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. Microsoft is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. In addition, standard contractual clauses (SCC) have been concluded with Microsoft.  

When using Microsoft Clarity, it cannot be ruled out that Microsoft captures other personal data in addition to the IP address. We would like to point out that Microsoft may transfer this information to third parties if required by law or if third parties process this data on behalf of Microsoft.  

Microsoft uses the information generated by the cookies to provide analyses on website usage, improve user experience, and identify technical errors.  

You can prevent the storage of cookies in your browser settings. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.  

Processing is based on your consent. You can revoke your consent to processing at any time. However, this does not affect the legality of the processing carried out until then.  

Further information on data protection at Microsoft Clarity can be found at: https://privacy.microsoft.com/de-de/privacystatement.

Use of Company Presence on Social Media

Instagram:

Responsible Provider: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, United States.

Use of Instagram Content: On our company profile on Instagram, we publish information and offer users the opportunity to interact. Through activities such as comments, likes, or following our profile, personal data such as your username or profile picture can be made public.

Personal Data: When using Instagram services on our profile, various personal data can be processed, including real names, profile information, or interaction data (e.g., comments, likes).

Transmission and Processing of Data: The transmission of data to Instagram is based on the adequacy decision between the EU and the USA to ensure adequate protection of personal data.

Purpose of Inclusion: Our presence on Instagram serves communication and exchange with (potential) customers, based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR. We use Instagram to share information about our company, products, services, and relevant industry news.

Right to Object and Further Information: You can object to the processing of your personal data at any time and assert your rights as a data subject as mentioned in Section IV of our Privacy Policy. To exercise these rights, please send us an informal email. Further information on the processing of your data by Instagram and options to object can be found here:https://help.instagram.com/519522125107875

YouTube:

Responsible Provider: YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, United States.

Use of YouTube Content: We embed videos from YouTube on our website to provide users with informative and entertaining content. When using YouTube videos, various personal data are processed by YouTube, such as IP addresses and technical information about your device and browser.

Personal Data: When using YouTube services on our website, personal data such as your IP address, browser details, and your interaction data with the service (e.g., watched videos, likes made) can be collected and processed.

Transmission and Processing of Data: The transmission of data to YouTube is based on the adequacy decision between the EU and the USA to ensure adequate protection of personal data.

Purpose of Inclusion: The inclusion of YouTube on our website is for providing multimedia content for information and communication purposes, which is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

Right to Object and Further Information: You can object to the processing of your personal data at any time and assert your rights as a data subject according to Section IV of our Privacy Policy. Please send us an informal email in this case. Further information on data processing by YouTube and options to object can be found here:https://policies.google.com/privacy?gl=DE&hl=en

Spotify:

Responsible Provider: Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden.

Use of Spotify Content: We integrate music content from Spotify on our website to provide users with an engaging and interactive experience. By using Spotify services, personal data such as your IP address or technical data about your browser and system are processed by Spotify.

Personal Data: When using Spotify services on our website, personal data can be collected. This can include technical data such as the IP address and interaction data with the service (e.g., playlists, playback actions). If you have a Spotify user account, additional personal data such as your username or profile information can be processed through this account.

Transmission and Processing of Data: Spotify is headquartered in Sweden and thus within the European Economic Area. Spotify may however transfer data to countries outside the EU, particularly to the United States. Daten auch in Länder außerhalb der EU übertragen, insbesondere in die Vereinigten Staaten.

Purpose of Inclusion: The inclusion of Spotify is to provide our users with a personalized experience on our website and to promote the exchange of information about music and audio content. The use is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Right to Object and Further Information: You have the right to object to the processing of your personal data and assert your rights as a data subject, as described in Section IV of this Privacy Policy. You can exercise these rights by sending us an informal email. Further information about data processing by Spotify and options to object can be found here:https://www.spotify.com/de/legal/privacy-policy/

Podigee

Responsible Provider: Podigee GmbH, Schönhauser Allee 161, 10435 Berlin, Germany.

Use of Podigee Content: We embed podcasts from Podigee on our website to provide users with informative and entertaining audio content. When using Podigee podcasts, personal data such as IP addresses and technical information about your device or browser can be processed by Podigee.

Personal Data: In the context of using Podigee services, personal data such as your IP address or device data, as well as your interaction data with the service (e.g., played episodes, playback actions), can be processed.

Transmission and Processing of Data: Data transmission to Podigee occurs within the EU and is based on the technical and organizational security measures implemented by Podigee to ensure the protection of your personal data.

Purpose of Inclusion: The integration of Podigee podcasts on our website is for providing audio content for information and communication purposes, based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

Right to Object and Further Information: You can object to the processing of your personal data at any time and assert your rights as a data subject, as described in Section IV of our Privacy Policy. Please send us an informal email in this case. Further information about the processing of your data by Podigee and options to object can be found here:https://www.podigee.com/de/about/privacy

Use of company presences in professional networks

Presence in professional networks

We use company presences in professional networks. We maintain a company presence in the following professional networks:

LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, IrelandOn our page, we provide information and offer users the opportunity for communication.The company presence is used for applications, information/PR, and active sourcing.We have no information about the processing of your personal data by the companies jointly responsible for the company presence. Further information can be found in the privacy policies of:LinkedIn.

If you take an action on our company website (e.g., comments, posts, likes, etc.), it is possible that you may make personal data (e.g., real name or photo of your user profile) public.

Legal basis for data processing

The legal basis for processing your data in connection with the use of our website is Art. 6 (1) (f)GDPR.

Purpose of data processing

Our website is intended to inform users about our services. Each user is free to publish personal data through activities.

Duration of storage

We store your activities and personal data published via our website until you revoke your consent. In addition, we comply with statutory retention periods.

Objection

You can object to the processing of your personal data, which we collect as part of your use of our company presence, at any time and assert your rights as a data subject as mentioned under IV. of this privacy policy. To do so, send us an informal email to the email address mentioned in this privacy policy. Further information from LinkedIn can be foundhere.

Purpose of data processing

The use of CloudFlare's functions serves the provision and acceleration of online applications and content.

Legal basis for data processing

Data collection is based on Art. 6 (1) (f)GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - and therefore the server log files are recorded.

Duration of storage

Your personal data will be retained as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

Possibility of objection

Information about options for objection and removal regarding CloudFlare can be found here

Newsletter, Product Recommendations & Forms

Forms

We use the service HubSpot to provide the following online forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively on our behalf.

Free Offer of Digital Content

To provide you with our downloadable content, we collect personal data from you.Below we inform you about this data.

• Collected Data: Email address, Last name, First name, Title, Job title.

• Purpose: Personalized delivery of the requested content.

• Duration of storage: The data is generally only stored as long as it is necessary to achieve the purpose.After transmission of the content, the data will be deleted.

• Legal basis: Art. 6 (1) b GDPR

Kertos Events

If you register for free Kertos events, you must provide your email address, last name, first name, company name, company size, your position in the company, your city, your country, and your industry.

By registering for the event, you agree to the processing of your personal data for marketing purposes. The legal basis is your previously given consent according to Art. 6 (1) lit. a GDPR.

Consent for the use of collected personal data for marketing purposes is a prerequisite for participation in free events. You can object to the use of personal data for marketing purposes at any time separately.

Duration of storage: The data is generally only stored as long as it is necessary to achieve the purpose. If the consent for marketing purposes is withdrawn, the data stored with us will be deleted.

If you participate in the event, we will forward personal data to the following recipients to conduct the registration process.

Recipient: Eventbrite Inc.

Eventbrite Inc. is a company under the law of the State of Delaware with its registered office at 535 Mission Street, 8th Floor, San Francisco, CA 94105, registration number 4742147 ("Eventbrite USA"). If the participant registers for a Kertos event, the above-mentioned personal data of the participant will be transferred to third countries, particularly to the USA.

As far as personal data is transferred to servers of Eventbrite in the USA and stored and processed there, the organizer has concluded standard contractual clauses and a data processing addendum with Eventbrite Inc., which represent appropriate guarantees within the meaning of the GDPR.

For more information, please refer to Eventbrite's privacy policy:

https://www.eventbrite.de/support/articles/en/Troubleshooting/datenschutzrichtlinien-von-eventbrite?lg=en.

Duration of storage: The data is generally only stored as long as it is necessary to achieve the purpose.

Recording of the event and publication on the Kertos homepage:

The organizer intends to record the event. Furthermore, the organizer intends to publish the recorded event on the Kertos homepage(https://kertos.io/). In the course of publishing the event, no personal data of the participants will be published.

Newsletter

If you sign up for our newsletter, we will store your email address and use it to send the newsletter. Your email address will not be published or passed on to third parties.

• Collected Data: Email address, First name, Last name, Title, Job title.

• Purpose: Sending the requested newsletter.

• Duration of storage: The data is generally only stored as long as it is necessary to achieve the purpose. For the newsletter, the data is stored as long as a newsletter is to be sent and you have not objected to the use of your data.

• Legal basis: Art. 6 (1) a GDPR - Consent.

Unsubscription: You can unsubscribe from our newsletter at any time via a link included in each issue. We will then delete your email address from our distribution list. Alternatively, you can also unsubscribe from the newsletter at any time by email to hello@kertos.io.

Web Demo

If you wish to schedule a web demo, we will use your data to contact you and arrange and conduct a meeting with you.

• Collected Data: Email address, Last name, First name, Phone number, (Company).

• Purpose: Coordination and conduct of the requested web demo as well as preparation and follow-up of the web demo.

• Duration of storage: The data is generally only stored as long as it is necessary to achieve the purpose. The data is stored as long as it is necessary for the preparation, follow-up, and conduct of the meeting.

• Legal basis: Art. 6 (1) b GDPR

Webinars

If you register for a free webinar, you must provide your email address, first and last name, job title, company size, and company name. By registering for the webinar, you also automatically agree that your personal data will be processed for marketing purposes. The legal basis is your previously given consent according to Art. 6 (1) lit. a GDPR.

Consent to the use of the collected personal data for marketing purposes is a prerequisite for participation in free webinars. You can object to the use of personal data for marketing purposes at any time separately.

The purpose of processing the personal data is the sending of the requested invitation to the webinar, the preparation, conduct, and follow-up of the webinar, and the use of the personal data for marketing purposes.

Duration of storage: The data is generally only stored as long as necessary to achieve the purpose. If consent for marketing purposes is revoked, the data stored with us will be deleted. Legal basis: Art. 6 (1) b in conjunction with Art. 6 (1) a GDPR

To participate in our webinars on Livestorm, you must register using the form provided by us. The event is conducted by Livestorm SAS, 60 rue François 1er, 75008 Paris.

When participating in webinars offered by Kertos on Livestorm, personal data is transmitted from gotowebinar to Kertos:

• Collected data: Contact details (email address, surname, first name), usage data (including webinar name, time, date, start time and duration of the call, session ID, last visited webinar), cookies.

• Purpose: Supporting webinar participants and improving webinar content.

• Duration of storage: The data is only stored as long as necessary to achieve the purpose. After the webinar is conducted, your data will be stored for up to one year.

• Legal basis: Kertos processes the data transmitted by Livestorm as a controller based on a contract pursuant to Art. 6 (1) lit. b GDPR.The subject of the contract is the free provision of the webinar content.

Other recipients and transfers to third countries:

For the support of webinar participants, we use the messaging service of Slack Technologies, LLC, 500 Howard Street, San Francisco, CA 94105, USA as a processor.

To analyze user data to improve our webinar content, we use the service of our processor Hubspot Inc., 25 First Street, Cambridge, MA 02141 USA.

In the context of processing by Slack and Hubspot, data may be transferred to the USA. The security of the transfer is ensured in each case via so-called standard contractual clauses or an adequacy decision.

Test Account

If you register for a test account, we use your data to provide you with the necessary information and familiarize you with the test account and the functions of the software.

• Collected data: Email address, surname, first name, telephone number

• Purpose: To provide you with the desired test account and explain the functions of the software.

• Duration of storage: The data is only stored as long as necessary to fulfill the purpose. After the end of the test phase, your data will be deleted if you do not become a customer.

• Legal basis: Art. 6 (1) b GDPR

Product recommendations via email

If you have contacted us, we process your email address, unless you have expressly consented, to send you regular service and product recommendations by email. In this way, we want to provide you with information about products from our range. The legal basis for the aforementioned processing is Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG, as the processing for advertising purposes constitutes a legitimate interest. You can object to the processing of your data for the sending of product recommendations by email at any time by a short message via email to the email address mentioned in number 1. Furthermore, you will find an unsubscribe link in every email with product recommendations.

We also use market-standard technologies in our product recommendations to measure interactions with the messages (e.g., opening the email, clicked links). We use this data in pseudonymous form for general statistical evaluations and to optimize and further develop our content and customer communication. This is done using small graphics embedded in the product recommendations (so-called pixels). The data is collected exclusively pseudonymously and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. We want to share the most relevant content for our customers through our product recommendations and better understand what the readers are actually interested in.

If you do not wish to analyze usage behavior, you can unsubscribe from the product recommendations or disable graphics in your email program by default.

Provision of Kertos OS ("Kertos OS")

Registration

When customers register with the Kertos OS platform (https://app.kertos.io/), their technical data and account information are collected to ensure the app functions properly and provides the desired services. This includes storing installation IDs and system details to ensure troubleshooting and provide necessary updates.

Data categories processed during registration:

- User data (account information: first name, last name, email address, password)

- Technical data (IP address, device type, operating system, installation ID)

Legal basis:

The legal basis for processing is the fulfillment of the contract Art. 6 para. 1 lit. bGDPRand legitimate interest Art. 6 para. 1 lit. fGDPRto ensure secure processing.

Data categories processed for analytical purposes (Amplitude):

To gain a better understanding of how users interact with our platform, we analyze their behavior while navigating the platform. For this service, we use Amplitude, Inc. The following data is processed by Amplitude:

• User interaction data: Information about how users interact with our platform, such as pages visited, time spent on the website, and clicked links.

• Technical data: Information about the devices and browsers used to access our platform, including IP addresses, device types, browser versions, and operating systems.

• Cookies: Amplitude uses cookies to collect and store data. Cookies are small text files placed on your device to analyze how users use our website.

Legal basis:

The legal basis for this processing is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving our products and services through data analysis to ensure an optimal user experience.

We carefully weigh our legitimate interests against your fundamental rights and freedoms. You have the right to object to this processing at any time. If you wish to object or have questions, please contact us.

Storage duration and data deletion:

The collected data is stored until you request deletion or 6 months after contract termination. The analysis data is deleted if you withdraw your consent.

Data processing when using the platform

When using our platform, we process all data entered by the customer.

This may include:

• User information: First name, last name, email address, position, department

• System administrators: Information about individuals responsible for the maintenance and monitoring of specific systems.

• Processing officers: Details about the individuals responsible for specific data processing activities.

• Assigned tasks: Information about tasks assigned to employees.

• Responsible for deletion: Data about individuals responsible for proper data deletion.

• Policy officer: Information about individuals responsible for policy management.

• Employee contact data: Contact information of individual employees.

Use of third-party providers for the Discovery feature:

For our Discovery feature, we use various third-party providers (Google, Microsoft, Okta, and AWS) to integrate with your company's structure via Single Sign-On (SSO). This allows us to identify the tools and software used in your company. The integration helps us provide a seamless and efficient user experience by automating the detection and management of your company's tools and software.

Website scanning feature (BuiltWith):

We use BuiltWith to scan and identify the tools and plugins implemented on your company's website. BuiltWith helps us understand the technology stack and integrations used, so we can better tailor our services to your needs. The data collected by BuiltWith includes:

Technology and plugin information: Details about the tools, plugins, and software used on your website, as well as the last login.

Feedback and error reports:

We value your feedback and offer users the opportunity to report errors and suggest improvements. For this purpose, we use Marker.io, which allows you to easily provide feedback directly on our platform.

The data collected by marker.io includes:

User feedback: Comments and suggestions about the platform.

Error reports: Information about issues or errors encountered while using the platform.

Screenshots and annotations: Visual and descriptive data that help us understand and resolve reported issues.

Referral program:

We offer a referral program that is directly accessible through our platform. For this purpose, we use Cello. The data collected by Cello includes:

Referral information: Details about the referrer and the referee.

Tracking data: Information to track the referral process and the distribution of rewards.

Contact information: Contact details of the referrer and the referee to facilitate communication and program management.

Product Fruits:

We use Product Fruits to optimize and improve the onboarding process for our users. Product Fruits enables us tocustomer onboardings, interactive tutorials, and real-time support directly on our platform. The data collected by Product Fruits includes:User interaction data: Information about how users interact with the onboarding tools, including clicks, navigation paths, and usage patterns.Feedback data: Any feedback given by users during the onboarding process, including comments and ratings.Technical data: Information about the user's device, browser, and operating system to optimize the onboarding experience.

The collected data is used to improve our onboarding process, provide better support, and enhance the user experience. All data is securely stored and accessible only to authorized personnel.

Legal basis

The legal basis for the processing of the above-mentioned processing activities is the fulfillment of the contract Art. 6 para. 1 lit. bGDPR. For the processing of data related to feedback/error reporting, we rely on our legitimate interest according to Art. 6 para. 1 lit. f, as we want to make our product more efficient.

Storage duration and data deletion:

The collected data is stored until you request deletion or 3 months after contract termination.

Third parties

Below we specifically list the third-party providers we use. It should be noted that SSO providers only receive personal data if SSO is actually carried out by the customer on the platform.Otherwise, no data is transmitted to these providers.

Usage of Plugins

Provision of Kertos OS (“Kertos OS”)