Privacy Policy

Privacy Policy

1. Introduction

In this Privacy Policy, we will inform you about the processing of your personal data and your data protection rights within the scope of your contact to Kubermatic. Your privacy is an important concern to us. We exercise great care in the protection of your personal data and their strictly confidential processing. Your personal data will be exclusively processed in compliance with the applicable provisions under data protection law, rules, and regulations.

We will not use your data for anything other than the stated purposes. Kubermatic is subject to the provisions of the European Union’s General Data Protection Regulation (GDPR), the German Federal Data Protection Act (FDPA), as well as further data protection provisions, and has implemented appropriate technical and organizational measures to ensure that the provisions of applicable data protection laws are observed.

2. Data Controller and Privacy Officer

Data controller for all processing activities in the context of your business relationship to Kubermatic, unless stated otherwise, is:

Kubermatic GmbH Willy-Brandt-Straße 23 20457 Hamburg

Email: info@kubermatic.com

Please do not hesitate to contact us if you have any questions or suggestions regarding data protection issues. Our data processing is audited and monitored regularly by our designated Data Protection Officer.

To contact our Data Protection Officer please write to privacy@kubermatic.com. Further contact details are offered on dsb-moers.de.

3. Processing Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”); an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific factors.

4. Purpose and Details of Data Processing Operations

Data processing on this Website

Each time a user visits a page on the Kubermatic website and each time a file is accessed, data about this event is stored in a log file. Depending on the type of access log used, the log file may contain the following information:

Usage profiles that link IP addresses with personal data are not created. Exceptions only apply if expressly stated in this Privacy Policy.

The data stored in these log files is used exclusively for the purposes of identifying and tracking unauthorized access attempts/accesses to the web server and for statistical analyses, such as the number of visitors and the popularity of a page. Such analyses are only carried out by authorized employees of Kubermatic.

Contact Forms

If you contact us via our contact form, your data from the form will be processed for your request. The legal basis for the data transfer to us is your consent according to Art. 6 (1) a GDPR. Personal data entered into forms on our website will be transmitted to Kubermatic via a secure connection in encrypted form. You can withdraw your consent at any time with effect for the future.

Newsletter

The purpose of sending the newsletter is to provide information about new products and services of our company. We send newsletters to our customers on the basis of our legitimate interests according to Art. 6 (1) f GDPR in conjunction with Rec. 47 sentence 7 GDPR or on the basis of consent according to Art. 6 (1) a GDPR if you subscribe to a newsletter. The data will not be passed on to third parties. In the case of a newsletter subscription, the so-called double opt-in procedure is used, the request for the newsletter must be actively confirmed by you once again by clicking on the link of the e-mail sent to you. You can unsubscribe at any time by clicking on the “unsubscribe” link.

Use of Cookies

This website uses storage technologies (“cookies” and/or your browser’s memory) to enable a record of your use of the website. The information generated by cookies about your usage patterns on this website is used to allow us to identify your web browser.

If a use of cookies takes place, which are not necessary for the operation of the website, we ask for your consent in advance; the legal basis for the data processing is Art. 6 (1) lit. a GDPR, § 25 (1) New German Telecommunications-Telemedia Data Protection Act (TTDSG).

If the use of storage technologies on your end device is necessary for the functionality of the website, we use this technology on the basis of our legitimate interests. The legal basis for data processing is then Art. 6 (1) f GDPR (legitimate interest) in conjunction with § 25 (2) No. 2 New German Telecommunications-Telemedia Data Protection Act (TTDSG). The cookies will be deleted after two years at the latest (OR: The cookies will be deleted after the end of the session). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The data collection is anonymised; the collected data cannot be related to your person.

Why do we use cookies?

Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identification code. When you visit a website or use a mobile application, a computer asks your computer or mobile device for permission to save this file on your computer or mobile device and gain access to information. Information collected through cookies and similar technologies may include the date and time of the visit and how you use a particular website or mobile application.

The cookies ensure that we can see how our website is used and how we can improve it. Furthermore, depending on your preferences our own cookies may be used to present you with targeted advertisements that match your personal interests.

What type of cookies do we use?

Necessary cookies

These cookies are necessary for the website to function properly. Some of the following actions can be performed by using these cookies.- Store articles in a shopping cart for online purchases- Save your cookie preferences for this website- Saving language preferences- Log in to our portal. We need to check whether you are logged in.

Performance cookies

These cookies are used to gather statistical information about the use of our website, also called analytics cookies. We use this data for performance and website optimization.

Functional cookies

These cookies enable more functionality for our website visitors. These cookies can be set by our external service providers or our own website. The following functionalities may or may not be activated when you accept this category.

Advertising / tracking cookies

These cookies are set by external advertising partners and are used for profiling and tracking data across multiple websites. If you accept these cookies, we may show our advertisements on other websites based on your user profile and preferences. These cookies also save data about how many visitors have seen or clicked on our advertisements in order to optimize advertising campaigns

How can you switch off or remove cookies?

You can choose to opt out of all but the necessary cookies. In the settings of the browser, you can change the settings to ensure that cookies will be blocked. Most browsers provide you with an explanation on how to do this in the so-called ‘help-function’. However, if you block the cookies, it is possible that you will not be able to enjoy all the technical features our website has to offer and it may negatively affect your user experience.

We have made it easy to manage your consents.

The services we use on our website

Amazon CloudFront

This website uses the Cloudfront Content Delivery Network (CDN). This is a service provided by Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN makes duplicates of a website’s data available on various Amazon Web Services (AWS) servers distributed around the world. This provides faster website load times, increased resiliency, and increased protection against data loss. Some of the images and videos embedded on this website are retrieved from Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our website (such as your IP address) is transmitted to Amazon’s servers in other EU countries and stored there. This happens as soon as you enter our website. The use of Amazon Web Services and the Amazon CDN Cloudfront is done in the interest of a higher reliability of the website, increased protection against data loss and a better loading speed of this website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f GDPR. You can find out more about the data protection measures of Amazon Web Services at: https://aws.amazon.com/de/data-protection/. The current privacy policy of Amazon Web Services can be found at: https://aws.amazon.com/de/privacy/.

DoubleClick

We use DoubleClick, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to activate ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. Data processing is based on your consent referring to Art. 6 (1) a GDPR.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The legal basis for this processing is your consent in accordance with Art. 6 (1) a GDPR.

Google Analytics also uses “cookies”, which are text files set on your device, to help the website analyse how users use the website. It cannot be excluded that the information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there. Data is only transferred to the USA if the requirements of Art. 44 et seq. GDPR are fulfilled. The transfer of personal data to Google Servers in the USA is based on the EU-U.S.-Data Privacy Framework. Via https://www.dataprivacyframework.gov/s/participant-search you may check the participation of Google LLC. in the EU-U.S.-Data Privacy Framework.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The user data will be deleted after 24 months.

You can revoke your consent at any time with effect for the future and prevent the use of data by Google by downloading and activating the available browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Find more information on data protection at Google at https://policies.google.com/privacy.

Google Tag Manager

We use the “Google Tag Manager” by Google Ireland Limited, Gordon House, Barrrow Street, Dublin 4, Ireland to control the Google Services. This is used to manage the Google services on our site, no processing of personal data is done by the Google Tag Manager.

Hotjar

This website uses the web analysis service Hotjar. Hotjar is a European company headquartered in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). We use Hotjar to analyse movement on our website, for example, mouse movements, scrolling, button clicks. So-called heat maps are produced as a result. Using these heat maps, we are able to optimise the website and improve the user experience. We can also get direct user feedback and improve customer orientation even further. Legal basis for the data processing are our legitimate interests relating to the optimisation of our website in accordance with Art. 6 (1) (f) GDPR. Data security is ensured by an order process agreement with Hotjar Ltd. The following data is collected through Hotjar:

You can turn off tracking by Hotjar by enabling the “Do Not Track” header in your browser. These settings can be made in all current browsers.

Please remember to make these settings on all the devices you use to visit our website. If you have already made these settings, your visit is not tracked by Hotjar. For more information about data protection at Hotjar, please read Hotjar’s privacy statement at https://www.hotjar.com/privacy.

Instructions for the “Do Not Track” settings can be found at https://www.hotjar.com/opt-out.

Hubspot

We use the web analytics services of Hubspot, 25 First Street, 2nd Floor Cambridge, MA 02141, USA, on our website based on your consent (Art. 6 (1) a GDPR). For this purpose, Hubspot collects and stores on our behalf certain usage data (e.g. which sites you navigate to, how long you spend on these sites, how often you return to our website) attributed to an anonymous identifier. This usage data is then used to generate non-personalized analyses of website usage for us.

Usage data may be processed by our cookie suppliers on servers in the United States of America. To ensure an adequate level of data protection, we entered into a Data Processing Agreement including EU-Standard Contractual Clauses with Hubspot. On top, Hubspot is listed to the Data Privacy Framework.

Data Processing in Webinars

If you have registered for one of our webinars, we will process your data for the purposes of your participation based on Art. 6 (1) b GDPR. Your personal data entered into the registration form will be transmitted to Kubermatic via a secure connection in encrypted form.

In order to invite you to take part in other relevant Webinars, we process your contact data based on Art. 6 (1) f GDPR. You may contact us at any time to inform us about your interest to unsubscribe from further webinars.

Data Processing on Social Media Platforms

Kubermatic may provide social media features that enable you to share information with your social networks and interact with Kubermatic on various social media websites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media websites with which you interact to make sure you understand the information that may be collected, used, and shared by those websites. Our websites may make chat rooms, forums, blogs, message boards, and/or news groups available to its users. Remember that your comments and posts become publicly available, and we urge you to exercise discretion when submitting such content. Our websites may contain links to other websites. Kubermatic does not control and is not responsible for the information collected by websites that can be reached through links from our websites. If you have questions about the data collection procedures of linked websites, please contact the organizations that operate those websites directly.

Facebook

With Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a Joint Control Agreement has been completed, which you have access to on

https://www.facebook.com/legal/terms/dataprocessing

https://www.facebook.com/legal/terms/page_controller_addendum

Meta Platforms Ireland Ltd. assumes the primary responsibility acc. to the European Data Protection Regulation (GDPR).

To learn more about the Facebook privacy statement, please visit https://www.facebook.com/privacy/explanation

The purpose of data processing on our fan page is to provide information on our products and services and simultaneously allowing users a targeted interaction with us. The data processing is legally based on Art. 6 (1) f GDPR. Our legitimate interest is in particular our economic interest, the exchange of information with our users and to communicate with them.

Data disclosure to authorities requires the existence of overriding statutory provisions.

If pictures are published; this is done via consent (legal basis: Art. 6 (1) a GDPR), on basis of a contractual agreement (legal basis: Art. 6 (1) b GDPR) and, in exceptional cases, on basis of legitimate interests. Legal basis: Art. 6 (1) f GDPR.

Use of Facebook-Insights

We operate online advertisement on Facebook and use Facebook Insights in order to evaluate the behavior of our target group resulting from interaction with our website. The precise target group advertising is a legitimate interest of our company. Facebook users are informed; the main responsibility for such data collection lies with Meta Platforms Ireland Ltd. Conflicting interests of users are not overriding (publication of individual target group optimized advertising). Our legal basis is Art. 6 (1) f GDPR.

Instagram

Instagram is a service provided by Meta Platforms Ireland Ltd. A Joint Controller Agreement (JCA) has been entered to with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland which you can access here:

https://www.facebook.com/legal/terms/dataprocessing

https://www.facebook.com/legal/terms/page_controller_addendum

Meta Platforms Ireland Ltd. assumes primary responsibility under the General Data Protection Regulation (GDPR).

To learn more about Instagram´s privacy policy, please visit: https://privacycenter.instagram.com/policy/

The purpose of data processing on our Instagram account is to provide information about our products and services in addition to enabling to interact directly with us. The legal basis for the data processing is Art. 6 (1) f GDPR. Our legitimate interest is, in particular, our commercial interest in sharing information with our users and being able to communicate with them.

Data will only be transferred to the authorities if overriding legal provisions apply.

If we publish images of individuals, this is done with consent (legal basis: Art. 6 (1) (a) GDPR), based on a written contractual agreement (legal basis: Art. 6 (1) (b) GDPR) and in exceptional cases based on legitimate interest (legal basis: Art. 6 (1) f GDPR) pursuant to Section 23 (1) No. 3 of the German law on copyright in works of art and photography).

Use of Instagram Insights

We place advertisements on Instagram and use Instagram Insights to evaluate the behaviour of our target group in the context of their interaction with our website. The targeting of advertising is a legitimate interest of our company (legal basis: Art. 6 (1) (f) GDPR). Instagram users are informed about this; the responsibility for such data collection lies primarily with Meta Platforms Ireland Ltd. Conflicting interests of users are not overriding (publication of individual target group optimised advertising).

LinkedIn

We use our LinkedIn presence to provide information about our company, products and services, combined with the opportunity for users to interact with us in a targeted manner. We are processing personal data basing on Art. 6 (1) f GDPR. Our legitimate interest is, in particular, our business interest in sharing information with our users and being able to communicate with them.

Before we publish pictures of persons, we ask for your consent (legal basis: Art. 6 (1) a GDPR), or we make a written contractual agreement with your (legal basis: Art. 6 (1) b GDPR). In exceptional cases we may publish pictures based on our legitimate interest for making information about our company available (legal basis: Art. 6 (1) f GDPR).

We entered into a data processing agreement with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: https://de.linkedin.com/legal/l/dpa.

It is not excluded that data may be processed by systems outside the European Economic Area. LinkedIn has committed itself to comply with the European General Data Protection Regulation. A data transfer to systems outside the EU only takes place if the requirements of Art. 44 ff. GDPR are observed. You can learn more by clicking https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en.

For information relating to LinkedIn’s privacy policy please check back at: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

Data disclosure to authorities requires the existence of overriding statutory provisions.

Use of Insight Data

We operate online advertisement on LinkedIn and use Insight Data provided by LinkedIn, in order to evaluate the behaviour of our target group resp. users in the context of interaction with our site. The precise target group advertising is a legitimate interest of our company. LinkedIn users are informed; the main responsibility for such data collection lies with LinkedIn. A Joint Controller Addendum (JCA) has been closed. Conflicting interests of users are not overriding (publication of individual target group optimized advertising). Our legal basis is Art. 6 (1) f GDPR in conjunction with the JCA. For information relating to LinkedIn’s Joint Controller Addendum please check back at: https://legal.linkedin.com/pages-joint-controller-addendum. In case you assert your rights against us, we will pass your concerns on to LinkedIn in accordance with the addendum.

X

X is a service provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.

If we process data with X, this is done based on the purpose and legal basis outlined below. There is no transfer of data to X, such as IP addresses, due to the embedding of tweets on homepages or similar.

However, we may retweet tweets from you, reply to tweets from you or write tweets that refer to you or your X account. In this respect, your public data on X may be made available to followers of our site.

The purpose of data processing on our X site is to provide information about products, services and news, combined with the possibility for users to interact with us in a targeted manner. The legal basis for the data processing is our legitimate interest (Art. 6 (1) f GDPR) on sharing information with our users and being able to communicate with them.

If we publish images of individuals, this is done via consent (legal basis: Art. 6 (1) a GDPR), based on a contractual agreement (legal basis: Art. 6 (1) b GDPR), and in exceptional cases based on legitimate interests (legal basis: Art. 6 (1) f. GDPR) to publish information about our services and events.

Data processed by X

We have no influence on the type and scope of the data processed by X Corp. or the transfer of the data to third parties. Furthermore, there are no control options for us.

It is not excluded that data from users is processed on systems outside the European Union. Retrieval of public tweets is possible worldwide.

In this context, we would like to point out that you use the services provided by X Corp. and all associated functions (e.g., sharing and rating content) takes place on your own responsibility. Information about the data processing carried out by X Corp. and the corresponding purposes pursued can be found in the data protection guidelines of X Corp. here: https://twitter.com/en/privacy

It is possible for you to restrict the processing of your data by X. For that purpose, you can open the general settings of your X account and change your privacy settings.

You can also change certain settings for your mobile devices (e.g., smartphones, tablets, etc.) so that X only has limited access to your contact data, location data, calendar data or photos. These setting options differ depending on the operating system used on your mobile device.

For more information and assistance, please refer to the following links: https://help.x.com/en/personalization-data-settings

To view the processed data, obtain information about their use and download the corresponding data as an archive, you can follow this link. https://help.x.com/en/managing-your-account/accessing-your-X-data

To contact X, you can follow this link: https://help.x.com/en/forms/privacy

YouTube

We use a YouTube channel of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5. The purpose of data processing on our YouTube channel is to provide information about products, services and news, combined with the possibility for users to interact with us in a targeted manner. The legal basis for the data processing is Art. 6 (1) f GDPR. Our legitimate interest is in particular our business interest to share information with the visitors of the YouTube channel and to be able to communicate with them.

The YouTube service is based on the following data processing agreement with Google Ireland Ltd.: https://www.youtube.com/t/terms_dataprocessing.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for the collection and further processing of personal user data on YouTube channels. Please note that YouTube collects and processes certain information about your visit to our YouTube channel even if you do not have a YouTube user account or are not logged in to YouTube. For us as the provider of this YouTube channel, only your public profile on YouTube is visible. The kind of information visible for us depends on your settings in your profile. For information about the processing of personal data by YouTube, please refer to YouTube’s privacy policy at https://policies.google.com/privacy?hl=de&gl=de.

If we publish images of individuals, this is done via consent (legal basis: Art. 6 (1) a GDPR), based on a contractual agreement (legal basis: Art. 6 (1) b GDPR) and in exceptional cases based on legitimate interests (legal basis: Art. 6 (1) f. GDPR.

YouTube Analytics

We also process your activities on our YouTube channel with the help of the statistics service YouTube Analytics. This process helps us to understand our video and channel performance and optimize our channel and our content. This process is consistent with the purpose of data processing described below. Anonymous statistics are created based on your activities. Among other things, we can gain insights into the interactions and activities of our subscribers, the views and the reach of our videos, information about which countries and cities our visitors come from, as well as statistics about the gender ratios, age structures, providers, and interests of our visitors. Neither conclusions about individual users nor access to individual user profiles by the administrator are possible.

Data Transfer to third countries

Due to the affiliation of the provider Google Ireland Limited to the Google group, which has its headquarters in the USA, a data transfer to Google LLC and thus to all states in which Google has data centers cannot be excluded. To ensure an adequate level of data protection, Google Ireland Limited bases such data transfers on the standard contractual clauses of the European Commission.

In this context, we would like to point out that you are using the service provided by Google Ireland Limited (YouTube) and all associated functions such as sharing and rating videos, participation in discussions on your own responsibility. Data that you have voluntarily provided on YouTube will be processed by Google (e.g. name and username, email address, telephone number) and may therefore also be transmitted to third countries. The transfer of personal data to the USA was judged by the ECJ to be fundamentally unsafe without further security measures, as it cannot be ruled out that US security authorities will gain access to this data.

It is possible for you to restrict the processing of your data by Google. To do this, you can open the general settings of your Google account and change your privacy settings. Information on how to individualize your privacy settings can be found here: https://policies.google.com/privacy?hl=de&gl=de#infochoices

You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that Google only has limited access to your contact data, location data, calendar data or photos, among other things. These setting options differ depending on the operating system used on your mobile device.

XING

We use our XING presence to provide information about our company, products and services, combined with the opportunity for users to interact with us in a targeted manner. We are processing personal data basing on Art. 6 (1) f GDPR. Our legitimate interest is, in particular, our business interest in sharing information with our users and being able to communicate with them.

Before we publish pictures of people, we ask for your consent (legal basis: Art. 6 (1) a GDPR), or we make a written contractual agreement with your (legal basis: Art. 6 (1) b GDPR). In exceptional cases, we may publish pictures based on our legitimate interest for making information about our company available (legal basis: Art. 6 (1) f GDPR).

We process personal data ourselves via our XING account, and at the same time data is processed by New Work SE. In the case of the comment function, the legal basis is consent in accordance with Art. 6 (1) GDPR.

Your data is stored for the duration of the processing of your request. Usually, the data is forwarded to the designated channels outside of XING. The data is checked regularly in XING by our social media team and deleted when the purpose expires.

When visiting our XING presence, XING collects personal data of the users by using cookies. This data collection by XING may also occur for visitors which are not logged in or registered to XING.

Details of, which data is processed by New Work SE, and for what purposes it is used, can be found in XING’s data privacy policy: https://privacy.xing.com/en/privacy-policy

Furthermore, you have the possibility to request information via the XING privacy form or the archive requests: www.XING.com/settings/privacy/data/disclosure

It is not excluded, however, that data from users will be processed on systems outside the European Union. XING is committed to comply with EU data protection standards. A data transfer to systems outside the EU only will take place if the requirements of Art. 44 et seqq. GDPR are complied with. You can find more about this at: https://privacy.xing.com/en/privacy-policy/who-may-receive-information-about-you/third-countries

We receive anonymous statistics on the usage and use of the website based on our contract with New Work SE as well as legitimate interest of New Work SE. Following information will be provided:

We use these statistics, from which we cannot identify individual users, to constantly improve our online offering on XING and to better respond to the interests of our users. We cannot link the statistical data with the profile data of our users. You can choose the form in which targeted advertising is displayed to you via your XING settings.

We receive personal data via XING if you communicate this to us actively via a personal message on XING (e.g., via a possible chat function). We use your data (e.g., first name, surname) to respond to your request in our customer service.

Furthermore, we also receive personal data via XING if you use a form with pre-filled fields with data from your profile to submit the data to us and send the data to us actively by clicking on a button.

In case you require to assert your rights towards XING, we shall pass your concern on to XING. For more information regarding your rights against XING to access and control your personal data, please visit: https://privacy.xing.com/en/privacy-policy/what-rights-can-you-assert

TikTok

TikTok is a service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380 Ireland (“TikTok Ireland”) and TikTok Information Technologies UK Limited (“TikTok UK”). Both parties have signed a joint control agreement.

The purpose of data processing on our TikTok-Account is to provide information about products, services, and news, combined with the possibility for users to interact with us in a targeted manner. The legal basis for the data processing is Art. 6 (1) f GDPR. Our legitimate interest is in particular our business interest to share information with the visitors of the TikTok-Account and to be able to communicate with them.

Before we publish pictures of people, we ask for your consent (legal basis: Art. 6 (1) a GDPR) or make a written contractual agreement with you (legal basis: Art. 6 (1) b GDPR). In exceptional cases, we may publish pictures based on our legitimate interest for making information about our company available (legal basis: Art. 6 (1) f GDPR) in conjunction with § 23 (1) Nr. 3 Kunsturhebergesetz).

Our TikTok site is not addressed to people under the age of 16. We ask that individuals under the age of 16 not provide any personal information to us. When we learn that we have collected personal information from anyone under 16, we will take steps to delete the information as soon as possible. If you find out that a user of our website is under the age of 16, please contact us via Alias. We will handle this information strictly confidential.

Use of TikTok for Business Insights

We use a business corporate account that allows us to create or place advertisements or sponsored content on websites operated by TikTok. This makes it possible for us to evaluate your interaction with our content on a statistical basis. The control of advertising for specific target groups is a legitimate interest of our company. The responsibility for data collection lies mainly with TikTok Technology Limited, (“TikTok Ireland”), and TikTok Information Technologies UK Limited (“TikTok UK”). Conflicting interests of users are not overriding (publication of individual target group optimized advertising). Our legal basis is Art. 6 (1) f GDPR.

When you visit our TikTok website and its content, TikTok collects, among other things, automatically collected data such as your IP address as well as other information that is available in the form of cookies on your PC. Furthermore, TikTok stores information about the end devices of its users (e.g. advertising ID). If you are logged in as a user, a cookie with your TikTok ID is stored on your terminal device. This allows TikTok to track when you visited this page and how you used it. In addition, TikTok processes data that you have provided voluntarily (e.g. name and username, email address, phone number, contacts, and direct messages).

You have the option to restrict the processing of your data by TikTok. For this purpose, you can open the general settings of your TikTok account and change the privacy settings.

You can check and adjust your privacy settings here:

https://support.tiktok.com/en/account-and-privacy/account-privacy-settings

To contact TikTok, you can use this link:

https://www.tiktok.com/legal/page/global/impressum/en

The data collected about you in this context will be processed by TikTok Technology Limited and TikTok Information Technologies UK Limited and transferred to countries outside the European Union. TikTok bases this on the EU standard contractual clauses.

Information about the data processing carried out by TikTok Technology Ltd. and the related purposes is available in the TikTok Technology Ltd. privacy policy. You can find this here:

https://www.tiktok.com/legal/page/eea/privacy-policy/en

In case of doubt, all companies in the TikTok Group have access to the stored data.

If your rights need to be asserted against TikTok Technology Limited and TikTok Information Technologies UK Limited, we will forward your request to the responsible person.

More information can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/en in “Your Rights and Choices”.

Your personal data will be deleted by us if the purpose has expired. We have no influence on the storage by TikTok. Your data will be stored for the duration of the processing in the context of your visit to our TikTok site. If there are legal requirements, the data will be stored until the end of these regulations and then deleted.

Data Processing in our Application Management

You can use our career portal to apply for jobs advertised there or to submit unsolicited applications. Data processing takes place exclusively for the purpose of initiating employment relationships on the basis of Art. 88 (1) GDPR in conjunction with § 26 FDPA.

Your data will be stored for the duration of the application process; if you enter into an employment relationship with us, your application data will be stored by us for the duration of your employment relationship. If, after completion of the application process, you are not accepted, we will retain your data on a legal basis for a further 6 months and then delete it; in the case of unsolicited applications or after your consent to store the data for a longer period for possible future employment, we will retain your data until you revoke it or for a maximum of two years.

Data Processing in our Relationship with Customers and Third Parties

We process personal data of you as prospective customer, customer, partner or third parties to establish, perform and terminate a contract pursuant to Art. 6 (1) b GDPR. Prior to a contract, your personal data can be processed to prepare bids or purchase orders or to fulfil other requests of the prospective customer relating to contract conclusion. In this regard, you will need to provide any personal data that we need for preparing and carrying out our business relationship with you. In the absence of this information, we will not be able to process your inquiry and/or to perform the contract. As prospective customers you can be contacted during the contract preparation process using the information that you have provided.

We also process personal data for advertising purposes, if this is consistent with the contractual purpose pursuant Art. 6 (1) f GDPR. If your personal data is collected only for advertising purposes, you can choose whether to provide this data. You shall be informed that providing data for this purpose is voluntary. As part of the communication process, Kubermatic will ask for your consent. When giving consent, you will be given a choice among available forms of contact, such as e-mail and phone to withdraw your consent. If you object to the use of your data for advertising purposes, we will no longer use it for these purposes and will restrict or block from use for these purposes.

Next to advertising purposes, the legitimate interests, which coincide with the particular purpose, include but are not limited to: Ensure the technical operation, responding to inquiries that are not related to the contract, ensure data security, ensure data availability, and rectification of errors and faults. In the event we need to disclose data for these purposes, we will expressly notify you of this circumstance. In the absence of this information, we may not be able to process your inquiry.

We will also process your personal data for the purpose of compliance with statutory requirements that apply to us pursuant to Art. 6 (1) c GDPR. These requirements may exist under the trade, tax, money laundering, financial, or criminal code. The processing purposes are determined by the applicable statutory duty; generally, data processing will only serve the purpose of compliance with monitoring and disclosure duties under national law.

Recipients of Personal Data

We engage third party companies or individuals as service providers or business partners to support our business. These third parties are our processors and may, for example, provide and help us with computing and storage services. From time to time, we may remove or engage new processors. Kubermatic will ensure that processors are bound by written agreements that require them to provide an appropriate level of protection. Our service providers have been contractually obligated to maintain confidentiality and protect data in the event that access to personal data cannot be excluded. Data disclosure to legal authorities requires the existence of overriding statutory provisions. Data will only be transferred to third countries in compliance with the rights of the data subject and only if sufficient guarantees are effective pursuant to Art. 44 et seqq. GDPR, especially under the provisions of the EU Standard Contractual Clauses.

Deletion and Storage of Data

We will delete your personal data if it is no longer required for the purposes we pursue and if no other statutory provisions apply.

Third Party Information

We may use third-party sites and third-party platforms as well as publicly available information to collect and add some information to the information provided by you in order to give you relevant communication (for marketing purposes). Examples of collected information are additional work-related profile information.

5. Data Security

Your personal data are protected from unauthorized access and unlawful processing or transfer, as well as from accidental loss, alteration or destruction. Before the introduction of new methods of data processing, particularly new IT systems, Kubermatic undertakes technical and organizational measures to protect your personal data. These measures are based on the state of the art, the risks of processing and the need to protect the data. The technical and organizational measures relevant to data protection are documented by Kubermatic and reviewed by the Data Protection Officer. Our security measures will be continuously improved based on the state of the art.

6. Rights of Data Subjects

If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you are entitled to the following claims against the “controller”:

Right of access

You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. If we did process your personal data, you are entitled to further rights to access set forth in Art. 15 GDPR.

Right to rectification

If data that we collected on you is inaccurate or incomplete, you may claim the rectification without undue delay pursuant to Art. 16 GDPR.

Right to restriction of processing

Subject to Art. 18 GDPR, you may also have the right to claim the restriction of processing of personal data concerning you. Where processing has been restricted, your personal data shall only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction is lifted.

Right to erasure

If one or more of the grounds listed in Art. 17 (1) GDPR apply, you may claim the erasure of personal data concerning you without undue delay, unless there is an exception pursuant to Art. 17 (3) GDPR.

Right to notification

If you have asserted the right to rectification, erasure of personal data, or restriction of processing, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom personal data has been disclosed, unless this proves impossible or involves disproportionate effort. In addition, you have the right to be informed about who these recipients are. You may exercise your right to be informed of those recipients against the controller.

Right to data portability

Furthermore, pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you in machine readable format and to transmit this data to another controller without hindrance, provided, however, that the conditions enumerated in Art. 20 (1) a GDPR exist, or to demand to have the personal data transmitted directly from us another controller, where technically feasible and if this does not adversely affect the rights and freedoms of others. This right shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object at any time to the processing of personal data concerning you by written notice to Kubermatic which is based on Art. 6 (1) f GDPR. We shall not longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the assertion, exercise or defense of legal claims.

Right to withdraw the consent under data protection law, rules, and regulations

You may withdraw your data protection consent at any time by notifying Kubermatic. The withdrawal of consent shall not affect the lawfulness of processing based on this consent before its withdrawal.

Right to lodge complaints with the supervisory authority

If you have any objections or complaints with the way in which we process your personal data, you have the right to lodge a complaint with the relevant data protection supervisory authority, where the applicable laws provide for such remedy.

How to contact us or to exercise your rights

If you should have any questions on the processing of your personal data, your rights as a data subject, or any consent that may have been granted, you may contact us free of charge. If you wish to exercise any or all of your rights, please email us at privacy@kubermatic.com or write a letter to the address set forth in section 1 above.

7. Provision obligation

Without providing correct data, the conclusion of a contract may not be possible. The result may be that services cannot be provided or cannot be provided in time.

8. Changes to Privacy Policy

Since Kubermatic may change and complement data processing processes, it may become necessary to amend this Privacy Policy in individual cases. Kubermatic provides the effective Version of this Privacy Policy at any time on https://www.kubermatic.com/privacy/. Status: 23.11.2023