Data Protection
Data protection
impact AI services GmbH (hereinafter jointly referred to as “impact AI”) appreciates your
interest in our enterprise and in our online appearance.
Data protection is of a particularly high priority for the management of the impact AI. The
use of all Internet pages and social media appearances of the impact AI is generally possible
without the indication of personal data that reveal your identity directly to us and in addition,
certain information regarding your end devices or technical equipment are processed in the
course of visiting web services which, although it does not allow any direct conclusions to be
drawn about your identity, qualify as personal data by law or are protected by law for other
legal reasons; however, if a data subject wants to use special services via our websites or our
offerings on social media, processing of personal data may become necessary. If the
processing of personal data is necessary and there is no statutory basis for such processing,
we generally obtain consent from the data subject.
1. Purpose of this Data Protection Notice
This Data Protection Notice generally applies to the online offerings and appearances of
impact AI, which can be accessed on the websites available under the URL
“impactaigroup.com" and further URLs, also including its presences on social media,
wherever they are linked to this Data Protection Notice (hereinafter jointly referred to as "our
website(s)" or as well our “web service(s)”).
As a person affected by data processing through our websites, you are entitled to several
rights concerning your personal data under the General Data Protection Regulation (GDPR),
other data protection laws applicable in Member states of the European Union and other
provisions related to data protection. In particular, you have the legal right to information on
your processed personal data and by means of this Data Protection Notice, we would
therefore like to inform you comprehensively about the processing of your personal data
when using our websites.
Further, you may as well have the rights to deletion and correction of the personal data we
may process and to objection against the processing of your personal data. With regard to all
your rights and the exercise thereof, please refer to the following section "Rights of Data
Subjects" within this Data Protection Notice.
This Data Protection Notice can be retrieved, downloaded and printed out at any time under
the URL https://impactaigroup.com/data-protection. We reserve the right to adapt this Data
Protection Notice at any time so that it always meets the current legal requirements or to
reflect changes in the application procedure or the like. Since changes in the law or changes
in our internal processes may make it necessary to adapt, we ask you to read this Data
Protection Notice regularly.
2. Name and Address of the controllers
Generally responsible for the operation of our websites is KI group GmbH, Mittelstraße 12-
14, 50672 (Cologne. (Germany). Unless indicated otherwise, KI group is therefore also
the controller for the processing of personal data within these websites within the meaning of
Articles 4 No. 7, GDPR
For the full contact details of KI group, please refer to the imprint of this website at
https://kigroup.de/imprint.
However, individual areas of our websites as well as, in particular, websites and offers that
are specifically operated in the name of the whole KI group or individual of the companies of
the KI group or under specific URLs that can be assigned to the whole KI group or the
respective companies (named in the imprint on the particular websites) may, in addition, be
subject to the (joint) data protection accountability of the KI group or respective named group
or subsidiary companies, as a controller in the sense of Articles 4 No. 7 GDPR. Insofar as
individual websites and the processing of personal data therein is carried out under the joint
accountability of various companies of the KI group according to Articles 4 No. 7, 26 GDPR
or individual companies as sole controllers according to Article 4 No. 7 GDPR, for the
respective contact information on the controller(s), please refer to the imprint of the
respective websites.
3. Personal data
Personal data is information about personal or factual circumstances of a specific or
identifiable natural person. This includes information such as your name, address, telephone
number and date of birth, but also data about your specific career, etc., which can be assigned
to a specific person with reasonable effort.
Information that is anonymized and not associated with your identity, however, is not
personal data.
4. Purposes of the processing of personal data
Some of the personal data and further information we may collect from you is necessary to
enable us to provide you with the services you request, to fulfil our contracts with you, to
comply with legal requirements or if we have a legitimate interest in the use of your
information, for example, when we use your personal data to be able to offer you an
extensive and interesting offer via our websites and our web services and to constantly
improve these.
When we collect data directly from you, we may ask you for your consent and clearly mark
mandatory information (e.g. with an asterisk (*)). You voluntarily provide us with any other
information that is not marked.
We will generally collect, process and use the personal data you provide online only within
the legal bases provided for within the applicable data protection legislation or within the
borders of your consent and as well only for the purposes disclosed to you.
5. General legal bases
The legal bases for the processing of your personal data may be the following:
• Article 6 para. 1 s. 1 lit. a GDPR serves as the legal basis for processing operations for
which we obtain consent for a specific processing purpose.
• If the processing of personal data is necessary for the performance of a contract to
which the data subject is party, as is the case, for example, when processing
operations are necessary for the supply of goods or to provide any other service, the
processing is based on Article 6 para 1 s. 1 lit. b GDPR. The same applies to such
processing operations which are necessary for carrying out pre-contractual measures,
for example in the case of inquiries concerning our products or services.
• Is our company subject to a legal obligation by which processing of personal data is
required, such as for the fulfilment of tax obligations, the processing is based on
Article 6 para. 1 s. 1 lit. c GDPR.
• In rare cases, the processing of personal data may be necessary to protect the vital
interests of the data subject or of another natural person. This would be the case, for
example, if a visitor were injured in our company and his name, age, health insurance
data or other vital information would have to be passed on to a doctor, hospital or
other third party. Then the processing would be based on Article 6 para. 1 s. 1 lit. d
GDPR.
• Finally, processing operations could be based on Article 6 para. 1 s. 1 lit. f GDPR.
This legal basis is used for processing operations which are not covered by any of the
abovementioned legal grounds, if processing is necessary for the purposes of the
legitimate interests pursued by our company or by a third party, except where such
interests are overridden by the interests or fundamental rights and freedoms of the
data subject which require protection of personal data.
6. Which personal data is collected and processed?
You can generally browse our websites without providing us with personal data (e.g. name,
address, telephone number or e-mail address) that reveal your identity directly to us, unless
you make them available to us voluntarily (e.g. for registrations for events, enquiries or
surveys) or you have consented to the intended use or otherwise the corresponding legal
provisions on the protection of your data permit the specific use of your personal data
according to the aforementioned legal bases for specific purposes.
Particularly, your personal data may be used as follows:
6.1 Applications and the application procedures
If you apply to us electronically, i.e. by e-mail or via our web form, we collect and process
your personal data for the purpose of handling the application procedure and carrying out pre-
contractual measures.
By submitting an application on our recruiting page and sending us your application
documents, you express your interest in joining us to work for our companies and make your
personal data available to impact AI for the purpose of applying for a specific position
advertised by us. In this context, you provide us with personal data which we use and store
exclusively for the purpose of your job search/application.
In particular, the following data is collected:
• Your name (first and last name)
• Your e-mail address
• Your resume/CV
• Salary expectations
• Your possible start data
• Information on how you heard about the vacant position
• You also have the opportunity to upload relevant documents such as a cover letter,
references and certificates, and further documents that you consider significant in the
context of your application. These documents, just like CVs, may contain further
personal data such as date of birth, address, etc.
• Finally, you have to confirm that you have read our Data Protection Notice before
submitting your application.
The scope of personal data that you need to provide to us as part of your application depends
on the scope and type of your application or the position advertised with us. You are
generally free to decide which data you provide us with. However, we may not be able to
consider your application without certain information that is required in the individual case or
according to the job posting. If necessary, please refer to the job posting for which you wish
to apply to find out whether certain information is required.
We clearly mark mandatory information there (e.g., with an asterisk (*)). In these cases,
you provide us with all other information not marked with an asterisk voluntarily.
Note on special categories of personal data
We would like to point out that job applications, in particular resumes, references and other
data you send us, may contain particularly sensitive information about your state of health,
your racial or ethnic origin, your political opinions, your religious or philosophical beliefs,
your memberships in a trade union or political party, or your sex life. However, we do not
request such data from you and you provide us with such information voluntarily and on the
basis of your consent. This consent also relates to the processing of all personal data of a
special nature submitted as part of your application in accordance with the provisions of this
data protection declaration.
In the further course of the application process, we may also collect further data from you and
process them, together with the information you provided in the course of your application,
for the purposes stated here. This may also include our assessment of whether you are
qualified and suitable for filling vacancies in our company.
If you apply to us, your any of your above mentioned personal data is stored and used
exclusively for the purpose of filling the vacant position for which you have applied and
to be able to contact you personally on the basis of your application and, if necessary, to
initiate a possible employment relationship with you.
You will have to confirm that you have read our Data Protection Notice before
submitting your application.
Only authorized employees from our personnel department or employees involved in the
application process have access to your data. A transfer of your personal data to third parties
or a use of your data for advertising purposes will not take place unless you have expressly
consented to it. A use of your personal data beyond the uses mentioned in this Data
Protection Notice does not take place.
6.1.1. Retention of your application data
Your data will generally be stored for a period of 180 days after the end of the application
process. As a rule, this is done to fulfil legal obligations or to defend against any claims
arising from legal regulations. We are then obliged to delete or anonymize your data. In this
case, the data is only available to us as so-called metadata without direct personal reference
for statistical evaluations (for example, proportion of applications regarding gender, number
of applications per period, etc.).
The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which
permits the processing of data to fulfil a contract or pre-contractual measures), in this context
directed towards the conclusion of an employment contract with you and Article 6 para. 1 s. 1
lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate
interests), in this context, directed at our legitimate interest in being able to defend ourselves
in the event of legal claims being brought against us on the basis of general equality
legislation. With regard to the processing of (possibly special categories of) personal data
provided in addition to the mandatory data, the legal basis is that of Article 6 para. 1 s. 1 lit. a
GDPR (which permits data processing on the basis of your consent)
6.1.2. Prolonged retention (“Talent Pool”)
In addition and only with your consent, we store your data for inclusion in the KI group's
"Talent Pool" for 2 years after the end of the application process in order to identify any other
interesting positions for you. This also applies, for example, to applications for training or
internship positions.
In this case, we will continue to use all of the data collected from you as part of the
application process in order to review your application in relation to vacancies at our
company and other companies of the whole KI group and in order to be able to contact you
personally on the basis of your application, as well as to initiate a possible employment
relationship with you, if applicable.
In the event that we are currently unable to offer you a position in our company, you can
already request to be included in the KI group's "Talent Pool" in the course of your
application and give the corresponding consent to the extended processing period of your
application data. To consent to the prolonged storage of your data and inclusion in our "Talent
Pool", please activate the checkbox next to the following explanation:
Declaration of consent to extended storage of my application data in the "Talent Pool".
In the event that my application cannot be considered at the moment, I expressly agree that
the KI group may store the information I have provided in this application, as well as any
other documents submitted in connection with my application, in its applicant database for a
period of 2 years after the end of the application process, in order to be able to contact me in
the future if a position matching my application profile becomes available.
I am aware that I can revoke my consent to the permanent storage of my application data at
any time with effect for the future.
All information on revoking this consent can be found here.
In the event of extended storage of your data within the KI group's Talent Pool, the
processing of your personal data is subject to joint controllership in accordance with Art. 26
GDPR. For all details in this context, please refer to the Data Protection Notice on the joint
website of the companies of the KI group.
You can revoke your consent to the use of your application data at any time with effect for the
future. To do so, simply send an e-mail to the e-mail address privacy@kigroup.de. Your data
will then be deleted from our applicant database; if deletion is not possible, blocking will take
the place of deletion. In this case, we can no longer consider your application.
Additional charges (beyond the regular transmission fees of your Internet or telephone
provider) will not be incurred for the revocation.
You are not obliged to consent to an extended storage of your application data in the KI
group's "Talent Pool". Without your consent, we are however unable to include you in our
"Talent Pool" and must delete your application data in accordance with the requirements of
Section 6.1.1. after completion of the initial application process.
The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. a GDPR (which
permits data processing on the basis of your consent).
6.1.3. Data processing within the scope of the employment relationship
If you receive and accept an offer of employment with us as part of the application process,
we will store the personal data collected during the application process at least for the
duration of the employment relationship.
The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which
permits the processing of data to fulfil a contract or pre-contractual measures), in this context
directed towards the conclusion of an employment contract with you and Article 6 para. 1 s. 1
lit. f GDPR (which permits the processing of data to safeguard the data controller's legitimate
interests), in this context, we use your personal data mainly for the purpose of establishing,
implementing and, if necessary, processing and terminating the employment relationship
entered into with you. You will be informed in detail about the processing of your personal
data and the legal bases thereof within the scope of the employment relationship entered into
with the companies of the KI group when the employment contract is concluded.
6.2 Contact forms on our websites
For general inquiries and contact requests, please use our contact form at
impactaigroup.com or send us an e-mail contact@impactaigroup.com When you contact us
via our contact form or via e-mail, we use your personal data exclusively to answer your
inquiries according to your requests and to your satisfaction. To do so, we generally process
your full name (name and last name) and also e-mail address to reply to your individual
inquiry. Further, it is generally your free decision which data you provide to us. However, we
may not be able to fulfil your contact request without certain details required in individual
cases.
The legal basis for this data processing is that of Article 6 para. 1 s. 1 lit. b GDPR (which
permits the processing of data to fulfil a contract or pre-contractual measures), Article 6 para.
1 s. 1 lit. f GDPR (which permits the processing of data to safeguard the data controller's
legitimate interests) . Our legitimate interest within the meaning of the GDPR is the
optimization and fulfilment of our online offers and our web services.
6.3 Server-Log files
Your visit to our websites is automatically logged by our web servers. In connection with the
retrieval of the information you requested from our web services, data is collected for the
provision of our various services or for evaluation and security purposes and, if necessary,
stored in anonymized form (without personal reference). The web servers we use
automatically store data about the retrieval of our web services in so-called server log files.
These are the following data:
• Your IP address
• The URLs you access on our web pages
• Referrer URL (the page from which you visit us)
• Time of the server request
• Host name of the accessing terminal (the name of your Internet service provider)
• Browser type and browser version
• Operating system used and its settings
The processing of the above data is done for security purposes, for general fraud prevention
and as a precaution against attacks on our web services. An automated combination of this
data with data from other data sources does not take place.
If we also automatically log your IP address, this is automatically deleted after 30 days at the
latest .
Furthermore, we store the URL accessed with the associated page title and optional
information on the page content; information on the terminal device used, operating system
and browser. This information is generally transmitted with each individual page request
when using the Internet. However, unlike cookies and similar technologies, no information is
read from the memory of the user's terminal device and no information is stored on this
terminal device.
Since the privacy of our visitors is important to us, this data is processed without being
merged with other data provided by you, such as your contact details, and furthermore, data
that may allow a reference to an individual person, such as the IP address, login or device
identifiers, are anonymized or pseudonymized immediately after collection by deleting the
last number block. No other use, combination with other data or disclosure to third parties
takes place.
This data processing is based on the legal basis of Article 6 para.1 s. 1 lit. f GDPR, which
allows data processing based on our legitimate interest. Our legitimate interest within the
meaning of the GDPR is the optimization and technical security of our online offers and our
web services.
Apart from that, only general information is recorded, e.g. when which content from our offer
is called up or which pages are visited most frequently, the names of the requested files as
well as their call-up date and time. These data are evaluated to improve our offer and do not
allow any conclusions about your person. We will not use this information for any other
purpose.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR, which allows the
processing of data to protect the legitimate interests of the data controller.
7 Our social media appearances
We maintain publicly available profiles in social networks. The individual social networks we
use can be found below.
7.1 Data processing through social networks
Social networks such as Facebook, Twitter etc. can generally analyse your user behavior
comprehensively if you visit their website or a website with integrated social media content
(e.g., like buttons or banner ads). When you visit our social media pages, numerous data
protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator
of the social media portal can assign this visit to your user account. Under certain
circumstances, your personal data may also be recorded if you are not logged in or do not
have an account with the respective social media portal. In this case, this data is collected, for
example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user
profiles in which their preferences and interests are stored. This way you can see interest-
based advertising inside and outside of your social media presence. If you have an account
with the social network, interest-based advertising can be displayed on any device you are
logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals.
Depending on the provider, additional processing operations may therefore be carried out by
the operators of the social media portals. Details can be found in the terms of use and privacy
policy of the respective social media portals.
7.2 Legal bases
Our social media appearances should ensure the widest possible presence on the Internet.
This is a legitimate interest within the meaning of Article 6 para. 1 s. 1 lit. f GDPR. The
analysis processes initiated by the social networks may be based on divergent legal bases to
be specified by the operators of the social networks (e.g., consent within the meaning of
Article 6 para. 1 s. 1 lit. a GDPR).
7.3 Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of
the social media platform, are responsible for the data processing operations triggered during
this visit. You can in principle protect your rights (information, correction, deletion,
limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the
operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we
do not have full influence on the data processing operations of the social media portals. Our
options are determined by the company policy of the respective provider.
7.4 Storage time
The data collected directly from us via the social media presence will be deleted from our
systems as soon as you ask us to delete it, you revoke your consent to the storage or the
purpose for the data storage lapses. Mandatory statutory provisions - in particular, retention
periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social
network operators for their own purposes. Particularly cookies and similar techniques stored
on your device by the respective social media provider may remain until you delete them
(please refer to the following section 8 for further information on the cookies that we use on
our website). For details, please contact the social network operators directly (e.g., in their
privacy policy, see below).
7.5 Our profiles on individual social networks
Specifically, we maintain profiles on the following social media platforms. For detailed
information on the processing of your personal data by their providers, please refer to the
respective information and links:
7.5.1 LinkedIn
We maintain a LinkedIn profile under the
URLhttps://www.linkedin.com/company/impactaigroup. The provider is the LinkedIn Ireland
Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses
advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following
link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the
European Commission. Details can be found
here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn's privacy
policy: https://www.linkedin.com/legal/privacy-policy.
8 Anonymous usage evaluations and use of cookies and similar technologies
We do not create personal user profiles. In connection with the viewing of the information
you have requested form our websites, data is only stored on our servers in anonymised form
for the provision of our various services or for evaluation purposes. In this context, general
information in accordance with section 6.3 of this Data Protection Notice is also logged in
order to determine the frequency of use and the number of users of our web pages. In this
way, we learn which area of our websites our users have visited.
However, this usage data does not contain personal data and does not allow any conclusions
to be drawn about the identity of the individual user. All of this anonymised usage data is not
combined with your personal data and is deleted immediately after the end of the statistical
evaluation.
The legal basis for this data processing is that of Art. 6 para. 1 s. 1 lit. f GDPR (which permits
the processing of data to protect the legitimate interests of the data controller). e.g. when
which content from our offer is accessed or which pages are visited most frequently.
Our websites do not use cookies or similar technologies. We also do not use any similar
technologies ourselves in our social media profiles mentioned in section 7 of this Data
Protection Notice.
With regard to the use of such technologies by the respective providers of these social media
platforms, we kindly ask you to inform yourself in this regard under the specified information
sources supplied by the providers themselves.
9 Period for which the personal data will be stored.
We only store personal data that you provide to us for as long as they are needed to fulfil the
purposes for which these data were provided or as long as this is required by law:
• If you conclude contracts with us, we store and process your personal data for the
duration of your contractual relationship with us and also for the fulfilment of legal
post-contractual archiving obligations and for the duration of the statutory retention
periods (maximum 10 years);
• If you apply through us for vacant positions with us, we will delete your application
data at the latest 180 days after completion of the application procedure, unless you
have given us your consent to permanently store your data for future job vacancies;
• If you send us an inquiry, we process your personal data for the duration of processing
your inquiry and for the period we may need to document the inquiry process and our
answers.
Generally, we delete or anonymize your personal data from our systems and records, so that
you can no longer be identified, when they are no longer needed. We may retain certain
personal data in order to comply with our legal and regulatory obligations and to enable us to
administer our rights (e.g. to enforce our claims in court), or for statistical purposes (in
anonymous form).
10 With whom do we share Personal Data?
If these cases are not listed in this Data Protection Notice, we will not sell or market your
personal data to third parties or forward them on for any other reason.
In addition to the other cases mentioned in this Data Protection Notice, your personal data
will only be passed on without your express prior consent in the following cases:
• If it is necessary for the clarification of an illegal or abusive of our web services or for
the prosecution, personal data are passed on to the prosecution authorities as well as if
necessary, to damaged third parties. However, this only happens if there are concrete
indications of illegal or abusive behaviour. A disclosure to third parties bound to
professional secrecy can take place if this is necessary to enforce the contractual
conditions or other agreements as well as our claims arising from contracts that you
have concluded with us. The legal basis for data transmission is Article 6 para. 1 s. 1
lit. b GDPR, which permits the processing of data in order to fulfil a contract or pre-
contractual measures and Article 6 para. 1 s. 1 lit. f GDPR, which permits the
processing of data in order to safeguard the data controller's legitimate interests.
• Further, we may also be legally obliged to provide information to certain public
authorities upon request. These are law enforcement authorities, authorities that
prosecute fined offences and the tax authorities.
• As our business develops, the structure of our company may change as its legal form
changes, subsidiaries, parts of companies or components are established, purchased or
sold. In such transactions, customer information will be shared with the part of the
company to be transferred with your consent. Whenever personal data is passed on to
third parties to the extent described above, we will ensure that it is used in accordance
with this data protection declaration and the relevant data protection laws and ask you
for your consent.
11 Who is involved in processing your Personal Data?
We process your personal data collected through the website and may also engage third
parties to assist us according to our instructions and therefore, your personal data can also be
processed on our behalf by our reliable, external service providers ("contract processors").
We solely rely on trusted and reliable contract processors who conduct a number of business
processes on our behalf and only provide them with the information they need to provide
their services to us. We make every effort to ensure that all contract providers with whom we
work strictly protect your personal data and use them only for the purposes to which we
assign them and on our behalf. For example, we can commission the following services for
which the processing of your personal data is necessary to our contract processors or our
contract processors may be
• Third parties who support and help us to provide digital and e-commerce services,
including CRM, web analytics and search engine and user content maintenance tools.
• Advertising, marketing, digital and social media agencies to assist us with advertising,
marketing and campaign activities, to analyse their effectiveness and to manage your
contact requests and questions;
• Third parties who assist us in providing IT services, including platform providers,
hosting services, maintenance and support for our databases, and our software and
applications that contain information about you (in some cases, such services simply
include access to your data to perform the desired task);
The legal basis for data transmission is Article 6 para. 1 s. 1 lit. b GDPR, which permits the
processing of data in order to fulfil a contract or pre-contractual measures and Article 6 para.
1 s. 1 lit. f GDPR, which permits the processing of data in order to safeguard the data
controller's legitimate interests.
We have concluded a contract with all our contract processors on the commissioned data
processing on our behalf in accordance with Article 28 GDPR and fully implement the strict
requirements of the German data protection authorities when using their services.
12 Data transfers to “Third Countries”
If we process data in a Third Country (i.e., outside the European Union (EU), the European
Economic Area (EEA), where the privacy laws may not be as protective as those in your
location) or the processing takes place in the context of the use of third-party services or the
disclosure or transfer of data to other persons, entities or companies, this is only done in
accordance with the strict legal requirements of the EU and we ensure that your data is
treated in accordance with the provisions of this Data Protection Notice.
Subject to express consent or contractually or legally required transfer, we only process or
have the data processed in third countries with a recognized level of data protection,
contractual obligation through the so-called standard protection clauses of the EU
Commission (SCC), in the presence of certifications or binding internal data protection
regulations according to Articles 44 to 49 GDPR; further information can be found on the
websites of the EU Commission under the URL https://ec.europa.eu/info/law/law-topic/data-
protection/international-dimension-data-protection_en. Where necessary, we and our contract
processors will, where applicable, also take supplementary measures to ensure the protection
of your privacy rights, the confidentiality of your personal data and compliance with the
applicable laws and regulations of the EU.
13 Data Security
We make every effort to take extensive technical and organisational security measures to
protect your personal data against unintentional or unlawful deletion, alteration or loss and
against unauthorised disclosure or access. All our employees are accordingly bound to
secrecy and data protection. Insofar as it is within our sphere of influence, we use modern
encryption techniques and a large number of other measures in particular to prevent
unauthorised access by third parties. You can recognize an encrypted connection by the fact
that the address line of the browser changes from ";http://" to "https://" and by the lock symbol
in your browser line. If SSL or TLS encryption exists, the data you exchange with us cannot
be read by third parties.
Further, our security precautions are regularly checked and adapted to technological progress.
However, we would like to point out that due to the structure of the Internet, it is possible that
the rules of data protection and the above-mentioned security measures may not be observed
by other persons or institutions for which we are not responsible. In particular, unencrypted
data can be accessed by third parties - particularly if this is done by e-mail. We have no
technical influence on this. In such cases, it is the responsibility of the user to protect the data
provided by him against misuse by encryption or in any other way.
14 Rights of the data subject
If we process personal data as the data controller, you as the data subject have certain rights
under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the
legal basis and purpose of the processing, in particular the right of access (Article 15 GDPR),
the right to rectification (Article16 GDPR), the right to erasure (‘right to be forgotten’)
(Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data
portability (Article 20 GDPR), the right to object (Article 21 GDPR). If the processing of
personal data is based on your consent, you have the right to revoke this data protection
consent in accordance with Article 7 para. 3 GDPR.
If you wish to exercise your above rights, please contact us using the contact details given in
section 2.
Please note that we may require proof of identity and full details of your request before we
can process your request.
15 Right to lodge a complaint with the competent supervisory authorities
In the event of data protection violations on our part, you have a right of appeal to the
responsible supervisory authority.
• The supervisory authority responsible in data protection issues for the activities of the
KI group and our companies based in Cologne is The State Commissioner for
Data Protection and Freedom of Information in North Rhine-Westphalia (LDI
NRW), whose contact data can be found under the following
URL: https://www.ldi.nrw.de/metanavi_Kontakt/index.php.
• The supervisory authority responsible in data protection issues for the activities of KI
Professionals GmbH and KI mobility GmbH is The State Commissioner for Data
Protection and the Freedom of Information Baden-Württemberg (LfDI BW),
whose contact data can be found under the following URL: https://www.baden-
wuerttemberg.datenschutz.de/kontakt-aufnehmen/.
• The supervisory authority responsible in data protection issues for the activities of
KICHALLENGERS PORTUGAL, UNIPESSOAL LDA., KIBER – STRATEGY
SERVICES IBERIA, UNIPESSOAL LDA. and xgeeks Portugal LDA. is the
Comissão Nacional de Proteção de Dados (CNPD), whose contact data can be
found under the following URL: http://www.cnpd.pt.
• The supervisory authority responsible in data protection issues for the activities of KI
group suisse AG is the Federal Data Protection and Public Information
Commissioner (EDÖB), whose contact data can be found under the following URL:
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
16 Name and Address of the Data Protection Officer
Within our companies, everyone is responsible for privacy and data protection issues. In
addition, we have decided to appoint a data protection officer for each of our companies. To
ensure the independence of the data protection officer, we have appointed an external data
protection officer:
Mr Stephan Krämer, LL.-M. (Attorney at law, Germany)
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne
You can contact our data protection officer via his website at http://www.kinast.eu
17 Hyperlinks to other websites
Our websites contain so-called hyperlinks to websites of other providers. When these
hyperlinks are activated, you are redirected from our website directly to the websites of other
providers. Despite careful control we assume no liability for the content of external links. The
operators of the sites we link to are solely responsible for the content of linked pages and any
processing of personal data on these websites.