KANONE Data Policy
1. Introduction
At Kan One, we take your privacy and the protection of your personal data seriously. This Data Policy outlines how we collect, use, process, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws. By using our services, you agree to the terms outlined in this policy.
2. Data Controller
The data controller responsible for the processing of your personal data is:
Kan One GmbH
Venloer Str. 25-27
50672 Köln
Email:
Phone: +49 221 88 82 98 88
3. Data We Collect
3.1. Personal Data
We collect and process the following categories of personal data:
- Account Information: Name, email address, phone number, and other contact details provided during account registration.
- Employment Data: Job titles, department information, employment history, and other HR-related data.
- Usage Data: Information about how you use our software, including log files, IP addresses, browser type, and other technical data.
- Payment Data: Billing information such as credit card details, bank account information, and transaction history.
3.2. Sensitive Data
We do not intentionally collect or process special categories of personal data (e.g., data concerning health, racial or ethnic origin, political opinions) unless necessary for the provision of our services. If we do process such data, we will obtain your explicit consent where required by law.
4. Purposes of Data Processing
We process your personal data for the following purposes:
- Service Provision: To provide, maintain, and improve our HR software services.
- Account Management: To manage user accounts and provide customer support.
- Billing and Payments: To process transactions and manage billing.
- Legal Compliance: To comply with legal obligations, including tax and accounting requirements.
- Security: To monitor and ensure the security of our services and prevent fraud or misuse.
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
- Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of our legitimate interests, such as improving our services, ensuring security, and managing our business, except where such interests are overridden by your rights.
- Consent (Art. 6(1)(a) GDPR): Where we rely on your consent to process your personal data, you have the right to withdraw this consent at any time.
6. Data Sharing and Disclosure
We only share your personal data with third parties in the following circumstances:
- Service Providers: We may share your data with third-party service providers who assist us in operating our business, such as hosting providers, payment processors, and IT service providers. These service providers are bound by confidentiality agreements and are only permitted to process your data on our behalf and according to our instructions.
- Legal Obligations: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., law enforcement or data protection authorities).
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) that may not have the same level of data protection as in Germany. In such cases, we ensure that appropriate safeguards, such as Standard Contractual Clauses or an adequacy decision, are in place to protect your data.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Once your data is no longer needed, we will securely delete or anonymize it.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not we process your personal data and, if so, to access the data and receive information about the processing.
- Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain conditions.
- Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing your personal data under certain conditions.
- Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.
- Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests or direct marketing purposes.
- Right to Withdraw Consent (Art. 7(3) GDPR): If you have given consent to the processing of your personal data, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. These measures include encryption, access controls, and regular security assessments. However, please note that no method of transmission over the internet or electronic storage is completely secure.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and provide personalized content. For more information on how we use cookies and how you can manage your cookie preferences, please refer to our Cookie Policy.
12. Changes to This Data Policy
We may update this Data Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new Data Policy on our website and indicating the date of the last revision. Your continued use of our services after any changes to this policy will signify your acceptance of those changes.
13. Contact Information
If you have any questions or concerns about this Data Policy or your privacy rights, please contact us at:
Kan One GmbH
Venloer Str. 25-27
50672 Köln
Email:
Phone: +49 221 88 82 98 88
You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws. In Germany, the relevant supervisory authority is the [Name of State Data Protection Authority where your company is located].