Data Protection and Privacy Policy

This information is for the attention of all visitors to our website, customers and partners and is of importance when we receive data relating to you. Whether or not you are a customer, and whether or not any agreement even exists between us, is irrelevant in this case. By providing you with this information, we aim to make the manner in which we handle your data transparent for you.

1. Data controller

The controller within the legal sense for all data-related issues is the company named in the “Legal notice” section of our website. You can contact one of the company representatives named there or our Data Protection Officer:

Rechtsanwalt Maximilian Conrad
Raabestr. 1
10405 Berlin
Germany

A Data Protection Officer is not bound to management’s instructions. You can also contact him/her by e-mail: dataprotection@koyobear.com.

2. Procedure and purpose of storage

Your computer sends us your IP address when you use our websites and, depending on the type of use and your computer’s settings, we may store small text files (“cookies”) on your hard drive. We create these files to improve the function of our website for you. It is a sort of short-term memory on your browser.

We also create text files on our system that may contain the following information about you: The type and version of your browser, the operating system used, the URL of the website from which you came to ours, the name of your computer and the time (“log files”). The log files cannot be directly linked to specific individuals. We do not combine this data with cookies or IP addresses. However, we reserve the right to evaluate this data retroactively in individual cases where we have specific indications that such data is being used unlawfully. The log files help us to understand on what types of computer our websites have to function properly and at what times our websites are visited more (or less) frequently. With the information provided by these files, we can adjust our website structure, servers and database systems accordingly.

If you set up a user account with us or enter into a contract with us as a customer (e.g. goods order, newsletter subscription), we create a customer account in our system. This includes the master data provided by you, your order details and, where necessary, your accounting details (“customer data”). We store and process this data, because we would otherwise not be able to perform the contract with you.

If you send us a job application, we will use all of the information provided on it to process your application. If your application is rejected, your data will be deleted six months after notification of this rejection, unless you have given us prior permission to contact you again. If you are employed by our company, your application documents, master data, accounting data and insurance data will be stored for the purpose of performing the employment relationship and forwarded to the partner companies listed below to the extent that such is necessary to safeguard the legitimate interests of the employer.

3. Forwarding the data to third parties

We do not process all of your data by ourselves, but use the programs and services of other companies (“tools”). We will change the tools we use from time to time, where it makes sense to do so for legal, technical or economic reasons.

We currently use the following tools for the management and provision of data (particularly customer data, IP addresses, cookies and log files):

GOOGLE ANALYTICS (RECORDS NUMBER OF VISITORS TO THE WEBSITE)

AMAZON WEB SERVICES (WEBSITE OPERATION, SERVER LOCATION)

MAILCHIMP (CONTACT DATA, EMAILS TO LARGE GROUPS)

WEBFLOW (CONTACT DATA, EMAILS TO LARGE GROUPS)

STRIPE (PAYMENT PROCESSING)

CLICKY (RECORDS NUMBER OF VISITORS TO THE WEBSITE)

If you do not consent to the use of these tools, we may no longer be able to perform contracts concluded between us, or may have to switch to solutions that are less convenient for you. We will only forward your data to providers or storage locations in countries outside the European Union to the extent that such is necessary to process orders and perform contracts.

Webflow

We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files including your IP addresses.

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the page, for the provision of certain website functions and for ensuring security (necessary cookies).

For details, please refer to Webflow's privacy policy: EU & Swiss Privacy Policy | Webflow 109.

The use of Webflow is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: EU & Swiss Privacy Policy | Webflow 109.

Order processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4. Deletion periods

We will retain your data until such time as the order has been completed or the statutory retention periods have expired. These are defined, in particular, in Section 27 HGB (German Commercial Code), where the retention periods for business documents are regulated.

5. Information

You have the statutory right to request information on the data stored by us at any time. In spite of our endeavors to ensure that data is correct and up-to-date, should we have stored incorrect data relating to you, we will correct said data as quickly as possible at your request. Where you have given your consent to data processing, you may withdraw it at any time with effect for the future.

6. Supervisory authority

If you feel that we have failed to meet our obligation to inform, you have the right to lodge a complaint with a supervisory authority (e.g. the Data Protection Officer of a German Federal State).

7. Voluntary provision of data

You are not obligated to provide us with your data. You may, therefore, refuse to have your IP address saved. In order to conclude and perform contracts between you and us, the processing of your data in the scope described above is, however, necessary. If you withdraw your consent to data processing, this shall render performance on our part impossible, although this shall not release you from your obligation to perform. (For this reason, you may not object to the storage of your customer data in the above-mentioned management systems until such time as the contractual relationship has ended).

8. Alternative purpose

If we intend to process your data further for a purpose other than that for which you made the data available to us, we shall provide you with specific information on this alternative purpose and the reason why we intend to use your data for it. You may withdraw your consent to further processing at any time.

9.Cookies