Privacy Statement
We, the operators of the websites www.k15t.com, help.k15t.com, migration.k15t.com, https://k15t-labs.scrollhelp.site/ (collectively referred to as “the websites”) are the controllers of the personal data of the users ("you") of these websites within the meaning of the applicable data protection law, specifically the General Data Protection Regulation ("GDPR").
Below, we will provide information in accordance with Art. 13 et seqq. GDPR about the data processed when you visit our websites, including the relevant legal basis. You will also receive information about your rights and the responsible regulatory authorities.
Information About the Controller
K15t GmbH
Ostendstr. 110
70188 Stuttgart
Phone: +49 711 935935 30
Fax: +49 711 935935 39
Email:
hello@k15t.com
Data Protection Officer
DDSK GmbH
Dr.-Klein-Str. 29
88069 Tettnang
Our data protection officer can be contacted via datenschutzbeauftragter@k15t.com.
Processing Your Personal Data
Informational Use of Our Websites
When you visit our websites, so-called log files are processed by our system.
The following log files are processed:
IP address of the requesting computer
Date and time of visit
Time zone difference to Greenwich Mean Time (GMT)
HTTP method
Accessed pages
Access status/HTTP status code
Amount of data transmitted in the response
Referrer
Type of Internet browser used
Version of Internet browser used
Operating system and version
Operating system user interface
User's Internet service provider
The log files contain your IP address and possibly other personal data. In principle, it is therefore possible to match them to you. However, we store this data only temporarily and do not combine it with other personal data.
We use this data solely to secure our information technology systems - specifically, for analysis in the event of security incidents. The log files are deleted no later than 90 days after collection.
These purposes also justify our legitimate interest to process the data according to Art. 6(1)(f) GDPR.
Hosting by Amazon Web Services (AWS)
We host our website with Amazon Web Services (AWS), Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter referred to as “AWS”). When you visit our website, your personal data (e.g. IP addresses in log files) is processed on AWS servers.
AWS is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the reliable presentation, availability, and security of our websites. AWS is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, that is intended to ensure compliance with European data protection standards for data processing in the US.
We have concluded a data processing agreement (DPA) with AWS in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that AWS processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
You can find more information on AWS data protection provisions at:
https://aws.amazon.com/de/privacy/?nc1=f_pr
Contact Forms
You may contact us electronically using our contact form, for example to provide feedback, ask questions, or submit a request. If you use this option, the data entered into the form will be transmitted to us.
In addition to the data you voluntarily provide, we store the time (date and time) of submission and your IP address. This processing serves our legitimate interest (Art. 6(1)(f) GDPR) in securing our systems and preventing misuse. These additional data will be deleted after 3 months.
However, if you have signed up for our newsletter, your data will be stored until you withdraw your consent.
If your contact aims to conclude a contract, Art. 6(1)(b) GDPR serves as the legal basis.
Your data will be stored until it is no longer required to fulfill the purpose of the communication and your request has been fully resolved.
Contact by E-mail
You can contact us by e-mail (preferably at hello@k15t.com). We will store your personal data transmitted in the e-mail. The legal basis for processing your personal data is Art. 6(1)(f) GDPR. This data will not be passed on to third parties and will be processed solely for the purpose of handling your contact request.
If your email is intended to initiate or conclude a contract with us, Art. 6(1)(b) GDPR serves as an additional legal basis. In such cases, the data will be stored for as long as necessary to perform the contract. Otherwise, we will retain your data only as needed to comply with contractual or legal obligations (e.g., tax obligations), in accordance with Art. 6(1)(c) GDPR.
You may withdraw your consent to the processing of your personal data at any time by sending an e-mail to hello@k15t.com. In that case, all personal data from the conversation will be deleted, and the conversation cannot be continued.
Newsletter
On our websites, we offer the opportunity to subscribe to our newsletter free of charge. In addition to your consent, we also need your e-mail address for this purpose.
As part of your newsletter registration, we also store the date and time of registration, as well as your IP address. The processing of such data corresponds to our legitimate interest pursuant to Art. 6(1)(f) GDPR, to guarantee the security of our systems and to prevent misuse.
We obtain your explicit consent to process your data for this purpose and refer you to this Privacy Statement during the registration process. The legal basis for sending the newsletter is Art. 6(1)(a) GDPR.
ActiveCampaign
We use ActiveCampaign, a service provided by ActiveCampaign, Inc., 1 N Dearborn, 5th Floor, Chicago, Illinois 60602, USA (hereinafter: “ActiveCampaign”), to manage and send our newsletters.
Our newsletters include tracking pixels (1-pixel images). If you open our newsletter and allow images to load, we can detect that the newsletter has been opened. If image loading is disabled by default, we cannot determine whether the newsletter was opened. We also track which links in the newsletter are clicked.
We use this information to improve the content of our newsletter. Our goal is to provide content that is engaging and aligned with the interests of our subscribers. This constitutes our legitimate interest. The legal basis for newsletter tracking is therefore Art. 6(1)(f) GDPR.
For more information on data protection, see ActiveCampaign's privacy policy: https://www.activecampaign.com/privacy-policy/.
Your data will be stored only as long as necessary to fulfill the purpose. Your e-mail address will be stored for the duration of your active newsletter subscription, provided you have given your consent. The additional registration data will be deleted after 6 months.
We will send you the newsletter only after you confirm your subscription by clicking the appropriate link in a confirmation e-mail. This ensures that only you can subscribe using your e-mail address (double opt-in). Your confirmation must be received promptly after the confirmation e-mail is sent; otherwise, your subscription will be automatically deleted from our database.
Unsubscribing from the Newsletter
You may unsubscribe from our newsletters at any time by clicking the “Unsubscribe” link found in the footer of each newsletter. By doing so, you revoke your consent and object to any further use of your data for newsletter distribution.
To customize the topics and types of communication you receive, open any e-mail from K15t, scroll to the footer, and click on "Email Preferences". This will direct you to our ActiveCampaign preference center, where you can customize your communication preferences.
If you do not want to receive the newsletter, but nevertheless want to stay informed, you may refer directly to our blog or subscribe to the blog contents via RSS.
Cookies and Local Storage
Please note: You can make sure that cookies are not stored at all on your computer, or that only the storage of certain cookies is permitted. You can select this in your internet browser settings. There you can also view and delete any stored cookies.
If you block all cookies, you may not be able to use all the features of our websites.
We use cookies on our websites. Cookies are text files that our web server sends to your browser while you are visiting our websites. Your browser will store them on your computer for later retrieval. This means cookies can be used to identify your internet browser when you revisit the websites. Session cookies are deleted when the browser is closed. Persistent cookies are stored on the hard drive until their default expiration date is reached or until you actively remove them.
In addition to cookies, we use the Local Storage method to store data locally in the browser’s cache. This data is stored persistently in your browser but you can remove all Local Storage data by deleting your browser cache.
Legal Basis for the Use of Cookies
The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR.
For all other cookies, you have given your consent to this via our opt-in CMP in accordance with Art. 6(1)(a) GDPR.
Usercentrics Consent Management Platform (CMP)
This website uses Usercentrics' consent technology to obtain your consent for storing certain cookies on your device or for using certain technologies, and to document this consent in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: http://usercentrics.com/de/ (hereinafter "Usercentrics").
When you visit our website, the following personal data is transmitted to Usercentrics:
Opt-in and opt-out data
Referrer URL
User agent
User settings
Consent ID
Time of consent
Consent type
Template version
Banner language
IP address
Geographic location
Additionally, Usercentrics stores a cookie in your browser to be able to assign the given consents or their withdrawal. The data collected in this way is stored until you request us to delete it, you delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.
The use of Usercentrics is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.
Own Cookies
We use our own cookies to ensure the functionality of our websites. Some elements of our website require that your internet browser is recognized after a page change.
The overview shows you for which purposes your data is collected and how long they will be stored for:
Name |
Function |
Storage period |
Rendered anonymous |
---|---|---|---|
announcementBannerclosed |
Functional cookie to display and hide the announcement banner on our websites. |
Until the cookies are actively deleted. |
Yes |
The legal basis for processing personal data in cookies, which we place on our websites to ensure their functionality and our offer, is Art. 6(1)(f) GDPR.
Option to Object and Remove
As mentioned earlier, you can restrict or disable cookies at any time by adjusting your browser settings. You can also delete previously stored cookies directly in your browser. Please note that restricting or deactivating cookies may limit the functionality of our websites.
Third Party Cookies
We use "third party" cookies / Local Storage on our websites. This means that when you visit our websites, data is transferred from your web browser to the third party's web server and stored there.
In our Help Center ( help.k15t.com), Jira Service Management automatically stores functional information as Local Storage.
Matomo
We use Matomo, a service by InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand (hereinafter: Matomo) is implemented on our websites. The processing of data with Matomo is based on legitimate interests in analyzing user behavior to optimize our websites and offerings. The legal basis is Art. 6(1)(f) GDPR. The data is hosted by Matomo on servers located in Germany.
If heatmaps are activated, Matomo sets a cookie to record interactions such as clicks, mouse movements, and scrolling. This also serves our legitimate interest in improving usability and user experience.
Matomo's Privacy Statement is available at: https://matomo.org/matomo-cloud-privacy-policy/ .
Job Applications
Our website provides information about vacancies in our team and you can send us your application by e-mail. We will process your data to handle your application, which means that your application will be viewed by the employees responsible for pre-selection.
We use Personio, a service by Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 München, Germany (hereinafter: "Personio") to handle the application process.
You can find further information on data protection at Personio here: https://www.personio.com/privacy-policy/
Other than that, your data will not be shared with third parties and will not be used for any other purpose.
We will retain your application data only as long as necessary. If your application is rejected, your data will be stored for a maximum of six months, unless you have given explicit consent for a longer retention period in case future opportunities arise. After this period, your application data will be anonymized in our system.
We may conduct all or part of the application process using Google Meet. If you do not agree to the use of Google Meet, this will not negatively impact your application. For information on how Google processes personal data, please refer to Google Ireland Limited’s privacy policy: https://policies.google.com/privacy
The legal basis for processing your data is Sec. 26 BDSG (German Federal Data Protection Act) in conjunction with Art. 88 GDPR.
Other Third-Party Content Included on Our Websites
Hyvor Talk
We use Hyvor Talk, a service provided by HYVOR EURL, 10 Rue de Penthièvre, 75008 Paris, France (hereinafter: Hyvor Talk), which is implemented on our websites to enable user comments.
The processing of personal data by Hyvor Talk is based on the user’s consent. We use this service to provide visitors with a secure and privacy-friendly commenting platform. The legal basis for data processing is Art. 6(1)(a) GDPR.
Hyvor Talk stores comment data and, where applicable, IP addresses on secure servers. This data is used exclusively for service operation, moderation, and spam prevention - not for advertising purposes.
Please note that through the comment section, third party content (e.g., Gravatar or other web embeds) may be loaded. This can result in additional cookies or tracking technologies being set by these third parties. We have no control over these third party services and recommend reviewing their respective privacy policies for more information.
For more information, please refer to their privacy policy: https://talk.hyvor.com/privacy
YouTube
We incorporate videos from Youtube of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "YouTube") for an attractive design of our website in an engaging and informative way, which constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
We use YouTube’s extended privacy mode, which ensures that information about you is transmitted to YouTube only after you activate the video by clicking the play button.
Once you activate the video, YouTube may set additional cookies (e.g., for Google APIs, Google Fonts, or Google Play) and collect information for analytics and usability enhancement. According to YouTube, this data is processed in a pseudonymized manner. However, if you are logged into your Google or YouTube account, the data may be directly linked to your account.
For more information on data protection and storage duration, please refer to Google’s privacy policy:
https://policies.google.com/privacy?hl=de&gl=de
Jira Service Management
On our support website ( help.k15t.com), we use the service provider Atlassian. Pty Ltd Level 6, 341 George Street, Sydney NSW 2000, Australia and their tool Jira Service Management (hereinafter: "Jira Service Management"), which you can use to submit support requests directly to us.
To do so, we request the following information via the support form:
E-mail address
Topic and description
Any further information is voluntary. By submitting this form, you agree to us processing your data. The legal basis for this is Art. 6(1)(a) GDPR.
Your data will be stored until you request its deletion (e.g., your support request or your complete profile), or until we no longer use Jira Service Management as a service provider - unless legal obligations require longer retention in accordance with Art. 6(1)(c) GDPR. According to Atlassian, data will be completely deleted 40 days after the erasure request.
The use of Jira Service Management and the information collected through it is subject to Atlassian’s terms of use: https://www.atlassian.com/legal/cloud-terms-of-service .
Jira Service Management also provides additional privacy information at: https://www.atlassian.com/legal/privacy-policy
Jira Service Management automatically stores information as Local Storage. To remove the information stored as Local Storage, please delete your browser cache.
Calendly
We use the online appointment calendar "Calendly", provided by Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA, to simplify the booking of appointments.
If you click on the corresponding booking button, you will be automatically redirected to our Calendly appointment page. After selecting a time slot, confirming the appointment, and entering your contact details and any additional notes, you will receive an appointment confirmation email from Calendly.
The data you enter in the Calendly form will be stored by us for the purpose of handling your appointment and any follow-up communications. Your data will be retained until:
You request its deletion,
You withdraw your consent, or
The purpose for storage no longer applies (e.g., the appointment has taken place).
Mandatory statutory retention periods remain unaffected.
Calendly also inevitably gains access to your data. We have concluded a Data Processing Agreement (DPA) with Calendly in accordance with Art. 28 GDPR.
Calendly transmits personal data from log files (e.g., IP addresses) to the USA, as certain servers are located exclusively there. The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR, which you provide before entering your appointment.
You can find detailed information about Calendly’s privacy practices here:
https://calendly.com/privacy
Alternatively, appointments can also be made by email at: help@k15t.com
Marketing
We use several services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. These include:
Google Ads (incl. Conversion Linker & DoubleClick)
Google AdSense
Google APIs
Google Analytics
Google Tag Manager
Google Fonts
Google Syndication
Google AJAX
Google reCAPTCHA
Resources loaded via gstatic (e.g. fonts, scripts, security checks)
These services may use cookies or similar technologies to collect data about your interaction with our website. The collected data is used for purposes such as analytics, advertising, spam prevention, and loading external resources (e.g. fonts or scripts).
This personal data may be stored by Google on servers in the United States. Google may also share this data with third parties where required or permitted by law, or where such third parties process the data on Google's behalf. These processing operations are carried out only if you have given your explicit consent in accordance with Art. 6(1)(a) GDPR.
Some of these services may result in the transfer of personal data to servers in the United States. Google LLC is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.
For more information on how Google handles personal data, please refer to their privacy policy:
https://policies.google.com/privacy
For more comprehensive information regarding the third-party services in use and your consent preferences, please refer to our Consent Management Platform, accessible via the cookie settings.
Our Activities on Social Networks
For communication with you on social networks and to inform you about our services, we maintain our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR.
We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
As a precaution, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing on social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers, without our ability to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to your own social network member profile.
The described processing operations of personal data are carried out in accordance with Art. 6(1)(f) GDPR, on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.
As we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:
Facebook and Instagram
Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, acts as the (joint) controller for data processing in Europe (including Germany).
For more information on how your data is processed, please refer to the respective privacy policies:
Facebook: https://www.facebook.com/about/privacy
Instagram: https://instagram.com/legal/privacy/
(Joint) controller for data processing in Europe: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy:
https://www.linkedin.com/legal/privacy-policy
X (Twitter)
(Joint) controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy:
https://twitter.com/de/privacy
Information about your data:
https://twitter.com/settings/your_twitter_data
YouTube
(Joint) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy:
https://policies.google.com/privacy
Your Rights
When we process your data, you are a "data subject" within the meaning of the GDPR. You have the following rights: Right of access, right to rectification, right to restriction of processing, right to erasure, right to be informed and right to data portability. You furthermore have a right to object and a right to withdraw.
Below, you will find details on the individual rights:
Right of Access
You have the right to ask us to confirm whether we process your personal data.
If we process your personal data, you have the right to access the following information:
the processing purposes;
the categories of personal data being processed;
the recipients or categories of recipients to whom your personal data have been or will be disclosed, more specifically recipients in third countries or international organisations;
if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining this duration;
the existence of a right to have your personal data rectified or erased or to restrict or object to such processing by us;
the existence of a right to lodge a complaint with a regulatory authority;
if the personal data was not collected directly from you, all available information about the origin of the data;
the existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved as well as on the scope and intended effects of such processing for you.
If we transfer your data to an international organisation or to a third country, you furthermore have the right to request information on whether suitable guarantees pursuant to Art. 46 GDPR are in place in connection with such transfer.
Right to Rectification
You have the right to rectification and/or completion of the data we have stored about you if such data is inaccurate or incomplete. We will rectify or complete the data without undue delay.
Right to Restriction of Processing
Under certain conditions, you have the right to request us to restrict the processing of your personal data. To do so, at least one of the following conditions must be fulfilled:
You contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
You have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether our legitimate grounds override yours.
Right to Erasure
You have the right to obtain from us the erasure of your personal data without undue delay if we are obliged to do so. This is the case where one of the following grounds applies:
Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw consent on which the processing was based according to Art. 6(1)(a) GDPR, or Art. 9(2) GDPR, and where there is no other legal ground for the processing.
You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
Your personal data has been unlawfully processed.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
Your personal has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
Where we have made your personal data public and are obliged pursuant to the above requirements to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers which are processing the personal data, that you have requested us to erase any links to, or copy or replication of, those personal data.
However, your right to erasure will not apply to the extent that processing is necessary for the following reasons (exceptions):
For exercising the right of freedom of expression and information
For compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
For the establishment, exercise or defence of legal claims.
Notification Obligation
If you have exercised your right of rectification, erasure or restriction against us, we are obliged to notify all recipients whom we have disclosed your personal data, of the rectification, erasure or restriction of the processing of your data, unless this proves impossible or involves a disproportionate effort.
Right to Data Portability
You have the right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format. You furthermore have the right to transmit those data to another controller, where:
the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and
the processing is carried out by automated means.
You have the right to have your personal data transmitted directly by us to another controller, where technically feasible and if it does not adversely affect the rights and freedoms of others.
This right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Right to Object
You have the right to object, on grounds relating to your specific situation, at any time to processing of your personal data, which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
In case of an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves the purposes of establishing, exercising or defending legal claims.
Where we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC (Directive on privacy and electronic communications), you may exercise your right to object by automated means using technical specifications.
Right to Withdraw
Pursuant to Art. 7(3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint with a Regulatory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes your rights under the GDPR.
For an overview of the respective data protection officers of the federal states as well as their contact details go to: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Version and Amendments to this Privacy Statement
Status: