Your Data
is important to us


The protection of your data is important to us.


This privacy policy gives you an overview of the processing of your data at Kinnings Foundation.


Contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the General Data Protection Regulation (GDPR) is the


Kinnings Foundation non-profit GmbH
Charlottenstraße 24
14467 Potsdam


E-Mail: Send an email



The Kinnings Foundation gGmbH will be hereinafter referred to as “Kinnings”.



How you can read this privacy policy: We offer you various ways to read this privacy policy. Firstly, you will find some very basic information in this section. We have then organised this privacy policy according to topics relevant to you and divided it into individual chapters accordingly.


We have prefaced each chapter with a short overview text. This overview text briefly summarises the content of the chapter. If you just want to get a quick overview of all data processing, we recommend that you read the overview texts. If you would like to familiarise yourself with the details, you can read the full content of the chapter below the respective overview text.


We have avoided cross-references as much as possible. This means that you will receive a coherent explanation of all the information, regardless of which chapter you are currently reading. However, if you read this privacy policy from beginning to end, you may notice repetitions of text.


What you will learn in this privacy policy:


  • Which data is stored by Kinnings.
  • What we do with this data and what it is needed for.
  • What data protection rights and options you have.


If you have any questions about this privacy policy or about data protection at Kinnings, you can contact our data protection team by e-mail. Please also send an email to our data protection team if you wish to exercise your right to information or data erasure or any other data protection right under Articles 15-22 GDPR, including withdrawal of consent for marketing purposes, unsubscribing from the newsletter, etc. Further information can be found in the sections What data protection rights do I have? and Contact persons.


1. What data does Kinnings process?

Kinnings offers you a wide range of services that you can use in different ways. Depending on whether you contact us online, by telephone, in person or in any other way and which services you use, different data from different sources will be collected. You provide us with much of the data we process yourself when you use our services or contact us, for example when you register and provide your name, email address or postal address. However, we also receive technical device and access data that is automatically collected by us when you interact with our services. This may include, for example, information about which device you are using.


When we talk about “your data”, we mean personal data. This is any information with which we could identify you immediately or by combining it with other information. Examples: Your name, your telephone number or your e-mail address. Any information that does not allow us to identify you (including by combining it with other information) is considered non-personal data. Information that does not allow us to identify you (even when combined with other information) is considered non-personal data. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all data in this data set is considered personal data. If we delete the personal data from an information or data set about you, the remaining data in this data set is no longer considered personal data. This process is known as anonymisation. In principle, if you

are asked by us to provide certain personal information, you can of course refuse to do. You decide what information you give us. However, we may then not be able to provide you with the desired services (or not in the best possible way). If only certain information is required in connection with a

service (mandatory information), we will inform you of this by labelling it accordingly.


1.1. Contact details

When you contact us, we collect your contact details. Your contact details may include your name, postal addresses, telephone numbers, fax numbers, email addresses and similar contact details,depending on how you contact us (e.g. by telephone or email).


When you use the contact form on our website, we collect the following data: Your surname and first name, the data you provide within the message and your e-mail address. This data is automatically deleted after your enquiry has been fully processed, unless we still need your enquiry to fulfil contractual obligations or legal obligations.


1.2. Messages, Contents of the conversation

If you communicate with us by telephone, post, contact form or in any other way, we record the content of your Messages.


1.3. Device and access data

When using online services, it is inevitable that technical data will be generated and processed in order to provide the functions and content offered and to be able to display them on your device. We refer to this data collectively as “device and access data”. Device and access data is generated every time you use a online service. It does not matter who the provider is. Device and access data is therefore collected, for example, when you use this website.


In particular, Kinnings collects device and access data from online services offered by Kinnings itself (e.g. this website). Further information can also be found under “About websites”. Device and acess data includes the following categories:


  • General device information, such as information on the device type, operating system version, configuration settings (e.g language settings, system authorisations), information on the Internet connection (e.g. name of the mobile network, connection speed).
  • Identification data (IDs), such as session IDs, unique Device identification numbers (e.g.

    Google Advertising ID, Apple Ad ID) and other common Internet technologies to recognise your web browser and device.

  • Access data collected by web browsers every time web servers

    and databases are accessed online automatically (within the framework

    of so-called HTTP requests). This is standardised information about the requested content (such as the name and file type of a file accessed) and other information about server access (such as the amount of data transmitted and error codes), about your device (e.g. device type, operating system, software versions, device identifiers, IP address, the previously visited page and the time

    of access).


2. What does Kinnings use my data for?

Kinnings processes your data in compliance with all applicable data protection laws. In doing so, we naturally observe the principles of data protection law for the processing of personal data. We therefore only process your data for the purposes explained to you in this privacy policy or communicated to you when the data was collected.


In this section, we also inform you of the legal basis (legal basis) on which we process data for the individual purposes. Depending on the legal basis on which we process your data, you may be entitled to special data protection rights in addition to your existing data protection rights, such as

the right to information. For example, in some cases you have the right to object to the processing of your data. Further Information can be found under “What data protection rights do I have?”



2.1. Provision of online services

We process your data to the extent necessary for the fulfilment of the contract and for the provision and implementation of other services requested by you, as described in this privacy policy. The purposes of the data processing required in each case are therefore based on the purpose of the contract agreed with you in each case (including our General Terms and Conditions and, if applicable, our Data Protection Policy). Service-specific terms and conditions or terms of use) or services requested by you. The most important purposes are:


  • The provision of news, messages, newsletters and other direct communication, insofar as this is an integral part of our contractual services or the services you have requested. Ensuring the general security, operability and stability of our services, including defence against attacks.

  • Non-commercial communication with you on technical, security and contract-related matters (e.g. fraud warnings or account blocking).


Legal basis:

Insofar as the purpose is the performance of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6(1)(b) GDPR. Otherwise, the legal basis is Article 6(1)(f)

GDPR, whereby our legitimate interests lie in the aforementioned purposes.


2.2. Contact via contact form

You have the possibility to get in contact with You can use the contact form for this purpose. In this context, we process data exclusively for the purpose of communicating with you.

Legal basis:

The legal basis is Article 6(1) sentence 1 point (b) GDPR, insofar as your information is required to answer your enquiry or to initiate or execute a contract, and otherwise Article 6(1) sentence 1 point (f) GDPR due to our legitimate interest in you contacting us and us being able to answer your enquiry.


2.3. Business management and business optimisation

If necessary, we transmit and process your data for administrative and logistical processes and to optimise business processes within the Kinnings Group in order to make them more efficient and legally compliant and to comply with our contractual and legal obligations (e.g. retention obligations under commercial and tax law). Many systems and technologies are shared within the Kinnings Group. This enables us to offer a cheaper, more secure, more standardised and more personalised

service. For this reason, the Kinnings Group has granted various companies access to your data insofar as this is necessary for the fulfilment of the purposes stated in this data protection declaration.


Data processing for business management and business optimisation also includes the following purposes, for example:


  • The implementation and improvement of customer service.
  • The prevention and investigation of criminal offences.
  • Ensuring the safety and operability of our products and IT-Systems.


Legal basis:

The legal basis for processing your data for business management and business optimisation is Article 6(1)(f) GDPR, whereby our legitimate interests lie in the above-mentioned purposes. Insofar as we process your data due to legal requirements, e.g. retention obligations under tax law and money laundering checks, the legal basis is Article 6(1)(c) GDPR.



2.4. On the basis of your consent

If you have given us your consent to the processing of personal data, your consent is the primary basis for our data processing. Which of your data we process on the basis of your consent depends on the purpose of your consent.Typical purposes are, for example:


  • Ordering the newsletter.
  • Participation in surveys.
  • The processing of particularly sensitive data, e.g. your political opinions, religious or ideological beliefs or your state of health.
  • The transfer of your data to third parties or to a contry outside the European Union.


Cancellation notices

You can revoke your previously given consent at any time with effect for the future, e.g. by post, letter or fax. If the respective service supports this function, you can adjust and revoke your consent to receive newsletters and other notifications in the Preference Centre. You will find the link to the Preference Centre in every newsletter. There is also a corresponding unsubscribe link in every newsletter.


You can find further information under “What

data protection rights do I have?”



2.5. Other purposes

If permitted by data protection law, we may also use your data for new purposes without your consent, for example to carry out data analyses and to further develop our services and content. The prerequisite for this is that the new purposes for which the data is to be used were not yet known or foreseeable when the data in question was collected and that the new purposes are compatible with the purposes for which the data in question was originally collected. For example, new developments in the legal or technical field and new business models and services can lead to new processing purposes


3. Information on websites

We use your data for the provision of the Kinnings websites. In addition to the device and access data that is generated each time you use these services, the type of data processed and the purposes of processing depend in particular on how you use the functions and services provided via our services.


3.1. Provider

The responsible provider of the service can be found in the imprint of the respective website.


3.2. What data is recorded?

In principle, we collect all data that you communicate to us directly via our services.


Device and access data

Every time our servers and databases are accessed, device and access data is collected and recorded in server log files. The IP address contained therein is anonymised shortly after the end of the respective access as soon as storage is no longer required to maintain the functionality of the respective website. If available and activated on your device, we also collect a device-specific identification number (e.g. a so-called “advertising ID” if you use an Android device or “Ad-ID” if you use an Apple device).


This device identifier is assigned by the manufacturer of your device’s operating system and can be used by websites and Apps and used to present you with content based on your usage habits. If you do not want this, you can deactivate it at any time in the browser settings or system settings of your device.


The processing of this data is absolutely necessary to enable you to visit the website, to ensure the long-term functionality and security of our systems and for the general administrative maintenance of our website. The access data is also temporarily stored in internal log files for the purposes described above in order to find the cause and take action in the event of repeated or criminal access that jeopardises the stability and security ofour website.


Legal basis:

The legal basis is Article 6(1) sentence 1 point (b) GDPR if the page visit is made in the course of the initiation or performance of a contract, and otherwise Article 6(1) sentence 1 point (f) GDPR due to our legitimate interest in the long-term functionality and security of our systems.


4. To whom will my data be passed on?

Kinnings only passes on your data if this is permitted under German or European data protection law. We work particularly closely with some service providers, for example in the area of customer service (e.g. hotline service providers) or with technical service providers (e.g. operation of data centres). These service providers may only process your data under special conditions in our process data on our behalf. If we use them as processors, the service providers will only have access to your data to the extent and for the period required to provide the respective service.


4.1. Technical service providers

We work together with technical service providers in order to provide you with our services. These service providers include, for example, Squarespace, Inc. If they process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than in the European Union.

If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of

data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations. In these cases, Kinnings ensures that the service providers concerned guarantee an equivalent level of data protection by contract or other means.


Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures. If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the

respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that a enforceability of your data subject rights cannot be guaranteed. You will also be informed of this when your consent isobtained



4.2. Authorities and other third parties

If we are obliged to do so by an official or court decision or for legal or criminal prosecution, we will pass on your data to law enforcement authorities or other third parties if necessary.


5. What data protection rights do I have?

You have the following statutory data protection rights under the respective legal requirements: right of access (Article 15 GDPR), right to erasure (Article 17 GDPR), right to rectification (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7(3) GDPR) and the right to object to certain data processing measures (Article 21 GDPR). You can find the contact details for your requests at

“Contact person”.


Important notes:


  • In order to ensure that your data is not disclosed to third parties in the event of a request for information, please enclose a copy of your request by Please enclose sufficient proof of identity by e-mail or post.
  • The responsibilities of the data protection authorities depend on the registered office of the data controllerbody. However, you can also contact any data protection authority in any Member State of the European Union, in particular in your place of residence, which will then forward your complaint to the competent authority. The lead authority responsible for Kinnings is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.
  • If you have given your consent to the processing of your data, you can revoke this at any time. A revocation has no effect on the permissibility of the processing of your data carried out before your revocation.
  • You can object to the processing of your data for advertising purposes, including direct advertising (also in the form of data analyses) at any time without giving reasons.
  • If we base the processing of your data on a balancing of interests in accordance with Article 6(1)(f) GDPR, you can object to the processing. When exercising an objection, we ask you to explain the reasons why we should not process your data. In the event of your justified objection, we will examine the situation and either discontinue or adapt the processing or inform you of our compelling legitimate grounds on the basis of which we may continue the processing.




6. When will my data be deleted?

We will store your personal data for as long as is necessary for the purposes stated in this privacy policy, in particular for the fulfilment of the following purposes our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us to continue storing it for certain purposes, including for the defence of legal claims. If complete erasure of your data is not possible or not required for legal reasons, the data concerned will be blocked for

further processing.


What does blocking mean?

When data is blocked, access rights are restricted and other technical and organisational measures are taken to ensure that only a small number of employees can access the data in question. These employees may then only use the blocked data for the previously defined purposes (e.g. for submission to the tax office during a tax audit). Deletion may be waived in the cases permitted by law if the data is anonymous or pseudonymised and deletion would render impossible or seriously impair

processing for scientific research or statistical purposes.


7. How does Kinnings protect my Data?

Your personal data is transmitted securely through encryption. We use the SSL (Secure Socket Layer) coding system for this. Furthermore, we secure our websites and other systems through technical and organisational measures. Measures against loss, destruction, access,

modification or dissemination of your data byunauthorised persons.


8. Changes to this privacy policy

As we continue to develop our websites and apps and implement new technologies to improve our service to you, we may make changes to this Privacy Policy. Data protection information may become necessary. We therefore recommend that you re-read this privacy policy from time to time.


9. Contact person

You can contact our data protection team Send an email at any time by e-mail for general questions about data protection and the enforcement of your rights.

For direct contact with our data protection officer, please send your request by post to the address below with the reference “Data Protection”:


Kinnings Foundation non-profit organisation

-Data protection

c/o Cormoran GmbH

Am Zirkus 2

10117 Berlin


E-Mail: Send an email