Privacy Policy

General Notes

This privacy policy contains detailed information about what happens to your personal data when you visit our website www.kadalian.com. Personal data is any data with which you can personally identify yourself. We strictly adhere to the legal provisions when processing your data, in particular the General Data Protection Regulation („GDPR"), and attach great importance to ensuring that your visit to our website is absolutely secure.

Responsible Entity

Responsible under data protection law for the collection and processing of personal data on this website is:

Kadalian GmbH
Böhmerwaldstr. 22
85630 Grasbrunn
Germany

Email: [email protected]
Phone: +49 178 6323693

Collected Data

We collect and process the following data of visitors to our website and users of our product:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (Referrer-URL)
  • Used browser and, if applicable, the operating system of your computer as well as the name of your access provider

We collect and process the following additional data of subscribers to our product and service:

  • Full name
  • Address
  • Email address
  • Payment information

Purpose of Data Processing

The collected data is processed for the following purposes:

  • Provision of the online service
  • Payment processing
  • Improvement of our offer
  • Communication with users

Legal Basis for Processing

The data processing is based on Article 6(1)(b) GDPR for the fulfillment of the contractual relationship and Article 6(1)(f) GDPR due to our legitimate interest in improving our offer.

Cookies

To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your terminal device. Cookies cannot execute programs or transfer viruses to your computer system. Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g., cookies for analyzing your surfing behavior) are stored, these are treated separately in this privacy policy.

Most of the cookies we use are so-called „session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Contact Form

If you contact us by email or via a contact form, the transmitted data including your contact information will be stored to process your request or to be available for follow-up questions. This data will not be passed on without your consent. The processing of the data entered in the contact form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). A revocation of your already given consent is possible at any time. An informal communication by email is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it, or there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected.

Data Use and Disclosure

We will neither sell to third parties nor otherwise market the personal data that you provide to us, e.g., by email (e.g., your name and address or email address). Your personal data will only be processed for correspondence with you and only for the purpose for which you have provided us with the data. In order to process payments, we pass on your payment data to the credit institution commissioned with the payment. The use of data that is automatically collected during your visit to our website is only for the aforementioned purposes. The data will not be used for any other purpose. We assure you that we will not pass on your personal data to third parties unless we are legally obliged to do so or you have given us your prior consent.

Third-Party Services

We work with the following service providers who have access to the data:

  • Stripe (Payment System)
    Purpose: Payment processing
    Collected Data: Payment information, name, email address
    Location: USA
    Safeguards: Standard Contractual Clauses
  • Google Analytics
    Purpose: Analysis of website usage
    Collected Data: IP address, usage data, browser information
    Location: USA
    Safeguards: Standard Contractual Clauses, IP anonymization
  • Google Cloud Storage
    Purpose: Data storage
    Collected Data: All collected and processed data
    Location: USA
    Safeguards: Standard Contractual Clauses
  • Firebase
    Purpose: Provision of backend services
    Collected Data: Usage data, authentication data
    Location: Europe
    Safeguards: Standard Contractual Clauses
  • ConvertKit
    Purpose: Sending newsletters and email notifications
    Collected Data: Email address, name
    Location: USA
    Safeguards: Standard Contractual Clauses

Data Transfer to Third Countries

Data is transferred to the following countries outside the EU/EEA: USA. The standard contractual clauses approved by the EU Commission are used to ensure an adequate level of data protection.

Data Security

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://" to „https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Retention Periods

Personal data communicated to us via our website is only stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete such information from our files.

User's Rights

With regard to the personal data concerning you, as a data subject, you have the following rights vis-à-vis the data controller in accordance with the statutory provisions:

  1. Right of Withdrawal
    Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data at any time with effect for the future in accordance with Art. 7 (3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Storage of data for billing and accounting purposes remains unaffected by a revocation.
  2. Right to Information
    You have the right to request confirmation from us, pursuant to Article 15 of the GDPR, as to whether we are processing personal data concerning you. If such processing is taking place, you have the right to obtain information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the intended storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about which guarantees exist in accordance with Art. 46 GDPR when your data is transferred to third countries.
  3. Right to Rectification
    You have the right, in accordance with Art. 16 GDPR, to request at any time the immediate correction of inaccurate personal data concerning you and/or the completion of your incomplete data.
  4. Right to Deletion
    You have the right to request the erasure of your personal data pursuant to Art. 17 GDPR, provided that one of the following reasons applies:
    • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    • You revoke your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
    • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
    • The personal data have been processed unlawfully.
    • The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member State to which we are subject.
    • The personal data has been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
  5. Right to Restriction of Processing
    You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 GDPR. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
    • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
    • If the processing of your personal data has happened/is happening unlawfully, you can demand the restriction of data processing instead of deletion.
    • If we no longer need your personal data, but you need it to exercise, defend, or enforce legal claims, you have the right to request the restriction of the processing of your personal data instead of the erasure.
    • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
  6. Right to Information
    If you have asserted the right to rectification, erasure, or restriction of processing against us, we are obliged to notify all recipients to whom your personal data have been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort. In accordance with Art. 19 GDPR, you have the right to be informed about these recipients upon request.
  7. The Right Not to be Subject to a Decision Based Solely on Automated Processing, Including Profiling
    You have the right, in accordance with Article 22 of the GDPR, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
    • Is necessary for the conclusion or performance of a contract between you and us.
    • Is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests.
    • Is done with your express consent.
  8. Right to Data Portability
    If the processing is based on your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and is carried out with the help of automated processes, you have the right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format and to transfer it to another controller or to request that it be transferred to another controller, insofar as this is technically feasible.
  9. Right of Objection
    Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims (objection pursuant to Art. 21(1) GDPR).
  10. Right of Appeal to the Competent Supervisory Authority
    In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies. The supervisory authority responsible for us is:

    Bayerisches Landesamt für Datenschutzaufsicht
    Promenade 18, 91522 Ansbach
    Postal address: Postfach 1349, 91504 Ansbach

    Phone: 0981/180093-0
    Email: [email protected]
    Internet: https://www.lda.bayern.de

Validity and Amendment of this Privacy Policy

This privacy policy is effective as of July 17, 2023. We reserve the right to change this privacy policy at any time in compliance with applicable data protection regulations. This may be necessary, for example, to comply with new legislation or to reflect changes to our website or new services on our website. The version available at the time of your visit shall apply. If this privacy policy is changed, we intend to post changes to our privacy policy on this page so that you are fully informed about what personal data we collect, how we process it, and under what circumstances it may be disclosed.