Privacy Policy
Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.
Our privacy policy is structured as follows:
I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing
I. Information about us as controllers of your data
The party responsible for this website (the „controller“) for purposes of data protection law is:
Klarso GmbH
Schwartzkopffstr. 7 a
10115 Berlin
Represented by Managing directors (Geschäftsführer): Johannes Munk, Christian Piepenbrock
Contact: info[at]klarso[punkt]com
II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right
- to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
- to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
- to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
- to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
- to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.
III. Information about the data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.
Server data
For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
General information about cookies
a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address.
This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.
The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.
When you close your browser, these session cookies are deleted.
b) Third-party cookies
If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of analyzing or improving the features of our website.
Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.
c) Disabling cookies
You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
Cookies in use
Our main website klarso.com does not use cookies. Our websites account.klarso.com (customer portal) and index-manager.net (product website) sometimes use different services and cookies. We break them down below. The cookies used are only technically necessary.
Stripe (used on account.klarso.com & index-manager.net)
We use the Stripe service on both websites as a payment service provider. You can find more information here: https://stripe.com/de/privacy.
Name of the cookie |
Description |
__stripe_mid |
Used to prevent fraud. Max-age: one year. |
__stripe_sid |
Saves the user’s session. Max-age: 1 hour. |
Further information on Stripe can be found in the section “Payment processing via Stripe”.
WooCommerce (used on index-manager.net)
We use WooCommerce to provide our web store. Data is not passed on to third parties.
Name of the cookie |
Description |
woocommerce_geo_hash |
Ensures that prices are displayed according to the selected region. Lasts for one hour. |
woocommerce_cart_hash |
Saves items in the cart. Only valid during the session. |
woocommerce_items_in_cart |
Saves items in the cart. Only available during the session. |
wp_woocommerce_session_* |
Saves the user’s session. Lasts for two days. |
Ory Kratos (used on account.klarso.com)
We use the Kratos framework from Ory for user authentication and management. Data is not passed on to third parties. More information at: https://www.ory.sh/docs/kratos/session-management/overview
Name of the cookie |
Description |
ory_kratos_session |
Saves the session. Lasts one day. |
csrf_token_* |
Ory Session Token, saves the session, prevents misuse by other websites. Lasts for one year. |
Please also refer to the section of this document about “customer account/registration”.
Polylang (used on index-manager.net)
We use the WordPress plugin Polylang to provide our website in multiple languages. It stores the user’s selected language in a session cookie. Data is not passed on to third parties.
Name of the cookie |
Description |
pll_language |
Saves the selected language of the website. Max-age: one year. |
Contact
If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.
Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.
Customer account/registration
If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders). We also store the date and time of your registration. This data will not be transferred to third parties.
During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account.
If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.
If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.
You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.
The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.
Order processing
The data you submit when ordering goods and/or services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data.
The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.
After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law.
In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment.
The legal basis for the transfer of this data is Art. 6 Para. 1 lit. b) GDPR.
Newsletter
We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for the mailing of the newsletter, as long as you have expressly agreed to it. You can unsubscribe at any time by using the corresponding link in the newsletter or by sending us a message. You can find the contact details for this purpose in our imprint. Your e-mail address will be deleted immediately.
Payment processing via Stripe
We offer the option of processing the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR).
- Name of the cardholder
- e-mail address
- Customer number
- Order number
- Bank details
- Credit card details
- Credit card expiry date
- Credit card verification number (CVC)
- Date and time of the transaction
- Transaction amount
- Name of the provider
- Location
The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via Stripe.
For data processing, Stripe has two roles. Stripe acts as data processor and as data controller. As data controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.
Stripe acts as a data processor in order to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations within the meaning of Art. 28 GDPR.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
Your data will be stored by us until payment processing has been completed. This also includes the period required for processing refunds, receivables management and fraud prevention.
You can find further information on objection and removal options vis-à-vis Stripe at: https://stripe.com/privacy-center/legal
This part about Stripe was taken from https://opr.vc/docs/payment/stripe/.
This privacy statement was created with the help of the Model Data Protection Statement by Anwaltskanzlei Weiß & Partner.