Your privacy is important to us!
We take privacy very seriously, and believe that your data should be working for you. As Kokoro’s business grows and our Privacy Policy evolves, we will clearly notify you of any changes and ask for your feedback. If you have any questions, comments, concerns or complaints, or if you want to report any security violation to us, please contact us at: info@bekokoro.com
Kokoro complies with the General Data Protection Regulation (Regulation (EU) 2016/679). Our commitment to such regulation may be found in our Data Processing Agreement (DPA).
Version 2.0
Effective Date: October 21, 2024
1. Introduction:
1.1. This Privacy Policy describes how Kokoro Beratungsgesellschaft (the “Company”, “Kokoro”,“we”, or “us”) collects, uses, processes, stores, shares and protects your personal information in connection with your use of our Site accessible through www.bekokoro.com domain name (the “Site”) and the products and services we may offer through the Site, consisting in consulting, ‘Kokoro’ pulse surveys, workshops, coaching and other (online) services (indistinctly referred to as the “Services”).
2. Who are we and how to contact us:
2.1. We are the company responsible for the processing of your data in accordance with this policy. Here’s our information:
Kokoro Beratungsgesellschaft mbH
Wolfswerder 58
14532 Kleinmachnow
Germany
Company Number: HRB 31397 P
Email: info[at]bekokoro.com
2.2. How to contact us and and who to contact.Send a request either to the email above or directly to the our data protection officer (DPO)
Name: Imran Ur-Rehman
Email: imran[at]bekokoro.com
3. Cookie Policy:
Click here for more details
3.a. Links to other websites:
On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data. We encourage you to read the privacy notices on the other websites you visit.
4. Scope of this Policy:
Here we describe the purposes for which we process your data. This covers the why, what and for how long we process your data as a Participant or as a Client of our services or site.
4.1. Purpose #1:
As a Participant, please note that we are not the entity responsible for the processing of data, but a mere provider rendering services to the person or company that sent you the Kokoro survey to complete.
If you have any questions or doubts, we suggest you approach the person or company who has sent you the Kokoro survey, as those are the ones governing the processing of your personal data (PD).
We process the following ordinary data about you as a Participant on behalf of this person and/or company:
As a Participant, Kokoro doesn’t process any sensitive data. The data we process will never reveal your identity and you will remain unidentifiable. No individual results, names, emails or telephone numbers of Participants can be accessed by Kokoro.
Note: All The Participants responses are aggregated into overall anonymous results.
We process your data as a Participant subject to this Privacy Policy in accordance with GDPR Article 6, Lawfulness of processing, more specifically 6.1.a, where you will be prompted to read and consent to it before your provide responses to any Kokoro survey you complete.
We will retain your data for processing for this purpose:
We collect Participant data, i.e. results only from our Kokoro survey tool. It is both anonymous and encrypted.
4.2. Purpose #2:
As a Client of our services or site, your data is being processed to perform a contract, and we will be processing your data as long as the contractual relationship with you is in force and during the 2 years following the end of said relationship or as long as we need it for legal, business, or tax purposes. This results in us having to process your data for purposes of providing you both the Services, as well as to perform our obligations under the Services Terms and Conditions. As a Client, Kokoro processes your personal information as an entity incorporated in accordance with the laws of Germany and with the following details:
Kokoro Beratungsgesellschaft mbH
Wolfswerder 58,
14532 – Kleinmachnow,
Germany
Contact email: info[at]bekokoro.com
4.3. We process the following ordinary data about you as a Client, subject to obtaining your consent, and as long as you do not withdraw any such consent, we may also process your data on behalf of this person and/or the company:
4.4. Finally, we may also process your data to protect our legitimate interests, as long as the said data is strictly necessary to fulfil the goals set forth below and is in accordance with the GDPR Article, 6.1.b (contract performance) and 6.1.f (legitimate interest). These legitimate interests are namely:
4.5. We retain and process your personal data for this purpose:
4.6. We provide access to your personal information for this purpose:
4.7. Additional information:
If you would like more information about our legal basis for processing your data, feel free to contact us. Some of the grounds for processing your data overlap, so there may be several reasons which justify us processing your data.We do not sell or rent your data to marketers or third parties. We may use your data in other ways than described here but we’ll inform you about these purposes when we collect your data.Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.
5. Keeping your data safe:
We use reasonable organisational, technical and administrative measures to protect your data within our company.
The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us. To learn more about our current practices and policies regarding security, contact out DPO:
Name: Imran Ur-Rehman
Email: imran[at]bekokoro.com
Telephone number: +43 676 950 5819
6. Third parties and processors:
We use companies (third parties and processors) to help us deliver our services to you, e.g. payment processors, web analytics companies, data management services, help desk providers, IT consulting companies, Accountancy and Law services as well as SMS and email provider services.
When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place and if they are located outside the EU, we’ll of course make sure that there is a legal agreement in place allowing us to give them access to the data (see section 7. below).
We share your data with:
– AWS (Frankfurt, DE)
– Wainobi (Vienna, AT)
Here are some of the suppliers we use:
– Calendly, Crisp, Openli
Read our cookie policy regarding the suppliers we use for those services. In the event that we are involved in a bankruptcy, merger, acquisition, reorganisation, your information may be transferred as part of that transaction.
This policy will continue to apply to your information also after the information has been transferred to the new entity.
7. How we collect data and process on your behalf in and outside of the EU/EEA:
7.1. In order to provide you with the Services, we may need to process on your behalf third parties’ PD. This is the case, for instance, when a person uploads information to set up a Kokoro Pulse Survey, the data is collected, stored, and processed on your behalf. PD that we collect from you may be stored, processed, and transferred between any of the countries in which we operate. Currently, all data processed is in Germany only.
7.2. Wherever we transfer, process or store your PD, we will take reasonable steps to protect it. We will use the information we collect from you in accordance with our privacy notice. By using our website, services, or products, you agree to the transfers of your PD described within this section.
7.3. We will ensure that all employees authorised to process PD have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
7.4. To provide you with the Services, we may need to use some service providers we already rely on, as well as hire new ones in the future. Those companies will only process the data to the extent necessary to render the Services, and we will enter into written agreements with them to make sure that said companies comply with the obligations included in this section 7 and implement all necessary security measures to ensure adequate protection of the data.
In the event that we want to change any of those service providers by another, or that we need to hire new companies, you will have the right to reasonably oppose to such changes or new appointments in the non-extendable term of 15 calendar days. ‘Reasonably oppose’ shall be interpreted as any challenge based on the failure to meet the legal requirements set forth by the European data protection laws by the new entity to be hired. In any event, we reserve the right to terminate the relationship with you should we not be able to hire a sub-processor which is essential or needed for providing the service.
The Company shall enter into written agreements with any sub-processors engaged in the provision of the Services including the safeguards and guarantees required by the General Data Protection Regulation (EU Regulation no. 679\2016, the GDPR), particularly in respect of implementing the security measures required in the GDPR. Where sub-processors are in countries, e.g. USA that do not have adequate level of protection of PD under Article 45 of the GDPR, you agree to comply with the requirements set forth in 7.5. below.
7.5. For the provision of the Services or because you want to process data from a given location or hand it to another company, data may be transferred outside the European Economic Area to a country which has not been declared to offer a level of protection equal to the one provided by European data protection regulations.
7.6. We will also provide, at your request and expense and subject to the nature of processing and information available to us, assistance in complying with obligations set forth in Articles 33 to 36 of the GDPR, if applicable.
7.7. With respect to data breaches, we will notify you without undue delay upon we confirm that a data breach affecting PD has taken place. We will provide you with sufficient information to allow you to meet any obligations to report or inform competent authorities or data subjects. We will reasonably cooperate with you and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such data breach.
8. Your rights:
You have the following rights:
8.1. Your right of access and rectification: You have the right to ask us for copies of your PD or ask us to rectify information you think is inaccurate. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.
8.2. You have the right to withdraw your consent at any time: You also have the right to request access to, and rectification of, or erasure of your PD, or restriction of processing, or to object to processing, as well as the right to data portability. Please note that if you choose to cancel your data, your account will be deleted and all data in your account will be permanently deleted from our systems. You may lodge a complaint at any time with the German Federal Commissioner for Data Protection. We will allow you to exercise the above mentioned right by contacting us at Kokoro GmbH via info@bekokoro.com.
8.4. Your right to withdraw your consent: If processing of your data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by contacting us at Kokoro GmbH via info[at]bekokoro.com.
8.5. Your right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format.
8.6. Where your data is processed for direct marketing purposes, you have the right to object at any time to the processing of PD about you for such marketing. The law gives us one month to respond to you, but we will try to respond sooner. There may be conditions or limitations on these rights, i.e. it is related to the Services and Product, as these communications are necessary to perform the contractual relationship we have with you. It is therefore not certain e.g. you have the right of data portability in a specific case – this depends on the specific circumstances of the processing activity.
Assistance and additional information:
You are always welcome to contact us and to take steps to exercise your rights by using the contact details above.
9. How to unsubscribe from email marketing material:
If you have subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you can always click the link and easily unsubscribe. You can also unsubscribe by sending us an email to info@bekokoro.com.
10. Children and our Services:
Our services and website are not directed to children, and you may not use our services if you are under the age of 18. You must also be old enough to consent to the processing of your information in your country.
11. Changes to this Policy:
Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our website or upon you logging on into your Kokoro account. If you are a registered user, we will notify you via email if significant changesare being made to the policy using the email address you gave us when you signed up. If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices. If you do not agree to any non-substantial change to this Privacy Policy, you may terminate the Service Terms and Conditions.
12. Prevalence:
This policy might be drafted both in plain and legal versions. In case of any discrepancies, the legal version included herein shall prevail and take precedence with respect to the plain version.If you have questions about the policy, feel free to contact us by using the contact details in this policy.