Privacy Policy
1. Introduction
In this Privacy Policy, we will inform you about the processing of your personal data and your data protection rights within the scope of your contact to Kubermatic. Your privacy is an important concern to us. We exercise great care in the protection of your personal data and their strictly confidential processing. Your personal data will be exclusively processed in compliance with the applicable provisions under data protection law, rules, and regulations.
We will not use your data for anything other than the stated purposes. Kubermatic is subject to the provisions of the European Union’s General Data Protection Regulation (GDPR), the German Federal Data Protection Act (FDPA), as well as further data protection provisions, and has implemented appropriate technical and organizational measures to ensure that the provisions of applicable data protection laws are observed.
2. Data Controller and Privacy Officer
Data controller for all processing activities in the context of your business relationship to Kubermatic, unless stated otherwise, is:
Kubermatic GmbH Willy-Brandt-Straße 23 20457 Hamburg
Email: info@kubermatic.com
Please do not hesitate to contact us if you have any questions or suggestions regarding data protection issues. Our data processing is audited and monitored regularly by our designated Data Protection Officer.
To contact our Data Protection Officer please write to privacy@kubermatic.com. Further contact details are offered on dsb-moers.de.
3. Processing Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”); an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific factors.
4. Purpose and Details of Data Processing Operations
Data processing on this Website
Each time a user visits a page on the Kubermatic website and each time a file is accessed, data about this event is stored in a log file. Depending on the type of access log used, the log file may contain the following information:
- The IP address of the device that requested the information
- The name of the requested file
- The date and time of the request
- The requesting device’s desired method of access/functions
- The web server’s access status
- The URL from which the file was requested
- The device’s operating system and browser type or browser settings
Usage profiles that link IP addresses with personal data are not created. Exceptions only apply if expressly stated in this Privacy Policy.
The data stored in these log files is used exclusively for the purposes of identifying and tracking unauthorized access attempts/accesses to the web server and for statistical analyses, such as the number of visitors and the popularity of a page. Such analyses are only carried out by authorized employees of Kubermatic.
Contact Forms
If you contact us via our contact form, your data from the form will be processed for your request. The legal basis for the data transfer to us is your consent according to Art. 6 (1) a GDPR. Personal data entered into forms on our website will be transmitted to Kubermatic via a secure connection in encrypted form. You can withdraw your consent at any time with effect for the future.
Newsletter
The purpose of sending the newsletter is to provide information about new products and services of our company. We send newsletters to our customers on the basis of our legitimate interests according to Art. 6 (1) f GDPR in conjunction with Rec. 47 sentence 7 GDPR or on the basis of consent according to Art. 6 (1) a GDPR. The data will not be passed on to third parties. In the case of a newsletter subscription, the so-called double opt-in procedure is used, the request for the newsletter must be actively confirmed by you once again by clicking on the link of the e-mail sent to you. You can unsubscribe at any time by clicking on the “unsubscribe” link.
Use of Cookies
We use cookies when you visit our website. Cookies are small text files placed on your device by our web application that allow us to identify your web browser. Most browsers are set so that they automatically accept cookies. You have the ability to deactivate cookies, however, or set your browser so that it informs you about the use of cookies.
The data stored in cookies is not used to identify you personally.
Persistent cookies are stored on your device for one month and ensure that you can use our website as smoothly as possible, even after your current visit. We use them for the purpose of displaying personalized content to you.
If you do not wish to allow persistent cookies to be saved on your device, you can deactivate them in your browser. Please refer to your browser’s help section to learn how to deactivate these cookies. Deactivating these cookies has no impact on your ability to use our site.
Session cookies are only stored on your system until you end your current browser session. They are used to ensure that you can use the features of our website without limitation during your current visit to our site. This data is anonymized so that you are not personally identifiable.
If you do not wish to allow session cookies to be saved on your device, you can deactivate them in your browser. Please refer to your browser’s help section to learn how to deactivate these cookies.
If you deactivate session cookies, we cannot guarantee that you will be able to use all of our website’s features without limitation.
Why do we use cookies?
Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identification code. When you visit a website or use a mobile application, a computer asks your computer or mobile device for permission to save this file on your computer or mobile device and gain access to information. Information collected through cookies and similar technologies may include the date and time of the visit and how you use a particular website or mobile application.
The cookies ensure that we can see how our website is used and how we can improve it. Furthermore, depending on your preferences our own cookies may be used to present you with targeted advertisements that match your personal interests.
What type of cookies do we use?
Necessary cookies
These cookies are necessary for the website to function properly. Some of the following actions can be performed by using these cookies.- Store articles in a shopping cart for online purchases- Save your cookie preferences for this website- Saving language preferences- Log in to our portal. We need to check whether you are logged in.
Performance cookies
These cookies are used to gather statistical information about the use of our website, also called analytics cookies. We use this data for performance and website optimization.
Functional cookies
These cookies enable more functionality for our website visitors. These cookies can be set by our external service providers or our own website. The following functionalities may or may not be activated when you accept this category.
- Live chat services
- Watch online videos
- Social media sharing buttons
- Login to our website with social media
Advertising / tracking cookies
These cookies are set by external advertising partners and are used for profiling and tracking data across multiple websites. If you accept these cookies, we may show our advertisements on other websites based on your user profile and preferences. These cookies also save data about how many visitors have seen or clicked on our advertisements in order to optimize advertising campaigns
How can you switch off or remove cookies?
You can choose to opt out of all but the necessary cookies. In the settings of the browser, you can change the settings to ensure that cookies will be blocked. Most browsers provide you with an explanation on how to do this in the so-called ‘help-function’. However, if you block the cookies, it is possible that you will not be able to enjoy all the technical features our website has to offer and it may negatively affect your user experience.
We have made it easy to manage your consents.
The cookies we use on our website
Amazon CloudFront
This website uses the Cloudfront Content Delivery Network (CDN). This is a service provided by Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN makes duplicates of a website’s data available on various Amazon Web Services (AWS) servers distributed around the world. This provides faster website load times, increased resiliency, and increased protection against data loss. Some of the images and videos embedded on this website are retrieved from Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our website (such as your IP address) is transmitted to Amazon’s servers in other EU countries and stored there. This happens as soon as you enter our website. The use of Amazon Web Services and the Amazon CDN Cloudfront is done in the interest of a higher reliability of the website, increased protection against data loss and a better loading speed of this website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f GDPR. You can find out more about the data protection measures of Amazon Web Services at: https://aws.amazon.com/de/data-protection/. The current privacy policy of Amazon Web Services can be found at: https://aws.amazon.com/de/privacy/.
DoubleClick
We use DoubleClick, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to activate ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. Data processing is based on your consent referring to Art. 6 (1) a GDPR.
Google Analytics
We use Google Analytics, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on our website. The information generated by the cookie pertaining to your use of this website is usually transmitted to and stored on a server operated by Google located within the United States. If IP anonymization is enabled on this website, Google will, however, shorten your IP address within member states of the European Union or other states party to the Agreement on the European Economic Area before transferring it to the United States. Your complete IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. Google then uses this data on behalf of this website’s owner to analyze your use of the website, create reports that show and explain user activity on this website, and to provide additional services associated with the use of the website and internet use to the website owner. The IP address transmitted from your browser to Google Analytics is not combined with any other data from Google.
To prevent processing by Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on is compatible with all major browsers and can be downloaded and installed via the Google Analytics Opt-Out page: https://tools.google.com/dlpage/gaoptout
The Google Analytics Terms of Service can be found here: http://www.google.com/analytics/terms/us.html
Further information about privacy at Google and additional terms can be found here: https://policies.google.com/.
Google Fonts
We use fonts provided by Google for the visually appealing display of our website (Google Fonts, provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland). The font is provided by Google for the display in your browser. Legal basis is our legitimate interest for the visually appealing display of our website acc. to Art. 6 (1) f GDPR.
Further information on data protection at Google can be found at https://policies.google.com/privacy.
A data transfer to the USA shall only be carried out if the requirements of Articles 44 et seqq. GDPR are fulfilled.
Google Tag Manager
We use the “Google Tag Manager” by Google Ireland Limited, Gordon House, Barrrow Street, Dublin 4, Ireland to control the Google Services. This is used to manage the Google services on our site, no processing of personal data is done by the Google Tag Manager.
Hotjar
This website uses the web analysis service Hotjar. Hotjar is a European company headquartered in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). We use Hotjar to analyse movement on our website, for example, mouse movements, scrolling, button clicks. So-called heat maps are produced as a result. Using these heat maps, we are able to optimise the website and improve the user experience. We can also get direct user feedback and improve customer orientation even further. Legal basis for the data processing are our legitimate interests relating to the optimisation of our website in accordance with Art. 6 (1) (f) GDPR. Data security is ensured by an order process agreement with Hotjar Ltd. The following data is collected through Hotjar:
- Mouse tracks,
- Button clicks,
- Screen scrolling,
- Anonymised IP address,
- Size of the visitor’s screen,
- Type of device (Smartphone, Computer) and browser used,
- Visitor’s country,
- Language settings configured.
You can turn off tracking by Hotjar by enabling the “Do Not Track” header in your browser. These settings can be made in all current browsers.
Please remember to make these settings on all the devices you use to visit our website. If you have already made these settings, your visit is not tracked by Hotjar. For more information about data protection at Hotjar, please read Hotjar’s privacy statement at https://www.hotjar.com/privacy.
Instructions for the “Do Not Track” settings can be found at https://www.hotjar.com/opt-out.
Hubspot
We use the web analytics services of Hubspot, 25 First Street, 2nd Floor Cambridge, MA 02141, USA, on our website. For this purpose, Hubspot collects and stores on our behalf certain usage data (e.g. which sites you navigate to, how long you spend on these sites, how often you return to our website) attributed to an anonymous identifier. This usage data is then used to generate non-personalized analyses of website usage for us.
Processing of usage data is based on Art. 6 (1) f GDPR. It serves our legitimate business interests to optimize our web presence and improve its reach, usability and content and thereby ultimately promote our business.
Usage data may be processed by our cookie suppliers on servers in the United States of America. To ensure an adequate level of data protection, we entered into a Data Processing Agreement including EU-Standard Contractual Clauses with Hubspot.
LinkedIn Insights Tag
We use LinkedIn Insights Tag on our website, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The purpose of its use is to analyze the success of our advertising on LinkedIn. Through the LinkedIn Insight Tag, data about visitors to the website is collected: URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. Members' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days. For us, the processing is not attributable to your person (IP masking). During use, a transmission of data to the LinkedIn Corporation in the USA is not excluded. A data transfer to the USA only takes place if the requirements of Art. 44 ff. GDPR are fulfilled.
The legal basis for the use is your consent according to Art. 6 (1) a GDPR. You can change your consent at any time with effect for the future via the settings of our consent tool or object to the processing via this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, if you have a LinkedIn profile, you can set the data collection centrally for all websites with LinkedIn technology for your profile in the Linkedin settings: https://www.linkedin.com/psettings/enhanced-advertising.
Information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy.
YouTube
We use YouTube, a service of Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, for video embedding. Legal basis for the embedding is Art. 6 (1) a GDPR. The content of YouTube is not downloaded until you have given your approval. The YouTube videos are integrated in the YouTube code with deactivated tracking functions. For more information, please visit the detailed privacy policy of Google at: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. A data transfer to the USA shall only be carried out if the requirements of Art. 44 et seqq. GDPR are fulfilled.
Data Processing in Webinars
If you have registered for one of our webinars, we will process your data for the purposes of your participation in the webinar based on your consent pursuant to Art. 6 (1) a GDPR. Your personal data entered into the registration form will be transmitted to Kubermatic via a secure connection in encrypted form.
In order to invite you to take part in other relevant Webinars, we process your contact data based on Art. 6 (1) f GDPR. You may contact us at any time to inform us about your interest to unsubscribe from further webinars.
Data Processing on Social Media Platforms
Kubermatic may provide social media features that enable you to share information with your social networks and interact with Kubermatic on various social media websites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media websites with which you interact to make sure you understand the information that may be collected, used, and shared by those websites. Our websites may make chat rooms, forums, blogs, message boards, and/or news groups available to its users. Remember that your comments and posts become publicly available, and we urge you to exercise discretion when submitting such content. Our websites may contain links to other websites. Kubermatic does not control and is not responsible for the information collected by websites that can be reached through links from our websites. If you have questions about the data collection procedures of linked websites, please contact the organizations that operate those websites directly.
Facebook: Social Network; Service Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Partent Company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.about.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy/policy.
LinkedIn: Social Network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter: Social Network; Service Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (Personalization) https://twitter.com/personalization.
YouTube: Social Network; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Opt-Out: https://adssettings.google.com/authenticated.
Xing: Social Network; Service Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
Data Processing in our Application Management
You can use our career portal to apply for jobs advertised there or to submit unsolicited applications. Data processing takes place exclusively for the purpose of initiating employment relationships on the basis of Art. 88 (1) GDPR in conjunction with § 26 FDPA.
Your data will be stored for the duration of the application process; if you enter into an employment relationship with us, your application data will be stored by us for the duration of your employment relationship. If, after completion of the application process, you are not accepted, we will retain your data on a legal basis for a further 6 months and then delete it; in the case of unsolicited applications or after your consent to store the data for a longer period for possible future employment, we will retain your data until you revoke it or for a maximum of two years.
Data Processing in our Relationship with Customers and Third Parties
We process personal data of you as prospective customer, customer, partner or third parties to establish, perform and terminate a contract pursuant to Art. 6 (1) b GDPR. Prior to a contract, your personal data can be processed to prepare bids or purchase orders or to fulfil other requests of the prospective customer relating to contract conclusion. In this regard, you will need to provide any personal data that we need for preparing and carrying out our business relationship with you. In the absence of this information, we will not be able to process your inquiry and/or to perform the contract. As prospective customers you can be contacted during the contract preparation process using the information that you have provided.
We also process personal data for advertising purposes, if this is consistent with the contractual purpose pursuant Art. 6 (1) f GDPR. If your personal data is collected only for advertising purposes, you can choose whether to provide this data. You shall be informed that providing data for this purpose is voluntary. As part of the communication process, Kubermatic will ask for your consent. When giving consent, you will be given a choice among available forms of contact, such as e-mail and phone to withdraw your consent. If you object to the use of your data for advertising purposes, we will no longer use it for these purposes and will restrict or block from use for these purposes.
Next to advertising purposes, the legitimate interests, which coincide with the particular purpose, include but are not limited to: Ensure the technical operation, responding to inquiries that are not related to the contract, ensure data security, ensure data availability, and rectification of errors and faults. In the event we need to disclose data for these purposes, we will expressly notify you of this circumstance. In the absence of this information, we may not be able to process your inquiry.
We will also process your personal data for the purpose of compliance with statutory requirements that apply to us pursuant to Art. 6 (1) c GDPR. These requirements may exist under the trade, tax, money laundering, financial, or criminal code. The processing purposes are determined by the applicable statutory duty; generally, data processing will only serve the purpose of compliance with monitoring and disclosure duties under national law.
Recipients of Personal Data
We engage third party companies or individuals as service providers or business partners to support our business. These third parties are our processors and may, for example, provide and help us with computing and storage services. From time to time, we may remove or engage new processors. Kubermatic will ensure that processors are bound by written agreements that require them to provide an appropriate level of protection. Our service providers have been contractually obligated to maintain confidentiality and protect data in the event that access to personal data cannot be excluded. Data disclosure to legal authorities requires the existence of overriding statutory provisions. Data will only be transferred to third countries in compliance with the rights of the data subject and only if sufficient guarantees are effective pursuant to Art. 44 et seqq. GDPR, especially under the provisions of the EU Standard Contractual Clauses.
Deletion and Storage of Data
We will delete your personal data if it is no longer required for the purposes we pursue and if no other statutory provisions apply.
Third Party Information
We may use third-party sites and third-party platforms as well as publicly available information to collect and add some information to the information provided by you in order to give you relevant communication (for marketing purposes). Examples of collected information are additional work-related profile information.
5. Data Security
Your personal data are protected from unauthorized access and unlawful processing or transfer, as well as from accidental loss, alteration or destruction. Before the introduction of new methods of data processing, particularly new IT systems, Kubermatic undertakes technical and organizational measures to protect your personal data. These measures are based on the state of the art, the risks of processing and the need to protect the data. The technical and organizational measures relevant to data protection are documented by Kubermatic and reviewed by the Data Protection Officer. Our security measures will be continuously improved based on the state of the art.
6. Rights of Data Subjects
If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you are entitled to the following claims against the “controller”:
Right of access
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. If we did process your personal data, you are entitled to further rights to access set forth in Art. 15 GDPR.
Right to rectification
If data that we collected on you is inaccurate or incomplete, you may claim the rectification without undue delay pursuant to Art. 16 GDPR.
Right to restriction of processing
Subject to Art. 18 GDPR, you may also have the right to claim the restriction of processing of personal data concerning you. Where processing has been restricted, your personal data shall only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction is lifted.
Right to erasure
If one or more of the grounds listed in Art. 17 (1) GDPR apply, you may claim the erasure of personal data concerning you without undue delay, unless there is an exception pursuant to Art. 17 (3) GDPR.
Right to notification
If you have asserted the right to rectification, erasure of personal data, or restriction of processing, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom personal data has been disclosed, unless this proves impossible or involves disproportionate effort. In addition, you have the right to be informed about who these recipients are. You may exercise your right to be informed of those recipients against the controller.
Right to data portability
Furthermore, pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you in machine readable format and to transmit this data to another controller without hindrance, provided, however, that the conditions enumerated in Art. 20 (1) a GDPR exist, or to demand to have the personal data transmitted directly from us another controller, where technically feasible and if this does not adversely affect the rights and freedoms of others. This right shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object at any time to the processing of personal data concerning you by written notice to Kubermatic which is based on Art. 6 (1) f GDPR. We shall not longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the assertion, exercise or defense of legal claims.
Right to withdraw the consent under data protection law, rules, and regulations
You may withdraw your data protection consent at any time by notifying Kubermatic. The withdrawal of consent shall not affect the lawfulness of processing based on this consent before its withdrawal.
Right to lodge complaints with the supervisory authority
If you have any objections or complaints with the way in which we process your personal data, you have the right to lodge a complaint with the relevant data protection supervisory authority, where the applicable laws provide for such remedy.
How to contact us or to exercise your rights
If you should have any questions on the processing of your personal data, your rights as a data subject, or any consent that may have been granted, you may contact us free of charge. If you wish to exercise any or all of your rights, please email us at privacy@kubermatic.com or write a letter to the address set forth in section 1 above.
7. Provision obligation
Without providing correct data, the conclusion of a contract may not be possible. The result may be that services cannot be provided or cannot be provided in time.
8. Changes to Privacy Policy
Since Kubermatic may change and complement data processing processes, it may become necessary to amend this Privacy Policy in individual cases. Kubermatic provides the effective Version of this Privacy Policy at any time on https://www.kubermatic.com/privacy/. Status: 22.06.2021