Privacy Policy

In the following, we would like to explain to you what data we collect about you and what we do with this data. We also inform you about your privacy rights and explain to whom you can turn with questions about data privacy.

About us

Data controller responsible for the processing of your data (hereinafter: “controller”):

Kito Europe GmbH
Heerdter Lohweg 93
40549 Düsseldorf
Tel. +49 211 528 009 - 0
E-Mail: info@kito.net
CEO: Martin Rothe

Concerning questions about this Data Protection Information, processing of your data, your rights or other data protection topics, our Data Protection Officer (DPO) would be pleased to help you.

Contact details of the data protection officer:

Xamit Bewertungsgesellschaft mbH
Monschauer Str. 12
40549 Düsseldorf
E-Mail: info@xamit.de

Scope of application

This privacy policy applies to the website www.kito.net. It is aimed at the visitors of our website.
On our pages further links are offered which lead to the websites of other operators for which this privacy policy does not apply.
Responsibility for integration of advertisements, text advertisements or commercials before or during embedded videos lies with the respective operator.

Do I have to enter my data?

When you visit our website, user data are automatically stored. Some of the collected data is necessary for the use of a website. In addition, we also process your data in order to safeguard our legitimate interests according to a balance of interests. This will enable us to continuously improve the services we offer to you. On the following pages, you will learn about the background of our interests as well as whether and how you can object to the use of your data or disable the use of the data.
In order to use one of our offers or to send a request, you will be asked to provide your personal data. You can decide for yourself whether to take advantage of these offers and to provide your data. Of course, we process your data only for the purpose for which you provided us with your data. We also offer services for which we process your data only if you have given us your consent. The granting of consent is always voluntary. Consent that has been granted may be revoked at any time.
Please note that if you provide information about other persons, you must have obtained their prior consent and informed them of the purposes for which the information is being disclosed, as set forth in this privacy policy.
We also ask you to share this information with the people you include in the use of our services, such as family members or authorised persons.

What data do we process?

I. Your visit to our website

When you visit our website, different personal data are stored and used.

1. Processed data and processing purposes:

  • Service provision: In order to visit and use our website, the specified data must be collected.
  • Data security: Every instance of access to our website is saved in a log file. We collect and use these data only for the purpose of data security.
  • Display of fonts: In order to load the fonts that we use on this web site into your browser cache the indicated data need to be processed.
Dates Service provision Data security Display of fonts
IP-number x x x
Name of the retrieved file x x x
Transferred amount of data x x x
Visited Website x
Referrer URL (the previously visited website) x x
User agent sent by your browser (only for mobile version or automatic voice control) x x x
Date and time of access x x x
Date and time of the last user activity (for session timeout) x x
Browser type Browser version Browser resolution (inner window size) browser language screen size Screen resolution incl. Color depth x
URL of the viewed page / Downloads x x
Cookie on/off x
Java script on/off x
Installed plugins x x

In addition, the above-mentioned data are used for the following purposes in the context of a consideration of interests (Art. 6 (1) (f) GDPR) . The interests are named below:
(1) Should a security incident occur in our company that affects your data, we are obliged to report the case to our data protection supervisory authority (Article 33 GDPR). Since our legitimate interest is to comply with this statutory reporting obligation as quickly as possible, it may happen that in the context of the investigation of the corresponding security incident data about you are processed. Reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
(2) As it is in our interest to ensure the security of our systems, we regularly conduct security and efficiency tests that allow us to process your above-mentioned data.
(3) It is in our interest, in the event of litigation, to keep evidence until all relevant statutory limitation periods pursuant according to sections 195 and fallowing of the German Civil Code, have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods.
(4) In addition, it is in our interest to investigate suspected cases and to hand over relevant information to law enforcement authorities in case of a specific criminal suspicion.

2. Information about automated individual decisions

No automated individual decisions are made.

3. Legal basis for the use of your data

a) We process your data as described under Service provision and Display of fonts for the performance of the contractual relationship to you, so you can use and access our website (Art. 6 (1) (b) GDPR).

b) We process your data in order to safeguard our legitimate interests (Art. 6 (1) (f) GDPR): It is in our interest to be able to guarantee data security. For this purpose, the data of each visit are stored and evaluated in a log file.

You have the right, for reasons that arise from your particular situation, to object to the processing of your data in order to safeguard our legitimate interests. Please read more under 6. Cookies and Web-Tracking.

4. Deletion periods (or storage duration)

  • The data processed for the purpose of data security will be deleted after 7 days.

5. Origin of the data

There is no data collection from third parties.

II. Contact and other services

1. Processed data and processing purposes
In the following, we would like to discuss the purposes for which your data is processed, if you have a concern or use our services.

  • Processing of inquiries incl. contact form: We process the data you give us if you have a question or concern. If you make inquiries to trading partners, we forward the inquiries to the corresponding trading partners. This includes the data that you have entered in the contact form, sent by e-mail or fax. The contact form uses a so-called captcha for avoiding spam. By using it you verify that you are a human being.
  • Newsletter: You can subscribe to our newsletter, which requires an e-mail address.
  • Map service: So that you can find our company, as well as our trading partners better and plan your journey, we offer you a map of the Google Maps- map service. Google Inc collect and process your data while you are using the map. For more information, see the Google Maps Terms of Service. We have no influence on the data collection and processing by Google Inc.
  • Use of social plugins: Our website uses so-called social plugins for Twitter, Facebook, Google+ and Pinterest. When using one of these plugins, the respective operator will receive the information that you have visited the respective page of our website. We do not collect personal data from the use of social plugins unless you activate the social plugin. If you are logged into your account at the operator, the operator might relate your visit to your account. When you interact with social plugins, e.g. with a like button or by writing a comment, the information will be transferred from your browser to the operator and stored there. For more information please refer to the terms and conditions of Twitter, Facebook, Google+ and Pinterest.
  • Satisfaction surveys: We conduct satisfaction surveys with the aim of identifying our company’s room for improvement and potential support for our customers or trading partners. The specified data are used for inviting you to our survey.
Data Processing of inquiries incl. contact form Newsletter Map service Use of social plugins (after activation) Satisfaction surveys
Salutation x x x
Name x x x
E-mail address x x x
Company x x
Message x
Telephone number x x
Time and date of message x
Address or location x x
Search radius x
Category x
Answer x
IP number x x
Date and time of access x x
Operating system x
Browser resolution, browser size x
Browser type, browser version, installed plugins x
Referrer URL x
Java script on/off x
URL of viewed page, downloads x

In addition, the above-mentioned data are used for the following purposes in the context of a consideration of interests (Art. 6 (1) (f) GDPR). The interests are named below:
(1) In case of a security incident at our company that affects your data, we are obliged to report this case to data protection supervisory authority (Art. 33 GDPR). Since our legitimate interest is it to comply with this statutory reporting obligation as quickly as possible, it may happen that in the context of the investigation of the corresponding security incident, your personal data will be processed. Reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
(2) As it is in our interest to ensure the safety of our systems, we regularly conduct safety and efficacy tests that allow us to process your above-mentioned data.
(3) In the event of litigation, is it in our interest to keep evidence until all relevant statutory limitation periods pursuant to sections 195 and following of the German Civil Code have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods.
(4) In addition, it is in our interest to investigate suspected cases and to hand over relevant information to law enforcement authorities in case of a specific criminal suspicion.

2. Information about automated individual decisions
No automated individual decisions are made.

3. Legal basis for the use of your data
a) We process your data as described under "Processing of inquiries incl. Contact form" and "map service", specified in the context of a contract-like relationship of trust (Art. 6 (1) (b) GDPR). If you wish to use these services, we will need the data provided to provide these services.
b) In addition, we process your data in order to safeguard our legitimate interests (Art. 6 (1) f) GDPR):

  • To make it easier for you to share our content on social media, we offer so-called social plug-ins. By using the plugin, the respective operator receives the information that you have accessed the corresponding page of our website. If you are logged in to the operator, this can assign the visit to your account. If you interact with the plugins, for example, press the "Like" button or leave a comment, the corresponding information will be transmitted from your browser directly to the operator and stored there.
  • We process your data for satisfaction surveys based on our legitimate interest in analyzing needs and identifying support potential.

c) We use your e-mail address for sending our newsletters with information about our products, offers and services, this is based on your consent (Art. 6 (1) (a) GDPR).

4. Deletion periods (or storage duration)

  • For inquiries: 7 days after receiving your inquiry
  • For the preservation of evidence, we retain data in accordance with the statutory limitation periods according to sections 195 and following of the German Civil Code. The storage duration of your data may exceed the duration stated above. The statutory limitation periods can be up to 30 years. The normal limitation period is 3 years.

5. Origin of the data
There is no data collection from third parties.

Which organizations receive your data?

The following table shows which organizations (“data recipients”) receive your data in which cases. You can read about the specific data in the corresponding sections of this privacy policy. Transfer of your data may sometimes occur due to legal reporting requirements. In other cases, we use selected vicarious agents and service providers who work for us as commissioned data processors (in accordance with Art. 28 GDPR) and may obtain access to your data in the required scope. Commissioned data processors are subject to numerous contractual obligations and may, in particular, process your personal data only on our instructions and solely for the fulfilment of the orders received from us.

Data recipient Explanation
Trading partners For inquiries directed to our trading partners, we forward the inquiry to the addressed trading partners
Service provider for fonts When opening our website, your browser loads the fonts of our service provider into your browser cache in order to display texts and fonts. The service provider receives the data as described in the table above.
Service provider for newsletter distribution For the dispatch of the newsletter, we use within the scope of an order processing service, which receive your e-mail address for dispatch purposes.
IT service providers As part of the operation of our IT infrastructure and our website, the respective service providers can gain access to your data. We require our service providers to always limit the processing of your data to what is necessary to carry out the purpose.
Provider for map services When you use a map service on our website, the provider of this service will receive information about your visit to our website.
Police, lawyers, law enforcement agencies, public prosecutor, state or federal criminal police It is in our interest to investigate suspected cases and to hand over all necessary data to law enforcement authorities in case of a specific criminal suspicion against a customer.
Social Media When you use social plugins on our website, the respective provider will receive information about your visit to our website.

Data recipients in non-EU countries

Newsletter
When you subscribe to our newsletter, the required data will be transferred to US-American service providers. The data protection level in the USA deviates from that in the EU. Your common EU rights might not apply in the USA. The EU Commission determines which non-EU countries have an appropriate level of data protection. There is no general adequacy decision by the EU Commission for the USA.

Google Services
This website uses the Google Maps API, a map service of Google Inc. ("Google"), to display our location, as well as the location of our trading partners and for route planning purposes to display an interactive map. By using Google Maps, information about your use of this website may be transmitted to and stored by Google on servers in the United States. Google may transfer the information obtained through Google Maps to third parties. It would be technically possible that Google could use the data obtained to identify at least one user. It would also be possible for Google's website personal data and personality profiles to be processed for other purposes beyond our control.

We use Google Fonts. When opening a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.

We use the reCAPTCHA feature from Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland („Google“)) on this web site. This feature allows the distinction, whether an entry is made by a natural person or improperly by automatic means. The feature requires the transfer of the IP address and potentially other data necessary for reCAPTCHA to Google. When using the reCAPTCHA, personal data may be transferred to Google’s servers in the USA.

Social Plugins
Our website applies so called social plugins for the social media providers Twitter, Facebook, Google+ and Pinterest. By using these social plugins, the respective provider receives the data as described in the table above. Google receives the data as described in the table above.

Level of data protection at Google and Social Media Providers
The EU Commission determines which non-EU countries have an appropriate level of data protection. The EU Commission recognizes companies in the US who participate in the EU-US Privacy Shield (also EU-US Privacy Shield) as data recipients with an adequate level of data protection. This agreement between the US and the EU ensures that data protection regulations when processing data in the US by EU-US Privacy Shield companies comply with the data protection standards of the European Union. According to their own statement, Google LLC, Twitter Inc., Facebook Inc. and Pinterest Inc. have acceded to the EU-US Privacy Shield. Information on the appropriate or reasonable warranties and how to obtain a copy from them or where they are available may be requested upon request using the contact details provided above. For more information about the processing of your data by these providers, please refer to the data protection notice/privacy policy of the respective provider.

IT service provider
An IT service provider is mainly located in the USA. They may access your data from the USA. The EU Commission determines which non-EU / EEA countries (third countries) have an adequate level of data protection. The transfer uses the EU standard contract according to Commission Decision 2010/87/EU, the model of which can be found on the websites of the European Commissioner for Justice and in the Official Journal of the EU. Information about the appropriate or reasonable warranties and how to obtain a copy or where they are available can be requested on demand using our contact details.

Your rights

You have the legal right to:

  • Access to your personal that we process (Art. 15 GDPR)
  • Rectification and completion of your data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdrawal of your consent (Art. 7 GDPR) with effect for the future

Objection to the processing of your data in order to safeguard our legitimate interests or the legitimate interests of third parties (Art. 21 GDPR) – You have the right, for reasons arising from your particular situation, to object to such processing at any time; this also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR.

To exercise these rights, you can contact us in particular via info@kito.net.

You also have the legal right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

YOUR CONTACT PERSON

Do you have any questions or do you need individual advice?
We would be glad to help you with all your requests. Please ask us!

TOP