Kiwigrid GmbH
Kleiststraße 10 a-c
01129 Dresden
Managing directors: Dr. Frank Schlichting, Janek Schuffenhauer
Telephone: +49 351 501 950 - 0
Fax: +49 351 501 950 - 101
We take the protection of (your) personal data very seriously. The purpose of this privacy policy is to provide you with detailed information about the manner in which we at Kiwigrid GmbH, represented by its managing directors, Dr. Frank Schlichting and Mr. Janek Schuffenhauer, process your personal data and our principles relating to the processing of personal data. This includes information about the types of data we process and when and how we use the data in the context of our online services. Furthermore, we would like highlight below what rights you have with respect to data protection. When processing and processing personal data, we always comply with the current requirements of the EU General Data Protection Regulation (GDPR for short), the Federal Data Protection Act (BDSG-new) and the new Telecommunications-Telemedia Data Protection Act (TTDSG).
We reserve the right to amend our data protection information from time to time to ensure that it always complies with current legal requirements or reflects any changes to our services. We therefore recommend that you read the data protection information regularly to stay informed about the protection of the personal data we process.
Version: 01 April 2023
Data protection information for the use of our website
1. Controller
The controller for the data processing described here is Kiwigrid GmbH (hereinafter also referred to as "we" or similar), with its registered office in 01129 Dresden, Kleiststraße 10 a-c. infokiwigrid.com
2. Data Protection Officer
If you have any questions regarding the collection, processing or use of your personal data, or if you wish to request the rectification, restriction of processing or erasure of data or you wish to withdraw your previously granted consent, please contact our internal data protection officer at security@kiwigrid.de.
To offer you state-of-the-art and sustainable services and consulting, or to make these services available to you through our cooperation partners, we collect some personal data when you use our online services.
3. Collection and processing of personal data when using our website
You can generally access and use our websites without providing personal data. However, when you access them, a range of technical data is logged and stored in the server's log files. An explanation of the server log files is provided in Section 10.
When you visit our websites, we only store information about the referring website from which you accessed our website, the name of your internet service provider, which web pages you have visited within our website as well as the date and duration of your visit to our website. For security reasons, we also store your IP address with the corresponding timestamp. The IP address is a machine-specific identifier that, at the time of the online query, provides information about the device or internet gateway used for internet access. The timestamp refers to the value in a defined format that is assigned to a specific moment for an event (such as sending or receiving a message, modifying data, etc.). The purpose of a timestamp is to clearly indicate to both humans and computers when specific events occurred.
To ensure the full functionality and a secure environment on our websites, small files, known as 'cookies,' are stored in the memory of your device when you access our websites. These are categorized into temporary session cookies and persistent cookies. The respective data records are stored on the servers of our service providers, Mittwald CM Service GmbH & Co. KG, located at 32339 Espelkamp, Königsberger Straße 4-6 (Germany). For a detailed explanation of cookies, please refer to Section 11.
When you visit our website, temporary session cookies are used and deleted by us as soon as you close your browser window. Solely for internal statistical purposes, we generate a session ID using session cookies to associate subsequent user requests with previous sessions.
The IP address is therefore processed in an anonymized manner. Accordingly, the aforementioned personal data are processed to ensure the proper functioning of the website as well as to troubleshoot and clarify acts of abuse or fraud based on a legitimate interest in accordance with Article 6 (1) (f) GDPR. The log files will be deleted after six (6) weeks.
Our website may also contain links to the websites of other providers who are not affiliated with us. After clicking on these links, we no longer have any influence on the processing of any data transmitted to the third party by clicking on the respective link. We expressly point out that we have no influence on the behavior of third parties and cannot assume any responsibility for the processing of (personal) data by third parties.
4. Requirements for the transfer of personal data to third countries
As part of our business relationships, your personal data may be shared or disclosed to third parties. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the specific details of the disclosure below at the relevant points below.
The European Commission recognizes certain countries as providing adequate level of data protection comparable to the EEA standard through adequacy decisions (you can find a list of these countries and a copy of the adequacy decisions here: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection in the absence of an adequate legal framework. If this is the case, we will ensure that there are sufficient safeguards in place. This can be achieved through binding corporate rules, standard contractual clauses provided by the European Commission for the protection of personal data, certificates, or recognized codes of conduct.
Please note that if personal data are transferred to the United States, even if it is based on standard contractual clauses, it cannot be ruled out that the US security authorities, which have extensive powers, may access your personal data at any time and without cause, or compel the disclosure of your data by the relevant US company. This applies even if the servers are located in Europe. There are no effective legal remedies available to you against this. Other third countries may also lack a level of data protection comparable to that of Europe.
Please also note that in the vast majority of cases, a transfer of your personal data to a third country such as the US cannot be based on your consent in accordance with Article 49 GDPR.
With regard to the individual services, we will inform you at the appropriate point about the legal basis (e.g. standard contractual clauses) on which the data transfer to third countries takes place. Please contact our data protection officer if you would like to receive more information on this matter.
5. Functionality of our websites
To ensure the proper functioning of the website, we use third-party service providers who process personal data on our behalf or who may gain access to personal data. With all service providers of this kind, we have concluded data processing agreements within the meaning of Article 28 GDPR. The providers used to ensure the proper functioning of our websites are October Labs GmbH (hosting), located in 68161 Mannheim (Germany) and xerc UG (technical support), located in 10119 Berlin (Germany).
6. Google services
To operate our website, we use i.a. the services provided to you by Google LLC ("Google"), with its registered office in CA 94393, USA, 1600 Amphitheater Parkway Mountain View, represented in Germany by Google Ireland Ltd., with its registered office in Dublin 4, Ireland, Barrow Street, Gordon House. This is governed by Google's privacy policy, which can be found here.
6.1 Google Tag Manager
On our website we use the Google Tag Manager from Google Inc, if you have given your consent in the Consent Manager. Die Google Inc. has their European headquarters in: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland We use Google Tag Manager to offer you a good user experience on our website and to personalize our offering. We do this by embedding sections of code (tags) into the source code of our website. The tags are managed through the Tag Manager. In this way, we can record (track) user behavior through various functions of our website and personalize our offering. According to Google, the data collected as part of the Tag Manager is not merged with your personal data, which may be stored by Google. Google acts as a processor for us with regard to the Tag Manager tool and has contractually guaranteed compliance with data protection in accordance with European standards.
In any case, your IP address will be collected through a separate cookie set by the Google Tag Manager. It also collects information about the hardware and software you use, e.g. the operating system, the browser and the browser version. Data about your website visits, the language set on your system and the type of screen and its resolution are also collected. It also collects information about the support of scripting languages and the fonts of installed browser plug-ins. Depending on which other tracking services we use and manage through Tag Manager (e.g. Google Analytics or Facebook Pixel), your IP address will be transmitted to servers managed by Google or Facebook, most of which are located in the US. After the EU-US Privacy Shield has been invalidated, data transfer to the US may only be based on standard contractual clauses and other safeguards issued by the EU Commission. Please note that if personal data are transferred to the United States, even if it is based on standard contractual clauses, it cannot be ruled out that the US security authorities, which have extensive powers, may access your personal data at any time and without cause, or compel the disclosure of your data by the relevant US company. This applies even if the servers are located in Europe. There are no effective legal remedies available to you against this.
The legal basis for the processing of your data is also Article 6 (1) (a) GDPR, i.e. the integration only takes place with your consent. "If the standard contractual clauses are deemed inadequate for ensuring an appropriate level of data security for the specific processing purpose, we will seek your consent in advance in accordance with Article 49 (1) (a) GDPR through the Usercentrics consent management system. You can find out more about Usercentrics in Section 7.
The withdrawal of your consent is possible at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The easiest way to withdraw your consent is through our Consent Manager or by using the following methods: a) by adjusting your browser settings, especially by suppressing third-party cookies, which will prevent you from receiving ads from third-party providers; b) by configuring your browser to block cookies from the domain "www.googleadservices.com“," www.google.de/settings/ads, with the caveat that this setting will be deleted when you clear your cookies; c) by disabling interest-based ads from providers participating in the "About Ads" self-regulatory campaign using the link www.aboutads.info/choices,, which will also be deleted when you clear your cookies; d) by permanently disabling them in your browsers such as Firefox, Internet Explorer, or Google Chrome through the link www.google.com/settings/ads/plugin. Please note that if you do this, you may not be able to use all the functions and features of this website.
Please click here for more information about Google's privacy policy: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html
6.2 Google Analytics 4
Our websites use Google Analytics 4, a service provided by Google that can be used to analyze the use of websites. When using Google Analytics 4, cookies are used by default. For information about cookies, see Section 11 of this privacy policy. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on their servers. This may also result in the transmission of information to the Google server in the US and further processing of the information there.
When using Google Analytics 4, the IP address transmitted by your device when using the website is collected and processed by default and automatically, but always only anonymously, so that the information collected cannot be directly traced back to any individual. This automatic anonymization takes place by truncating the IP address transmitted by your device by Google within the Member States of the European Union or other Contracting State to the Agreement on the European Economic Area. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet use. Google will not associate your IP address as transmitted by Google Analytics 4 with any other data held by Google. The data collected in the context of the use of Google Analytics 4 will be kept for as long as it is necessary to achieve the purpose of processing and then erased. Google Analytics 4 has the ability to create statistics about the age, gender and interests of website users through a specific feature known as "demographic characteristics." This is based on an evaluation of interest-based advertising and the use of third-party information. This makes it possible to determine and differentiate between user groups on the website for the purpose of targeting marketing measures. However, data collected through demographic characteristics cannot be attributed to a specific individual and it cannot be used to identify you personally. This data, collected through the demographic characteristics feature, is kept for two months and then erased. All processing described above, in particular, the setting of Google Analytics cookies for the storage and reading of information on the device you use to use the website, will only take place if you have expressly consented to this in accordance with Article 6 (a) GDPR. If you have not given your consent, Google Analytics 4 will not be used when you use our websites. You can withdraw your consent at any time with effect for the future. To exercise your right to withdraw your consent, please deactivate this service using the cookie consent tool provided on the website.
For our use of Google Analytics 4, we have concluded a data processing agreement with Google, under which Google is obliged, among other things, to protect the data of our website users and not to pass the data on to third parties. To ensure and maintain the European level of data protection even in the event of data transfer from the EU or EEA to the US and potential further processing there, Google relies on the so-called Standard Contractual Clauses of the European Commission, which we have agreed upon with Google.
For more legal information about Google Analytics 4, including a copy of the standard contractual clauses, please visit the following link: policies.google.com/privacy
Details on the processing initiated by Google Analytics 4 and how Google handles data from websites can be found at the following link: https://policies.google.com/technologies/partner-siteshttps: https://usercentrics.com/.https >https://www.linkedin.com/legal/privacy-policyhttps.
12. Integration of videos on our website using the VIDEO.TAXI platform
In some places, we have integrated videos into our website. We offer our video-on-demand service through the VIDEO.TAXI platform operated by TV1 GmbH, located at 85774 Unterföhring, Betastraße 9a (). For more information on the processing of personal data in the context of the use of the VIDEO.TAXI service, we refer to the privacy policy of our third-party service provider, which you can view here: https.
13. Server log files
As the provider of the website, we automatically collect and store information in server log files, which your browser automatically transmits to us. Server log files include:
- Name of the accessed website
- File
- Amount of data transferred
- Date and time of the server request (timestamp)
- Browser type and browser version
- Operating system used
- Referrer URL (previously visited website)
- Requested provider
- IP address
- Access status/ HTTP status code
- Host name of the accessing end device
This data is only stored for a short period of time where necessary, e.g. for troubleshooting. These server log files are not merged with other data sources. We use this data to rectify technical problems, troubleshoot and improve our services, which is also our legitimate interest in accordance with Article 6 (1) (f) GDPR.
14. Cookies
We may use cookies on our websites to personalize content and advertisements for you as part of our online services to offer you social media functions and features and to analyze access to our website. Cookies are not dangerous. They do not contain any executable code, viruses or other dangerous programs.
If it is absolutely necessary for the operation of our website, we are permitted by law to store cookies on your device. Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly. We pass on the necessary cookies to our cooperation partners for social media, advertising and analytics. However, we do not assume any responsibility for the processing of the information provided by you by our cooperation partners.
For all other types of cookies, we require your express, GDPR-compliant consent in accordance with Section 25 TTDSG.
However, our websites use several types of cookies, some of which are placed by third parties:
- Preference cookies allow a website to remember information that affects the design of the website in the way it behaves or looks, for example, depending on the preferred language of the region in which you are located.
- Statistical cookies help website operators analyze the behavior of visitors. These cookies are processed anonymously.
- Marketing cookies are used to follow visitors on websites. This allows ads to be displayed in a targeted and customized manner that may be appealing and relevant to the individual visitor. This type of cookie is of interest to third-party advertisers, for example.
Cookies are not dangerous. They do not contain any executable code, viruses or other dangerous programs, or personal data. In any event, you can prevent cookies from being stored on your hard-disk drive by selecting the option “do not accept cookies” in your browser settings. This could, however, limit the functionality of our website.
15. Rights of data subjects
15.1 Right of access
Within the framework of the applicable legal provisions, you have the right to access information about your stored personal data, its origin and recipients and the purpose of the data in accordance with Article 15 GDPR.
15.2 Right to rectification
You can obtain from us without undue delay the rectification of inaccurate personal data we store on you in accordance with Article 16 GDPR.
15.3 Right to erasure
When the data is no longer needed for the purpose for which it has been collected and no legal norm prescribes the retention of the data, personal data will be erased, whereby the legal regulations of Article 17 GDPR in conjunction with Section 35 BDSG apply.
15.4 Right to restriction of processing
If the erasure of personal data is not possible for legal, contractual, commercial or tax reasons, you have the right to request a restriction of the processing of the data. This right must be exercised in writing.
15.5 Data portability
In accordance with Article 20 GDPR, you have the right to data portability. Accordingly, each data subject also has the right to receive a copy of their personal data in a common, machine-readable file format. You can contact us or our data protection officer named in Section 1 of this privacy policy at any time using the contact details dataprivacy@kiwigrid.com given in the legal information section of this website.
15.6 Revocation of your consent to data processing
Many data processing operations are possible only with your express consent. In accordance with Article 7 (3) GDPR, you have the right to withdraw your consent to the processing of personal data with effect for the future, provided that the processing is based on grounds within the meaning of Article 6 (1) (a) or Article 9 (2) (a) GDPR. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
However, withdrawing your consent and not providing the required data typically means that the purpose for which the data was or would have to be collected cannot be fulfilled.
To exercise the rights, the written form is required. To do so, please contact us by e-mail at dataprivacykiwigrid.com.
15.7 Right to lodge a complaint with the competent supervisory authority
Under Article 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority for data protection if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for us is: Saxon Data Protection Commissioner, P.O. Box 11 01 32, 01330 Dresden, Germany. The Saxon Data Protection Commissioner can be reached at saechsdsbslt.sachsen.de.
16. Data security
Your personal data is transmitted encrypted using SSL. To protect your personal data stored by us from unauthorized access and misuse, we have taken extensive technical, organizational and operational measures in accordance with Article 32 GDPR. These measures are regularly reviewed and brought into line with the latest technology standards. Our employees are obliged to maintain confidentiality.
17. Retention period
As a matter of principle, we only store personal data for as long as is necessary to fulfil the contractual or legal obligations for which we have collected the data. After that, we erase the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidentiary purposes for the enforcement of civil law claims or due to statutory retention obligations, for example under tax or commercial laws. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and deleted after expiry of the legal retention period.