Privacy Policy

1. Definitions

This privacy policy is based on the terms of the General Data Protection Regulation (GDPR). The following terms are used:

• Personal data: Information relating to an identified or identifiable natural person, including name, identification number, location data, or online identifiers.
• Data subject: Any natural person whose personal data is being processed.
• Processing: Any operation performed on personal data, whether or not by automated means.
• Restriction of processing: The marking of stored personal data to limit their future processing.
• Profiling: Automated processing of personal data to evaluate personal aspects such as work performance, health, or behavior.
• Pseudonymisation: Processing in such a manner that the personal data can no longer be attributed to a specific person without the use of additional information.
• Controller: The natural or legal person who determines the purposes and means of the processing of personal data.
• Processor: A natural or legal person who processes personal data on behalf of the controller.
• Recipient: A natural or legal person to whom personal data is disclosed.
• Third party: Any entity other than the data subject, controller, and processor.
• Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes.

2. Name and Address of the Controller

kolula solutions UG (haftungsbeschränkt)
c/o SchneiderGolling & Cie. AG
Niederkasseler Lohweg 18
D-40547 Düsseldorf

HRB 16133 FL
Managing Director: Melanie Bockemühl
E-Mail: hello@kolula.com

3. Cookies

kolula uses cookies — text files that are stored on computer systems via internet browsers. Cookies contain cookie IDs, which are unique identifiers that allow internet browsers to be distinguished.

Through cookies, kolula provides more user-friendly services. The company can recognize users, provide personalized content, and save user settings.

The data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting in the internet browser used. Already set cookies can be deleted. However, disabling cookies may limit the full use of some features.

4. Collection of General Data and Information

Each page access collects general data in server log files:

• Browser types and versions used
• Operating system
• Referring page
• Sub-pages accessed
• Date and time of access
• Internet protocol address (IP address)
• Internet service provider

When using this general data and information, kolula does not draw any conclusions about the data subject. This information is used for correct content delivery, content optimization, ensuring system functionality, and providing information to law enforcement authorities in the event of cyber attacks.

5. Contact via the Website

kolula provides contact information to enable quick electronic communication. When a person contacts us by email or contact form, the personal data transmitted by the data subject is automatically stored.

Such voluntarily submitted data is stored for processing or contacting purposes. This personal data is not shared with third parties.

6. Routine Deletion and Blocking of Personal Data

kolula processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose.

When the storage purpose ceases to apply or a legally prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with legal provisions.

7. Rights of the Data Subject

a) Right to confirmation

Every data subject may request confirmation from kolula as to whether personal data is being processed.

b) Right to access

Data subjects have the right to free information about their stored personal data and a copy of this information. This includes information about processing purposes, categories of processed data, recipients, planned storage duration, rights to correction/deletion/restriction, right to lodge a complaint with supervisory authorities, and origin information.

c) Right to rectification

Individuals may request the immediate rectification of inaccurate personal data and the completion of incomplete data.

d) Right to erasure (Right to be forgotten)

A person may request the deletion of their data when the data is no longer necessary for its original purposes, consent has been withdrawn, an objection has been lodged, the data has been unlawfully processed, or deletion is required to fulfil a legal obligation.

e) Right to restriction of processing

A person may request a restriction of processing when the accuracy of data is contested, processing is unlawful, data is no longer needed but required for legal claims, or an objection to processing has been lodged.

f) Right to data portability

Data subjects have the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

g) Right to object

Individuals may object to processing at any time for reasons arising from their particular situation. kolula will no longer process the personal data in the event of an objection, unless compelling legitimate grounds can be demonstrated.

Individuals may object to processing for direct marketing purposes at any time.

h) Automated individual decision-making including profiling

Every person has the right not to be subject to a decision based solely on automated processing — including profiling.

i) Right to withdraw consent

Every data subject has the right to withdraw consent to the processing of personal data at any time.

8. Legal Basis for Processing

• Art. 6 I lit. a GDPR: Processing with consent
• Art. 6 I lit. b GDPR: Processing for contract fulfilment or pre-contractual measures
• Art. 6 I lit. c GDPR: Fulfilment of legal obligations
• Art. 6 I lit. d GDPR: Protection of vital interests
• Art. 6 I lit. f GDPR: Legitimate interests of the company

9. Legitimate Interests in Processing

Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and our shareholders.

10. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the period has expired, the corresponding data is routinely deleted, provided it is no longer required for contract fulfilment or contract initiation.

11. Legal or Contractual Requirements for Provision of Personal Data

The provision of personal data may be required by law (e.g. tax regulations) or may result from contractual arrangements. Failure to provide personal data would mean that the contract with the data subject could not be concluded.

12. Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling.