Privacy Policy
Your privacy is important to us.
We take the protection of your personal data very seriously. We treat your personal data confidentially and following the legal rules of the relevant data protection laws, particularly the European General Data Protection Regulation (GDPR) and this privacy policy.
This privacy policy covers the use of our digital content, including our social media profiles, via PC, smartphones, tablets, and all other internet-enabled mobile devices.
The digital content may contain links to other websites of third-party service providers to which this data protection declaration does not apply.
Controller / Responsible party
The controller / responsible party for processing your personal data is
Katulu GmbH
An der Alster 6
20099 Hamburg
hello@katulu.io.
If you have any questions regarding data protection at our company, please write to us at the postal address above, with the subject of “Data Protection” or at the provided e-mail address.
Purpose of Personal Data Processing
Data Processing for the Provision of Contractual Services
You can send us inquiries about commissioning contractual services via our website and the contact details stored there. Provided that personal data is transmitted to us by you in this way or by other means when inquiring about commissions, we process your data to answer your inquiries, for the execution of the order/contract as well as for invoicing. For this, we require your (company) name, your address data, as well as your e-mail address. Without this data, we cannot execute the contract with you. Additionally, we collect further data within the scope of the contract initiation or contract execution, which is not absolutely necessary for the contract execution, but which serves the purpose and is beneficial for it.
In the case of suppliers/service providers, we process the personal data provided by them this way or in another manner for the purpose of ordering and commissioning services on our part, as well as to pay for the services provided. For this, we require the name, address data, and account data. Depending on the service/contract, we may also require additional data, which we will then inform you about on a case-by-case basis. If you provide further data, we will also use this for the aforementioned purposes, but such data is not required for the conclusion of the contract.
The legal basis for data processing is Art. 6 (1) p. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Data Processing for Communication with You
In addition to the contractual data, we process the communication data provided by you (names of contact persons, telephone number, fax number, e-mail address) to contact and communicate with you. Personal data that you provide to us by e-mail, post, or telephone will only be processed for correspondence with you or only for the purpose for which you provided us with the data.
The basis for data processing is Art. 6 (1) p. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures
Cookies
We only use strictly necessary cookies, which are required for the website's basic function. These cookies are used on some of our web pages to offer you website-specific services and store information required for the website to function properly. Strictly necessary cookies do not collect personal information and do not require user consent according to GDPR.
We do not use preferences cookies, statistics cookies and marketing cookies on any of our web pages to recognize and track you if you visit our website again, and/or to adapt our services to your personal preferences among other things.
Preferences cookies allow a website to remember choices you have made in the past, like what language you prefer. Statistics cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and anonymized. Their only purpose is to improve website functions. Marketing cookies track your online activity to help advertisers deliver more relevant advertising. These cookies can share that information with other organizations. These cookies are persistent cookies and usually set by a third-party.
Cookies are small text files that are stored on a visitor’s computer and contain data about the respective user to provide access to various functions. Session cookies are used on our website. A session cookie is temporarily stored on the computer you are using while you navigate through the website. A session cookie is deleted as soon as you close your Internet browser or as soon as your session has expired after a certain period. Storing a cookie ensures that you do not have to repeatedly enter your personal settings and preferences each time you visit. This saves you time and makes the use of our website more comfortable for you. The cookie is only used to improve usability.
Most browsers accept cookies automatically – so if you wish to suppress the use of cookies, you may need to actively delete or block cookies, or prevent the storage of cookies through a setting in your browser software. Please note, however, that if you refuse the use of cookies, you may continue to visit our website, but some features may be impaired in their operation.
We may work with third parties on some of our websites, which means that when you visit such a website, cookies from partner companies may also be stored on your hard drive (third-party cookies). However we select our partners carefully and only integrate partners into our website, who just use strictly necessary cookies and do not use preference cookies, statistics cookies and marketing cookies. We provide the information below about the use of such cookies and the scope of the data collected in each case.
We use cookies that are required to enable the provision of the services owed by us or to ensure the functionality of our services. The data processing in this regard is then carried out based on Art. 6 (1) p. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures, or according to Art. 6 (1) p. 1 lit. f GDPR, which permits data processing to protect the legitimate interests of the controller, unless the interests or the fundamental rights and freedoms of the data subject outweigh the interest of the controller in the data processing. Our interest then lies in ensuring the functionality of our website.
For the use of other, non-essential cookies, we may obtain your consent. The data processing is then based on your consent according to Art. 6 (1) p. 1 lit. a GDPR. You can revoke or change your consent at any time. The legality of the data processing already performed remains unaffected by the revocation.
Use of SalesViewer® technology
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
In order to do this, a javascript based code, which serves to capture company-related data according to website usage. The data captured using this technology is encrypted in a non-retrievable one-way function. The data is immediately pseudonymised and is not used to identify website visitors personally.
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. Salesview does not store any cookies on your device if you visit our website.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
Use of Umami
This website uses the web analytics service Umami of the software company Umami Software Inc., 1362 42nd Ave, San Francisco, CA 94122, USA ("Umami") on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on usage evaluation and optimisation purposes.
In order to do this, a javascript based code, which serves to capture data according to website usage. The service only captures encrypted data using a non-retrievable one-way function. The data is pseudonymised and is not used to identify website visitors personally. No data is captured that allows Umami or us to identify website visitors personally.
Umami stores this information in a pseudonymized user profile. The information is neither used by Umami nor by us to identify individual users nor is it merged with other data about individual users.
The data stored by Umami will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. Umami does not store any cookies on your terminal device.
For more information, please refer to the Terms of Use and Privacy Policy of Umami Software Inc. accordingly at https://umami.is/terms and at https://umami.is/privacy .
Use of Arcade
This website uses the product demo service Arcade of the software company Arcade Software Inc., 500 Chelmsford Ave., Hillsborough, CA 94010, USA ("Arcade") on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to provide interactive product demos.
In order to do this, an url is embedded via an iframe, which serves to provide an interactive product demo. The data processed using this service has the only purpose to perform the demo. The data is immediately pseudonymised and is not used to identify website visitors personally. No data is captured that allows Arcade or us to identify website visitors personally.
The data stored by Arcade will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
We use Arcade with a GDPR compliant configuration. According to Arcade, with the selected GDPR compliant configuration the IP address is not recorded and visitors to the website are not personally identified and not tracked. In this configuration Cookies set by Arcade are only session cookies that are strictly necessary, which are required to ensure Arcade’s basic functions. Arcade cookies are deleted when your session is terminated.
For more information, please refer to the Terms of Use, Privacy Policy and GDPR Requirements of Arcade Software Inc. accordingly at https://www.arcade.software/terms-of-service and at https://www.arcade.software/privacy and at https://docs.arcade.software/kb/admin/general-security/gdpr-requirements .
Use of Framer
This website uses the web hosting service Framer of the software company Framer located at Framer, Inc. 251 Little Falls Drive, Wilmington, Delaware 19808, USA and Framer B.V:, Rozengracht 207B, 1016 LZ Amsterdam, Netherlands ("Framer") on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on usage evaluation and optimization purposes.
In order to do this, our website is hosted by Framer, which captures data according to website usage. The data captured using this service is encrypted in a non-retrievable one-way function. The data is immediately pseudonymised and is not used to identify website visitors personally. No data is captured that allows Framer or us to identify website visitors personally.
Framer stores this information in a pseudonymized user profile. The information is neither used by Framer nor by us to identify individual users nor is it merged with other data about individual users.
The data stored by Framer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. Framer does not store any cookies on your terminal device.
For more information, please refer to the Terms of Use and Privacy Policy of Framer Software Inc. accordingly at https://www.framer.com/legal/terms-of-service/ and at https://www.framer.com/legal/privacy-statement/ and at https://www.framer.com/help/articles/gdpr-and-cookies/ .
Data Processing to Protect Legitimate Interests
We also process your data if it is necessary to protect legitimate interests of ours or of third parties. This may be the case, in particular, to ensure IT security and IT operations, especially in the case of support requests, to be able to trace and prove facts in the event of legal disputes, for market and opinion surveys, to statistically evaluate the use of our website, for advertising other products from us or our cooperation partners.
The basis for the data processing is Art. 6 (1) p. 1 lit. f GDPR. We have a legitimate interest in the data processing listed above. Our interest is optionally in IT security, in ensuring support for better usability of our website or in our legal interest or in our evaluation and advertising interest.
Data Processing for Advertising Purposes
We use the data you provide to send you recommendations and information about our products and services by mail.
Additionally, we use your e-mail address to send you information about our company’s products and services by e-mail if you have already purchased products or services from us. You will receive these recommendations from us regardless of whether you have subscribed to a newsletter. We want to send you information in this way about similar products and services from our range that might interest you based on your most recent purchases/orders from us. We strictly comply with the legal requirements in this regard.
If you no longer wish to receive recommendations on products or services or to receive advertising from us in general, you can revoke your consent at any time. A notification in text form to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.
The basis for data processing is Art. 6 (1) p. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject are not overridden. Our interest is commercial and lies in the promotion and sale of our products and services.
Log Files
Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The data records stored in this process contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (origin URL from which you came to the web pages), the amount of data transferred, as well as product and version information of the browser used and the operating system of your PC. The IP addresses of the users are deleted or anonymized after the termination of use. Any other evaluation of the data, except for statistical purposes and then basically in anonymized form, does not take place. Neither any personal “surfing profiles” nor the like are created or processed.
The basis for data processing is Art. 6 (1) p. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject are not overridden. We have an interest in the prosecution, prevention, and punishment of unlawful use of our offer.
Data Processing for the Fulfillment of Legal Obligations
Furthermore, we process your data for the fulfillment of legal obligations (e.g. regulatory requirements, commercial and tax law retention, and verification obligations).
The basis for the data processing is Art. 6 (1) p. 1 lit. c GDPR, which permits the processing for the fulfillment of a legal obligation.
Categories of Recipients of Personal Data
Your personal data will only be disclosed or otherwise transferred to third parties if this is necessary for the purpose of contract processing or billing, or if you have previously consented, or if there is a legal basis for the disclosure.
Your contractual and communication data will be forwarded to the responsible office and the responsible employees within our company in each case to answer your inquiries, for communication or for the execution of the order, or for the fulfillment of contractual obligations. The basis for this is again Art. 6 (1) p. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
If it is necessary for the purpose of contract processing or for the provision of our services, data is forwarded to partner companies that have been commissioned to support contract processing. Our partners are obliged to comply with and observe the provisions of data protection law. Our partners are not permitted to use the data for any other purpose than the processing of the contract. The basis for this is Art. 6 (1) p. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Your personal data will otherwise only be disclosed or transferred to third parties outside our company if this is necessary for the purpose of contract processing or billing, or if you have given your prior consent, or if there is a legal basis for the disclosure.
Whenever we use the services of third parties for the execution and handling of processing operations, we will comply with the provisions of the General Data Protection Regulation. Service providers that support us in providing our service to you are hosting providers, email service providers, IT service providers, software (SaaS) providers.
Period of Data Storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes unless temporary storage is still necessary. For example, we store your data based on legal obligations to provide proof and to retain data, which result, among other things, from the German Commercial Code and the German Fiscal Code. The storage periods are then up to ten full years. Additionally, we retain your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
Data Security
Your personal data is transmitted securely on our website using encryption. We use the encryption protocol TLS (Transport Layer Security) for secure data transmission on the Internet. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, modification, or distribution of your data by unauthorized persons. Our security measures are continuously improved in line with technological developments. However, we would like to point out that data transmission on the Internet may have security gaps and cannot be completely protected against access by third parties, which applies in particular and especially when communicating by e-mail. We are therefore happy to offer you the option of using S/MIME encryption and signing for e-mail communication; please feel free to contact us in this regard.
Data Subject Rights
Within the framework of the applicable legal provisions, you have the right at any time to receive information free of charge about your personal data stored by us, its origin and recipients, and the purpose of data processing and, if applicable, the right to have this data corrected or deleted. To this end, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details listed in section 1. You may also be entitled to a right to restrict the processing of your data and a right to receive the data you have provided in a structured, common, and machine-readable format. If you have given us consent to process personal data for specific purposes, you may revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. Additionally, you have the option of contacting a data protection supervisory authority (Right of Complaint).
