Privacy Policy

A. CONTROLLER

The controller within the meaning of the General Data Protection Regulation (Art. 4 (7) GDPR) and other national data protection laws and data protection provisions is:

​

KiezCode GmbH

Stargarder Straße 50

10437 Berlin

Email: info@kiezcode.com

Full legal notice: Imprint

​

These contact details are relevant for all questions regarding data protection on this website as well as for all data protection-related claims you may have.

​

B. COLLECTION AND STORAGE OF PERSONAL DATA WHEN VISITING OUR WEBSITE

Below we inform you about data protection-relevant processes that take place when visiting our website.

​

1. Logfiles

Each time our website is accessed, we automatically collect data and information from the computer system you use to access the website.

The following data is collected:

​

(1) Information about your browser type and the version used

(2) Information about your internet service provider

(3) Date and time of your access

​

This data is not stored together with other personal data of yours. Both the collection and the storage of this data in log files are necessary for the provision and operation of our website. The legal basis for the temporary storage of this data is Art. 6 (1) lit. f GDPR.

​

2. Website Analysis

We use services from third parties to evaluate the functionality of our website and to adapt it to user behavior.

​

Supabase

For this purpose, we use Supabase, a service of Supabase, Inc., based in the USA. Supabase offers a suite of open-source tools used for database management, authentication, and analytics. In order to enable and analyze the use of our website, data is collected, analyzed, and stored on Supabase's servers. These servers are generally located within the European Union (EU) to ensure compliance with the GDPR. The data collected includes, among others:

​

• Browser information

• Device type and operating system

• Meal plans

• Time spent on the website

• Interactions on the website (e.g., clicks, page views)

• Payment information

• The data you provided during registration

​

The data is stored for the duration of the usage contract.

The legal basis for processing your personal data in connection with Supabase is Art. 6 (1) lit. f GDPR, as our legitimate interest lies in analyzing the use of our website and improving our offer. Data necessary for the performance of the usage contract is processed based on Art. 6 (1) lit. b GDPR. Further information: SupabasePrivacy Policy | Supabase​

​

Sentry

We use the service Sentry, an error analysis software from Functional Software Inc., 45 Fremont St, San Francisco, CA 94105, USA, to ensure high availability of our website and a seamless user experience (Art. 6 (1) sentence 1 lit. f GDPR). Sentry helps us monitor the stability of our website and identify code errors or exceptions. The software only uses data that is already automatically transmitted by your browser. No personal data is stored in our database. Logged data includes:

​

• Timestamp

• Resource/URL, environment

• Error type/category, technical error log (stack trace)

• Connection to changes in the application code

• Device characteristics: browser version, operating system, device categorization

​

No data is analyzed for advertising purposes. All data is collected anonymously, processed and stored exclusively by Sentry, and subsequently deleted. We do not store this data in our own database. More information: SentryPrivacy Policy 3.3.1 (May 31, 2024)​

​

Hotjar

We use services from Hotjar to better understand user behavior on our website and to optimize our offering. This allows us, for example, to see how users navigate our site and which areas are particularly frequently used. This service is provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian’s STJ 3141, Malta, EU. The following is processed:

​

• Device information (screen resolution, device type, operating system, browser type, geographic location)

• Your IP address (in anonymized form)

• Usage data (mouse movements, clicks, time spent)

• Interactions with the website (e.g., scrolling behavior, pages visited)

​

The legal basis is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR). The legitimate interest lies in improving the usability of our website and further developing our services.

No data is evaluated for advertising purposes. The data is collected, processed, and stored directly by Hotjar. We do not store this data ourselves. Further information: Privacy | Hotjar​

​

Vercel

We use services from Vercel to host and manage our web applications. This allows us to optimize the provision and usage of our services. This service is provided by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. The following is processed:

​

• Browser information

• Device type and operating system

• Visits and accesses to the website (e.g., IP address, timestamp)

• Interactions with the website (e.g., clicks, page views)

​

The data is processed and stored directly by Vercel. We do not store this data ourselves. The legal basis for processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR), which lies in ensuring the provision and security of our web applications. Further information: VercelPrivacy Policy​

​

Heroku

We use services from Heroku to host and manage applications in the cloud. This allows us to optimize the provision and use of our services. This service is provided by Salesforce.com, Inc., 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. The following is processed:

​

• Browser information.

• Device type and operating system

• Connection data (e.g., IP address, timestamp)

• Interactions with the website and within the application

​

The data is processed and stored directly by Heroku. We do not store this data ourselves. The legal basis for processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR), which lies in ensuring the provision and security of our applications. Further information: SalesforcePrivacy Page​

​

C. GOOGLE AUTH

Our website offers the option to authenticate via Google Auth, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). By using this service, users can log in with their Google account without having to create a separate user account on our website.

The following personal data is processed when using Google Auth:

​

• Email address

• Name (if stored in the Google account)

• Profile picture (if stored in the Google account)

• IP address

• Device information (e.g., operating system, browser type)

​

Processing is based on Art. 6 (1) lit. b GDPR (contract fulfillment), as it is necessary for providing the login function, and on Art. 6 (1) lit. f GDPR (legitimate interest), as it increases the security and user-friendliness of our website. Google may also process the data in the USA. A transfer of personal data to the USA takes place on the basis of the European Commission’s Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information on data processing by Google can be found in Google’s privacy policy:

Privacy & Terms – GooglePrivacy Policy – Privacy & Terms – Google​

​

If you do not wish to use Google Auth, you can alternatively log in via other authentication methods or create a separate user account on our website.

​

D. CONTACTING US

You can contact us electronically via email or through a form on the website. In this case, the data you send to us will be stored.

This includes:

​

(1) Your name

(2) Date of contact

(3) Your email address

(4) Any additional data you provide

​

If you email us or use the form and are interested in our services, the legal basis for data processing is Art. 6 (1) lit. b GDPR. The data you transmit to us is used exclusively for the purpose of the conversation and will not be passed on to third parties. We will delete this data when it is no longer necessary for the respective purpose – i.e., when the email exchange with you is complete and your request has been fully addressed. You have the right to revoke your consent to data processing at any time. Please contact us using the details provided above. In the event of revocation, all your personal data stored for the purpose of contacting you will be deleted.

​

E. REGISTRATION

Registration is required to use the purchase and sales options on the website. The data you provide during registration will only be used for the purpose of using the service. The data collected during registration will not be passed on to third parties unless a purchase contract is directly concluded.

The following data is stored during registration:

​

(1) Your IP address

(2) Date and time of registration

(3) Your name

(4) Your email address

(5) Any additional data you provide to us

​

The legal basis for data processing is the conclusion of the usage contract (Art. 6 (1) lit. b GDPR).

You may log in using your Google account (social login). This links your account with our application. Personal data (e.g., name, email address, telephone number) may be automatically transmitted from the provider to us. Conversely, personal data (e.g., IP address, visited website) is transmitted to the provider to carry out the login. The legal basis is your explicit consent provided when linking your account with our app (Art. 6 (1) sentence 1 lit. a GDPR). You may revoke this consent at any time. Google’s privacy policy is available at: Privacy & Terms – GoogleDatenschutzerklärung – Datenschutzerklärung & Nutzungsbeding…​

​

You may delete your user account at any time. This does not affect any data arising from contractual relationships.

​

F. DATA PROCESSING OF BUYERS IN SALES CONTRACTS BETWEEN PLATFORM USERS

If you purchase an item offered by an external seller via our website, we will use the data you provide to process the purchase agreement with the seller (Art. 6 (1) lit. b GDPR).

Your name and shipping address will be passed on to the respective seller. To process payment for the purchase agreement, we use payment service providers. In addition to payment data, the following data may be processed by the payment provider you use:

​

(1) Your name

(2) Your address

(3) Your email address

(4) IP address

​

The specified payment data and the other data will not be passed on by us or the payment provider to third parties not involved in fulfilling the contract and processing the payment. The legal basis for the storage and processing of this data is Art. 6 (1) lit. b GDPR.

We use the payment service provider Stripe, a service of Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland ("Stripe").

Further information can be found in Stripe’s privacy policy: stripeDatenschutzrichtlinie​

​

G. DATA PROCESSING IN THIRD COUNTRIES IN GENERAL

Unless otherwise stated above, the processing of your personal data in countries outside the European Union (EU) or the European Economic Area (EEA) takes place exclusively in accordance with the legal requirements of Art. 44 GDPR. In the present case, this is exclusively based either on an adequacy decision of the European Commission (Art. 45 GDPR) and/or on the basis of appropriate safeguards (Art. 46 GDPR).

​

H. GENERAL STORAGE PERIOD

Personal data is generally stored only as long as it is necessary for fulfilling the purpose of data collection or for complying with the applicable legal retention period. After the purpose ceases to apply or the retention period expires, the data will be deleted.

​

I. RIGHTS OF DATA SUBJECTS

If we process personal data relating to you, you are a data subject under the GDPR and have the following rights against us:

​

1. Art. 15 GDPR – You can request information about your personal data processed by us.

2. Art. 16 GDPR – You can request immediate correction of inaccurate or completion of your stored personal data.

3. Art. 17 GDPR – You can request the deletion of your personal data stored by us, unless processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

4. Art. 18 GDPR – You can request the restriction of processing of your personal data under the following conditions:

   • if you contest the accuracy of the data,

   • if processing is unlawful but you oppose deletion,

   • if we no longer need the data, but you need it for legal claims, or

   • if you have objected to processing under Art. 21 GDPR.

5. Art. 20 GDPR – You can receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request the transfer to another controller.

6. Art. 7 (3) GDPR – You can revoke any consent you have given at any time. This means we may no longer continue the data processing that was based on this consent in the future.

7. Art. 77 GDPR – You can lodge a complaint with a supervisory authority. Typically, you can contact the supervisory authority at your usual place of residence, workplace, or our company headquarters.

​

J. RIGHT TO OBJECT

If your personal data is processed based on legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time in accordance with Art. 21 GDPR, provided that there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to specify a particular situation.

​

If you wish to exercise your right of withdrawal or objection, it is sufficient to send an email to the email address provided above.