This Privacy Statement describes the collection and use of personal data in connection with the use of our web application ("Software" or "App") Kenjo in accordance with the requirements of the EU General Data Protection Regulation ("GDPR"). We inform you in the following about the processing of your personal data in the context of the use of our App. Processing activities that are not covered by this Privacy Statement may be supplemented by additional privacy statements that must be observed separately.
Controller pursuant to the GDPR is
Kenjo GmbH ("Kenjo"/"we"/"us")
You can reach our appointed data protection officer:
You may exercise the following rights under the GDPR:
To exercise your rights, you can contact us by e-mail at firstname.lastname@example.org. For identification purposes, please provide the following information:
The processing of your request and the identification of your person is based on Art. 6 (1) p. 1 lit. c) GDPR.
You can file a complaint at any time pursuant to Art. 77 GDPR with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.
Under the following link you will find all supervisory authorities for Germany for non-public bodies: https://www.bfdi.bund.de/
We process your personal data in accordance with the provisions of the GDPR.
Personal data (name, e-mail address) is initially processed by us for the fulfilment of contractual obligations or pre-contractual measures in accordance with Art. 6 (1) p. 1 lit. b) GDPR. This includes in particular:
In addition, we process your personal data (name, e-mail address) based on our legitimate interests according to Art. 6 (1) p. 1 lit. f) GDPR,
In addition, we will process your personal data (name, e-mail address) in accordance with Art. 6 (1) p. 1 lit. c) GDPR if we are legally obliged to do so, for example in order to comply with our obligations to keep records under commercial or tax law.
For the specific processing activities within our App, please see below at Section 2.
We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. Your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law, e.g. for tax and trade regulation purposes (§ 257 HGB, § 147 AO). Furthermore, we may store your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), or if it is necessary for the assertion, exercise or defence of legal claims.
To protect the security of your data during transmission, we use technical and organisational security measures, in particular the encryption of our App and all connections to servers and databases to prevent unauthorised access by third parties. The data collected from you is generally hosted on ISO 27001 certified servers. Our security measures are continuously improved and adapted in line with technological developments.
We use service providers for the provision of our App and services. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. In addition to the explicitly mentioned service providers below at Section 2, we use the following categories of service provider:
Your personal data will only be transferred to third countries if the requirements of Art. 44 - 49 GDPR are met, in particular standard contractual clauses, binding corporate rules, and adequacy decisions of the European Commission. If you would like to receive further details on how we transfer personal data to third countries, please contact us at email@example.com.
There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for profiling or automated individual decision making.
To enable the use of our App, it is necessary to provide a so-called admin account. This is used to map all settings for the organisation of our customers. As part of the provision of this account, your name, email address and usage data, as well as so-called log files, which record information about connections to servers are processed.
For the purposes of the user onboarding, we also use the third-party service Chameleon. The processing takes place in the context of the fulfilment of the usage contract of the App, (Art. 6 (1) para. 1 lit. b) GDPR).
For the processing of your order and payment, your data provided during the ordering process (name, address, account number, bank routing number, credit card number, if applicable, invoice amount, currency and transaction number) will be processed.
We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. Our payment service provider is Chargebee Inc.
The legal basis for this processing activity is Art. 6 (1) p. 1 lit. b) GDPR, the fulfilment of a contract.
a) Cookies and similar technologies for the provision of our App:
We use the following cookies and similar technologies to provide you with our services:
The legal basis for using the above listed cookies and similar technologies for the provision of our App is the fulfilment of the usage contract of the App pursuant to Art. 6 (1) p. 1 lit. b GDPR.
b) App Analysis:
We utilise various cookies and cookie-based technologies to monitor and ensure the proper functioning of our service, as well as to gain a better understanding of App usage for the purpose of further development of its features and functionalities. We use the following tools:
In order to provide effective monitoring and diagnostics, Datadog processes certain categories of personal data. These categories include UserID, CompanyID, Request, IP and email address. Please note that the data processed by Datadog is limited to the specific purpose of performance monitoring and diagnostics, and is not used for any other unrelated activities.
The processing is carried out based on our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f) GDPR.
Amplitude processes specific data, including user actions, session durations, device details, and relevant contextual information. The sole purpose of processing this data is for analytics. We do not utilise the data processed by Amplitude for advertising purposes or any unrelated activities.
This tool is essential for the performance of our services. The legal basis is the fulfilment of the usage contract of the App pursuant to Art. 6 (1) p. 1 lit. b) GDPR.
We use the service Sentry, a registered trademark of Functional Software, Inc., to ensure the technical stability of our service. Its primary function is to monitor system stability and identify code errors, enabling us to swiftly address any technical issues and enhance the overall performance of our platform.
Sentry serves the vital purposes of system monitoring and error identification.
The data processed by Sentry includes information such as error logs, device details, application version, and relevant contextual data, such as UserID, CompanyID, Request, IP and email address. The data is not used for any other unrelated activities.
The legal basis for this processing is our legitimate interest, Art. 6 (1) p. 1 lit. f) GDPR.
For the purpose of providing you with the service of e-mail notifications, we use the third party Sendgrid. Within the e-mail notification services, Sendgrid processes the e-mail address of the recipients as well as the content of such e-mail notifications.
The legal basis for this processing is the fulfilment of the usage contract of the App pursuant to Art. 6 (1) p. 1 lit. b) GDPR.
In order to provide you with the best possible support when using our services, we offer several ways for you to contact our customer support team. You can get in touch by sending an email via firstname.lastname@example.org, or creating a support ticket directly using the widget in your Admin account.
All communications directed to us via email@example.com and the widget become Customer Support “tickets” in our ticketing platform, Freshdesk, a software provided by the third-party Freshworks. In this context, we process your name, email address, if any, as well as the content of your request and any information you voluntarily share with us.
In addition, we process the above-mentioned data to analyse our customer service and to improve our products and services.
The data is processed for the fulfilment of customer contracts (Art. 6 (1) p. 1 lit. b) GDPR). It is also processed based on our legitimate interests, Art. 6 (1) p. 1 lit. f) GDPR, when we are improving our products and services.
For customers using the option to test our App free of charge ("Test Phase" as described in the Terms & Conditions) we also offer an optional chat widget provided by the third-party HubSpot during the Test Phase. HubSpot's chat widget offers support and assistance for customers exploring and understanding our App. The tool is key to help address any questions or concerns and ensures a seamless and informative experience for customers evaluating our services. While using this tool, HubSpot processes the following categories of personal data: test-user's e-mail address and any content provided by the test-user in the chat window. When customers choose to use this tool, the legal basis for this processing activity is their consent, Art. 6 (1) para 1 lit. a) GDPR.
For the purpose of optimising our user experience, we use ChurnZero.
ChurnZero is an advanced customer engagement and retention platform that enables us to provide exceptional customer experience to our clients and maximise customer success.
Through ChurnZero, we deliver personalised experiences, targeted messaging, and proactive support, fostering strong relationships with our valued customers.
ChurnZero's integrated customer survey tool offers us insights into the opinions and satisfaction levels of our customers in relation to our services.
The data processed by ChurnZero includes customer contact information, account details, user activity, as well as in-app communications and email communication between Kenjo and the customer with regard to customer support tickets and meetings with customer success.
This tool is essential for the performance of our services. The processing of personal data with ChurnZero is based on the legal basis of the fulfilment of our contract pursuant to Article 6 (1) para 1. lit. b) GDPR.
The following service providers may receive personal data if you choose to use the integration of their services:
You can connect to your Slack account for messaging, files up- & download, and notifications. The data processed by Slack Technologies Inc., 500 Howard Street, San Francisco, California 94105, USA is processed according to your subscription with Slack and their privacy terms.
You can connect to your Google account for single sign-on services. The data processed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA is processed according to your subscription with Google and their privacy terms.
You can connect to your Microsoft account for single sign-on services. The data processed by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA is processed according to your subscription with Microsoft and their privacy terms.
You can connect to your Apple account for single sign-on services. The data processed by Apple Inc., One Apple Park Way, Cupertino, California 95014, USA is processed according to your subscription with Apple and their privacy terms.
You can connect to your JOIN account for multiposting services that enhance your recruiting experience. The data processed by JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland is processed according to your subscription to JOIN and their privacy terms.
You can connect to your DATEV account for importing/exporting employee data between both services. The data processed by DATEV eG, Paumgartnerstr. 6–14, 90429 Nuremberg, Germany is processed according to your subscription to DATEV and their privacy terms.