Privacy Policy
Controller for processing according to GDPR
kolum GmbH
Wallstraße 19
10179 Berlin
Privacy Policy
We welcome you to our website and are pleased about your interest. The protection of your personal data is very important to us. Therefore, we conduct our business in compliance with applicable laws on data privacy protection and data security. We would like to inform you in the following about which data of your visit is used for which purposes. By using our website, you consent to the practices described in this Privacy Policy.
Information we collect
When you visit our website, certain information about your device and browsing activity may be automatically collected. This includes your IP address, browser type, operating system, and the pages you visit on our site. We may also collect information that you voluntarily provide to us through contact forms or other means. See below for specific information.
How we use your information
We use the collected information to improve the functionality and content of our website, to understand user preferences, and to respond to inquiries or requests you submit through our contact forms. We may also use the information for analytical purposes to better understand how users interact with our site.
What are personal data?
The term personal data is defined in the German Data Protection Act ('Bundesdatenschutzgesetz') and the GDPR. According to these laws, these are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth.
Scope of anonymous data collection and data processing
Unless otherwise stated in the following sections, no personal data is collected, processed or used when using our websites. However, by using analysis and tracking tools, we learn certain technical information based on the data transmitted by your browser (e.g. browser type/version, operating system used, web pages visited on our website incl. length of stay, previously visited website). We evaluate this information for statistical purposes only.
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to complain to the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a data protection violation. The competent supervisory authority regarding data protection issues is the state data protection commissioner of the federal state in which our company's registered office is located. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .
Right to data transfer
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
Right to information, correction, blocking, deletion
Within the scope of the applicable legal provisions, you have the right at any time to free information about your stored personal data, the origin of the data, their recipients and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the 'https://' address line of your browser and the lock symbol in the browser line.
Contact Form
Data transmitted via contact form will be stored, including your contact details, in order to be able to process your request or to be available for follow-up questions. This data will not be passed on without your consent.
The processing of the data entered in the contact form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it or there is no longer any need to store it. Mandatory legal provisions - in particular retention periods - remain unaffected.
When you send an email
When you contact us via email under the email address provided in the imprint, your email messages, and all the information inside of them will be processed. Copies of your emails will be stored only for six months, unless we are required to keep the email for legal reasons. We will use data processors to process personal data on your behalf (e.g. to send an email to you). The particular provider may be subject to change over time. At the moment, we use Gmail to send emails. Your incoming email is screened and stored by Gmail (Google), which is the email provider we use for business.
The waitlist on kolum.earth
We additionally store personal data provided by you through our Waitlist in order to contact you with the purpose of further developing our product. If you join the waitlist, we store the data you provided in the forms, along with a timestamp of submitting the data. This data may be transferred to data processors in order to contact you via email. After confirming your interest (and implicitly the ownership/control of the email address) via link, we store the data about this so-called double opt-in. We may also store the IP address temporarily to prevent abuse of the forms.
If you fail to complete the double opt-in process, your data will be deleted within 30 days. If you complete the process, we will store your data according to German data protection laws and delete it once legally permitted to do so. Also, we reserve the right to extend the data storage duration if there is a particular reason to do so.
Legal Basis: Your consent to data processing, as granted in the waitlist form. And our legitimate interest to contact you during the development process of the product.
Processors: We will use data processors to process personal data on your behalf (e.g. to send an email to you). The particular provider may be subject to change over time. At the moment, we use Gmail to send emails. The tool we use for our waitlist is Typeform (see below for details on both data processors).
Other Recipients: we do not share personal data with other parties.
Google Analytics and Conversion Tracking
Type and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, visited subpages and the length of stay of visitors. Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. This information is used, among other things, to compile reports on website activity.
Purpose and legal basis
The use of Google Analytics is based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. DSGVO. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 lit. a. DSGVO, which you provide via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Duration of Storage
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics:https://policies.google.com/privacy?hl=en-US
Google Tag Manager
Type and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services to evaluate user access to our website.
Purpose and legal basis
The use of the Google Tag Manager is based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. DSGVO. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 lit. a. DSGVO, which you provide via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Duration of Storage
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for the Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
Data Processors
Gmail
We use Gmail for our business mail. Find Google's privacy policy here: https://policies.google.com/privacy?hl=en-US.
Vercel
Our website is hosted on the Vercel platform, which means that Vercel processes certain information on our behalf. Vercel provides us with hosting and server infrastructure services and may collect and store technical information about your visit for the purpose of delivering the website to you. Vercel's own privacy practices can be found in their Privacy Policy: https://vercel.com/legal/privacy-policy.
Typeform
Typeform allows the collection of structured feedback. We use Typeform for our waitlist. See above for detailed information on data processing in our waitlist. See Typeform's Privacy Policy here: https://admin.typeform.com/to/dwk6gt.
Web3Forms
We use Web3Forms to process your request via the contact form on our website. All contact requests are sent directly to our email address and Web3forms does not store any data from the submissions. You can find more information here: https://web3forms.com/platforms/nextjs-contact-form.
Zapier
We use Zapier to receive an automatic notification to our email address once a new company representative has signed up for our waitlist. You can find Zapier's privacy policy here: https://zapier.com/legal/data-privacy.
Calendly
We use Calendly to schedule appointments with you. You can find Calendly's privacy policy here: https://calendly.com/legal/privacy-notice.
Further Information
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. This privacy policy is currently valid and has the status 11 August 2023.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us under the contact details provided in our imprint or via our contact form.