Privacy policy for the kanvie social network, kanvie products & related websites.
We are pleased that you are interested in the offer of Kanvie GbR. Kanvie, i.e. Kanvie GbR (Cleve, Sebastian - Waal, Alexander GbR), Speditionsstraße 15A , 40221 Düsseldorf, attaches great importance to protecting your personal data when collecting, processing and using it on the occasion of your use of our offer. We comply with the provisions of the EU General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG), the Telecommunications Telemedia Data Protection Act (TTDSG) and, where applicable, other applicable, in particular country-specific data protection provisions.
This statement informs you about the nature, scope and purpose of the collection, processing and use of personal data by us. In addition, we inform you within the scope of this data protection declaration about the rights to which you are entitled.
We have taken a variety of technical and organizational actions to protect your personal data processed via this website as completely as possible. Nevertheless, we would like to point out that absolute protection cannot be guaranteed due to Internet-based data transmissions and any associated security gaps. You therefore have the option of transmitting your personal data to us by other means (such as by telephone or post).
§ 1 Terminology
In the context of this privacy policy, we use the terms that are also used in the EU General Data Protection Regulation (GDPR). Among others, these are the following terms:
➢ personal data
“Personal data" is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
➢ Data subject
"Data subject" means any identified or identifiable natural person whose personal data are processed by the controller.
➢ Processing
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
➢ Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing.
➢ Profiling
"Profiling" means any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
➢ Pseudonymization
“Pseudonymization” means the processing of personal data in such a way that he personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
➢ File system
"File system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained on a centralized, decentralized, or functional or geographic basis.
➢ Controller
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
➢ Processor
A "processor" is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
➢ Recipient
"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
➢ Third party
"Third party" means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
➢ Consent
"Consent" means any freely given indication of the data subject's wishes in an informed and unambiguous manner for the specific case, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
§ 2 Name and address of the person responsible for processing the data
Responsible for the processing of data collected about kanvie; products of kanvie; websites linked to our offers; is:
Kanvie GbR (Cleve, Sebastian - Waal, Alexander GbR), Speditionsstraße 15A, 40221 Düsseldorf, Germany, Tel.: +49 211 43633853, E-Mail: privacy@kanvie.com, Website: www.kanvie.com/privacy-policy.
§ 3 Name and address of the data protection officer
The data protection officer of the controller is:
Sebastian Cleve,
Kanvie GbR, Speditionsstraße 15A, 40221 Düsseldorf, Germany,
E-Mail: privacy@kanvie.com
§ 4 Collection of general data and information
Through the use of our offer kanvie and products of kanvie by a data subject or an automated system, general information about the access is regularly stored in the log files of our server. This may relate to the browser types and versions used, the operating system used and, if applicable, the website from which the data subject or an automated system accessed our offer, as well as the subpages accessed in our offer, the volume of data transferred, status information (e.g. error codes, the time and date of access), the time and date of the access, the time and date of the access, and the time and date of the access. This data may include the date and time of access to our website, the IP address in anonymized (shortened) form, the Internet service provider of the accessing system and other data and information that we need to avert danger in the event of attacks on our IT systems.
We do not use this data to draw conclusions about the data subject. Rather, we need the data to transmit the content of our offer correctly, to optimize our offer, to ensure its functionality or to provide law enforcement authorities with necessary information in the event of a cyber attack.
We therefore evaluate this data exclusively for statistical purposes and also for the purpose of increasing data protection and data security in our company. This is to ensure that the personal data we process can be protected in the best possible way. We store personal data that you have provided to us and the aforementioned anonymous data that our server collects in the log files separately.
The collection of the aforementioned data is carried out in our legitimate interest to operate the website in accordance with Art. 6 Para. 1 lit. f) DSGVO. The data is deleted after six months.
Further personal data such as name, address, e-mail address or telephone number are collected on the occasion of your use of our offer, for example during registration. We always obtain your consent for this if it is necessary to process personal data and a basis for the processing does not already result from the law.
§ 5 Cookies
We use cookies in the kanvie network and in kanvie products. Cookies are text files that are placed and stored on a computer system via an Internet browser or app.
Very many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie, which consists of a string of characters that makes it possible to assign the Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the browser of the respective person from other Internet browsers, if these in turn contain other cookies. Through the unique cookie ID, it is possible to recognize and identify a particular Internet browser.
By using cookies, we can provide visitors to the website with more user-friendly services that would not otherwise be possible. By using cookies, we are able to optimize our own Internet pages in the interests of the user. It is thus possible to recognize returning users of the website. This makes it easier for users to use the website. For example, when cookies are used, the visitor does not have to re-enter access data each time he visits the website. This is then handled by the website and the cookie that was placed on the visitor's computer. In addition, by using a cookie, an online store can remember the items that a customer has placed in the virtual shopping cart.
We collect the personal data on the basis of our legitimate interest in operating the website in accordance with Art. 6 para. 1 lit. f) DSGVO. This data is automatically deleted after the session when you close your internet browser.
§ 6 Contact option via the app
Due to legal regulations, the app kanvie, as well as products of kanvie, contain information that enables a quick electronic contact to our company as well as an immediate communication with us. This also includes our e-mail address.
If you contact us by e-mail or via a contact form, your transmitted personal data will be stored automatically. This data, which is transmitted to us by you on a voluntary basis, is stored for the purpose of processing or contacting you as the person concerned. This also includes aspects of prospect management as well as marketing purposes. We do not pass this data on to third parties.
The data collection is carried out in accordance with Art. 6 para. 1 lit. b DSGVO on your request for the processing of the same.
§ 7 SSL encryption
We use SSL encryption to protect your transmitted data as best as possible. Data transmitted to us with SSL encryption enabled cannot be read by third parties. We recommend, especially confidential information, to send only with activated SSL encryption and to contact us in case of doubt.
§ 8 Routine deletion and blocking of personal data
We process and store personal data only for a period of time in which this is necessary to achieve the purpose of the storage or insofar as legal regulations exist that provide for such storage and to which we are bound.
If the purpose of the storage no longer applies or if a legally prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
§ 9 Rights of the data subject
Based on the provisions of the GDPR, you have the following rights as a data subject:
➢ Right to confirmation
As a data subject, you have the right to request confirmation from us as the controller as to whether personal data relating to you are being processed. If you wish to exercise this right of confirmation, you are free to contact the data protection officer mentioned in this data protection declaration or another employee of ours at any time.
➢ Right to information
As a data subject, you have the right to receive from us at any time, free of charge, information about the personal data stored about you and a copy of this information. Furthermore, you have the right to receive information about the following:
a) the purposes of processing
b) the categories of personal data that are processed
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
(e) the existence of a right to obtain the rectification or erasure of personal data concerning you, or the restriction of processing by the controller, or a right to object to such processing
(f) the existence of a right of appeal to a supervisory authority
g) if the personal data are not collected from you as the data subject: Any available information about the origin of the data
h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you as the data subject.
If personal data are transferred to a third country or to an international organization, you as a data subject have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
If you as a data subject wish to exercise this right to information, you can contact the data protection officer named in this privacy statement or another employee of ours at any time.
➢ Right to rectification
As the data subject, you have the right to demand that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you as the data subject have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
If you, as the data subject, wish to exercise this right of rectification, you may, at any time, contact the data protection officer specified in this data protection declaration or another employee of ours.
➢ Right to erasure ("right to be forgotten")
As a data subject, you have the right to request that we erase personal data concerning you without undue delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject revokes the consent on which the processing was based pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO and there is no other legal basis for the processing.
c) The data subject objects to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) DSGVO.
d) The personal data have been processed unlawfully.
e) The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f) The personal data has been collected in relation to information society services offered pursuant to Article 8 (1) DSGVO.
If one of these reasons applies, and you as the data subject wish to arrange for the deletion of your personal data stored by us, you may, at any time, contact the data protection officer specified in this data protection declaration or another employee of ours. The data protection officer named in this data privacy statement or another employee will arrange for the erasure request to be complied with immediately.
If we have made the personal data public and our company is obliged to erase the personal data pursuant to Article 17 (1) of the Data Protection Regulation, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers which process the published personal data that you, as the data subject, have requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary. Our data protection officer or another employee will arrange everything necessary in individual cases.
➢ Right to restriction of processing
As a data subject, you have the right to request us to restrict processing if one of the following conditions is met:
(a) the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
b) The processing is unlawful, you as the data subject object to the erasure of the personal data and request instead the restriction of the use of the personal data.
c) We no longer need the personal data for the purposes of processing, but you as a data subject need it to assert, exercise or defend legal claims.
d) You as a data subject have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of us override your grounds as a data subject.
If one of these conditions applies, and you as data subject wish to request the restriction of personal data stored by us, you may at any time contact our data protection officer or another employee of ours. Our data protection officer or another employee will arrange the restriction of the processing.
➢ Right to data portability
As a data subject, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you as a data subject have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals. If you, as a data subject, wish to exercise this right to data portability, you may, at any time, contact any data protection officer mentioned in this privacy statement or another employee of ours.
➢ Right of objection
As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO. This also applies to profiling based on these provisions.
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you as the data subject, or for the assertion, exercise or defense of legal claims.
If we process personal data for the purpose of direct marketing, you as the data subject shall have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If you, as the data subject, object to us processing your personal data for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you as the data subject have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.
If you, as a data subject, wish to exercise this right to object, you may, at any time, contact the data protection officer specified in this data protection declaration or another employee. You as a data subject are also free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
➢ Automated decisions in individual cases including profiling
As a data subject, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you, unless the decision is
(a) is not necessary for the conclusion or performance of a contract between you, as data subject, and us; or
(b) is permitted by Union or Member State law to which we are subject, and that law contains suitable measures to safeguard the rights and freedoms of, and the legitimate interests of, you as a data subject; or
(c) is made with the express consent of you as a data subject.
If the decision is necessary for entering into, or the performance of, a contract between you as a data subject and us, or if it is made with your explicit consent as a data subject, we will take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of you as a data subject, which shall include, at least, the right to obtain the involvement of a data subject of Kanvie GbR, to express your point of view and contest the decision.
If you want to exercise these rights as a data subject with regard to automated decision-making, you can contact the data protection officer specified in this data protection declaration or another employee of ours at any time.
➢ Right to revoke consent under data protection law
As a person affected by the processing of personal data, you have the right to withdraw your consent to the processing of personal data at any time.
If you, as a data subject, wish to exercise this right to withdraw consent, you may contact the data protection officer mentioned in this privacy statement or another employee of ours at any time.
§ 10 Legal basis of processing
According to Art. 6 (1) DSGVO, the processing of personal data by us is lawful if at least one of the following conditions is met:
(a) the data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes;
b) the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request (e.g. product inquiries);
(c) processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., tax obligations);
d) the processing is necessary to protect the vital interests of the data subject or another natural person (e.g. health insurance data of a visitor in case of an accident on our premises);
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
§ 11 Legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Art. 6 (1) lit. f DSGVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.
§ 12 Use of hCAPTCHA
In the kanvie app and in kanvie products, we use the program hCAPTCHA to protect us and you as best as possible from bots - computer programs that independently access our system again and again - and spams, i.e. from unsolicited information transmitted en masse by electronic means.
The operator of hCAPTCHA is:
Intuition Machines Inc, 350 Alabama St, San Francisco, CA 94110, USA.
hCAPTCHA collects personal data from users in order to determine whether actions in the kanvie app and in kanvie products actually originate from people. This analysis starts automatically as soon as you start using one of our apps. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Intuition Machines.
The hCaptcha analyses run entirely in the background.
Website visitors are not made aware that an analysis is taking place.
The applicable privacy policy of hCAPTCHA can be found at https://www.hcaptcha.com/privacy.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. Kanvie GbR has a legitimate interest in protecting its offers from abusive automated spying and from SPAM.
§ 13 Use of reCAPTCHA
On websites that we use for marketing purposes, such as www.kanvie.com, we also use the program reCAPTCHA to protect us and you as best as possible from bots - computer programs that repeatedly access our system on their own - and spam, i.e. from unsolicited information transmitted en masse by electronic means.
The operator of reCAPTCHA is:
Google Ireland Limited for users of Google services who have their habitual residence in the European Economic Area or Switzerland Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google LLC for users of Google services who have their habitual residence in the United Kingdom and the United States Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
reCAPTCHA collects personal data from users to determine whether the actions on the services & websites associated with Kanvie GbR really come from people. This analysis starts automatically as soon as you access the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place.
The applicable data protection provisions of reCAPTCHA can be found at https://policies.google.com/privacy.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. Kanvie GbR has a legitimate interest in protecting its offers from abusive automated spying and from SPAM.
§ 14 Duration for which the personal data are stored
We store personal data in each case for the period of the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.
§ 15 Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for you as the data subject to provide us with personal data that must subsequently be processed by us. For example, you as a data subject are obliged to provide us with personal data if our company concludes a contract with you. Failure to provide the personal data would mean that the contract could not be concluded with you as the data subject. Before providing personal data by you as the data subject, you must contact our data protection officer or one of our employees. He or she will inform you, as the data subject, on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
§ 16 Existence of automated decision making
As a responsible company, we do not use automatic decision-making or profiling.
Version from 31.10.2022