KitesurfOK

Privacy Policy (Datenschutzerklärung)

Privacy at a Glance

This policy explains what personal data we collect when you visit KitesurfOK, how we use it, and your rights. Personal data is any information identifying you. The person responsible (Controller) is listed below. We collect data you provide (e.g., if you contact us) and technical data automatically (e.g., IP address). We use data to run the site, analyze usage (with consent where required), and ensure security. You have rights like access, correction, deletion, objection, and lodging a complaint. Full details follow below.

This Privacy Policy describes how KitesurfOK ("we", "us", or "our") collects, uses, processes, and shares your personal data when you use our website and services (collectively, the "Service"). We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and German data protection laws (e.g., TTDSG).

We point out that data transmission over the Internet (e.g., communication by e-mail) can have security gaps. Complete protection of data from access by third parties is not possible.

1. Hosting

This website is hosted by an external service provider (Hoster). Personal data collected on this website (e.g., IP addresses, contact requests if applicable, metadata, communication data, website access logs) are stored on the Hoster's servers. Our Hoster is:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

We use the Hoster in the interest of secure, fast, and efficient provision of our online services by a professional provider (Legal basis: Art. 6(1)(f) GDPR - Legitimate Interest). We have concluded a Data Processing Agreement (DPA) with Hetzner Online GmbH according to Art. 28 GDPR.

2. What Personal Data We Collect and How

We collect personal data in the following ways:

  • Information You Provide Directly: If you contact us (e.g., via email), you provide us with personal data such as your name, email address, and the content of your message. If you use features like applying for jobs (if enabled) or creating an account (if enabled), additional professional or account information may be collected as described during that process.
  • Information Collected Automatically: When you access our Service, our IT systems automatically collect technical data. This includes:
    • Log Data (e.g., IP address, browser type/version, operating system, referring URL, pages visited, date/time, status codes)
    • Device Information (e.g., device type)
    • Usage Data (e.g., interaction with content, search terms used on site) collected via analytics tools (see Section 5).
    This collection happens automatically when you enter the website. IP addresses are typically stored by the hoster in an anonymized or pseudonymized form after a short period unless needed for security analysis.
  • Information from Third Parties: We generally do not collect personal data *about you* from third parties. The job listing data displayed originates from public company websites.

3. Purpose and Lawful Basis for Processing

We process your personal data for the following purposes based on the specified lawful bases under GDPR Article 6:

  • To Provide, Maintain, and Secure the Service: Processing technical data (logs, IP addresses) necessary to deliver the website content correctly, ensure stability, and protect against misuse or attacks.
    Lawful Basis: Legitimate interests (Art. 6(1)(f) GDPR) in the technically flawless presentation and security of our website.
  • To Handle Your Inquiries: Processing data you provide when contacting us (e.g., via email).
    Lawful Basis: Processing necessary to take steps prior to entering into a contract (Art. 6(1)(b) GDPR) if related to our services; Legitimate interests (Art. 6(1)(f) GDPR) in effectively processing inquiries otherwise; or Consent (Art. 6(1)(a) GDPR) if requested.
  • To Improve and Analyze the Service: Using aggregated usage data and analytics insights (e.g., from PostHog) to understand user behavior, improve features, and enhance user experience.
    Lawful Basis: Consent (Art. 6(1)(a) GDPR) for the use of non-essential analytics cookies/technologies, obtained via our consent mechanism; Legitimate interests (Art. 6(1)(f) GDPR) may apply to processing strictly necessary aggregated data for basic service optimization where privacy impact is minimal and consent is not legally required (subject to legal assessment).
  • To Comply with Legal Obligations: Processing data as required by applicable laws, regulations, or legal processes.
    Lawful Basis: Legal obligation (Art. 6(1)(c) GDPR).

4. Cookies and Similar Technologies

Our website uses "Cookies". Cookies are small text files stored on your device that do not cause harm. They are either stored temporarily for the duration of a session (Session Cookies) or permanently (Permanent Cookies).

  • Essential Cookies (Notwendige Cookies): Technically necessary for website functions (e.g., navigation, security). Processed based on Art. 6(1)(f) GDPR (Legitimate Interest in technically error-free service provision) and § 25 Abs. 2 TTDSG.
  • Analytics Cookies (Analyse-Cookies): Help us understand user interaction (e.g., which pages are popular). We use PostHog (EU hosted) for this. These are used ONLY based on your explicit Consent (Art. 6(1)(a) GDPR and § 25 Abs. 1 TTDSG) obtained via our cookie banner.

We also utilize Google Search Console data provided by Google to monitor search performance. This does not involve cookies placed by us.

You can configure your browser to inform you about cookie settings, allow cookies only case-by-case, exclude acceptance for specific cases or generally, and activate automatic deletion upon closing the browser. Deactivating cookies may limit website functionality. You can manage your consent for non-essential cookies via our consent tool at any time.

5. Data Sharing and Recipients

We do not sell your personal data. We may share your personal data with the following categories of recipients only when necessary:

  • Employers: ONLY when you explicitly apply for a job through our Service (if applicable), we share your application materials (CV, contact info, etc.) with that specific employer.
  • Service Providers: Third-party vendors who perform services on our behalf. These providers are contractually obligated (via Data Processing Agreements - DPA - where required by Art. 28 GDPR) to protect your data and use it only for the purposes we specify. Key service providers include:
    • Our website hosting provider: Hetzner Online GmbH (Gunzenhausen, Germany).
    • Our analytics provider: PostHog Inc. (utilizing their EU Cloud instance hosted in Frankfurt, Germany).
  • Legal Authorities: If required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of KitesurfOK, our users, or others.
  • Business Transfers: In connection with a potential merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction, subject to confidentiality agreements.

6. International Data Transfers

Our primary operations and the hosting service providers named above are located within the European Union (EU) / European Economic Area (EEA). Data processed by them generally remains within the EU/EEA.

If we were to engage service providers located outside the EU/EEA in the future, we would ensure that appropriate safeguards are in place to protect your personal data according to GDPR requirements (e.g., Standard Contractual Clauses, adequacy decision).

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Service, complying with legal obligations (e.g., tax, accounting), resolving disputes, and enforcing our agreements.

Log data collected by our hoster is typically stored for a limited period (e.g., 7 days) for security analysis and then deleted or anonymized. Data from contact inquiries remains with us until you request deletion, revoke consent (if applicable), or the purpose for storage ceases (e.g., after inquiry resolution), unless mandatory legal provisions—especially statutory retention periods (e.g., 6-10 years for business records in Germany)—dictate otherwise.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This site uses SSL/TLS encryption for security and to protect the transmission of any confidential content. You can recognize an encrypted connection by the "https://" in the address bar and the lock symbol in your browser line. However, please note that no method of transmission over the internet or electronic storage is 100% secure.

9. Your Data Protection Rights (GDPR)

You have the following rights regarding your personal data under applicable law:

  • Right of Access (Art. 15 GDPR)
  • Right to Rectification (Art. 16 GDPR)
  • Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR)
  • Right to Restriction of Processing (Art. 18 GDPR): You have this right if: you contest the accuracy of the data (for the duration of verification); the processing is unlawful, but you oppose erasure; we no longer need the data, but you need it for legal claims; or you have objected to processing (Art. 21) pending verification of whose interests prevail.
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you can revoke consent already given at any time (informal email suffices). The legality of data processing carried out until the revocation remains unaffected.

Right to Object (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR (LEGITIMATE INTERESTS), YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21(1) GDPR).

10. How to Exercise Your Rights

To exercise these rights, or for questions about your personal data, contact us using the details in Section 1. Exercising your rights is generally free of charge. We may need to verify your identity before processing certain requests.

11. Right to Lodge a Complaint

In case of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. Contact details for German authorities can be found via the BfDI website: BfDI Anschriften und Links.

12. Objection to Unsolicited Advertising

The use of contact information published in the context of the Impressum obligation or this Privacy Policy for sending advertising and information materials not expressly requested is hereby prohibited. We expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us via the controller details provided in Section 1.

Last Updated: October 26, 2023

Return to Home