Information about data processing

Transparency and Information Obligations for Customers, Contractual Partners and
Prospective Customers of KyooBe Tech GmbH

according to EU General Data Protection Regulation

With this document, we inform you about the processing of your personal data by KyooBe Tech GmbH and your rights according to the data privacy laws.

Responsible Body / Data Protection

Max-Lang-Straße 56/1
70771 Leinfelden-Echterdingen
Baden-Wuerttemberg, Germany


Data Protection Contact:

Categories / Origin of Data

We are processing the following personal data for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract:

  • Contact data (e.g. first and last names of the current and, if applicable, previous contact persons as well as name affixes, company name and customer’s address (employer), mobile/landline telephone number with extension, e-mail address, fax number)
  • Occupational data (e.g. function in company, department)
  • Bank details, if required (also first name and last name of the account holder in connection with a SEPA direct debiting scheme)
  • Information relating to solvency, if required

Basically, we receive your personal data in order to take steps prior to entering into a contract or for the performance of the contract. In exceptional cases and under certain circumstances, your personal data will be collected by other bodies/institutions, too. This may be the case in the event of special-purpose inquiries for relevant information with credit enquiry agencies, especially relating to solvency.

Purposes and legal bases of data processing

When processing your personal data, we always comply with the provisions of EU GDPR, the German Federal Data Protection Act (“BDSG”) and other applicable legal provisions.

Your personal data are only processed in order to take steps prior to entering into a contract  (e.g. preparation of offers for products or services) and for the purpose of fulfilling contractual obligations (e.g. for rendering our service or handling an order or payment), (Art. 6 para. 1 lit. b EU-GDPR) or when processing is necessary for compliance with a legal obligation (e.g. due to tax law rules) (Art. 6 para. 1 lit. c EU-GDPR). This was the reason why personal data had originally been collected.

A permission according to the data laws for processing of your personal data can of course also represent your consent to data processing (Art. 6 para. 1 lit. a EU-GDPR). Prior to your consent, we inform you about the purpose of data processing and about your right of revocation according to section 7 paragraph 3 of the EU GDPR.
KyooBe Tech GmbH is furthermore interested in maintaining the customer relation with you and providing you with information and offers relating to our products / services by e-mail. We collect your data to send you corresponding information and offers (Art. 6 para. 1 lit. f EU-GDPR).

Regarding the detection of criminal offences your personal data shall only be processed in accordance with the provisions of art. 10 EU-GDPR.

Data Retention Period

As soon as your data are no longer needed for the above purposes or you have revoked your consent, we will delete them. Following the termination of the contractual relationship, the data will only be kept if we are obligated or entitled to do so. Provisions binding us to keep your data can, for example, be found in the German Commercial Code („Handelsgesetzbuch“) and the German Fiscal Code („Abgabenordnung“).  A retention period of up to ten years can result from such laws. Furthermore, statutory periods of limitation have to be observed.

Recipients of the data / Categories of Recipients

In our company, we ensure that your data will be received only by those departments and persons who require them for as long as is necessary to fulfil our contractual and legal obligations. Should we be active for your company in several countries, order-related data may be exchanged between the responsible employees within our company.

In certain cases, service providers give support to our specialized departments in fulfilling their tasks. We have concluded the required contracts with regard to data protection with all service providers, among them, for instance, IT service providers, dispatch service providers and finance service providers.

Furthermore, we are required in certain statutory cases to transfer certain information to public institutions, such as financial, law enforcement and customs authorities.

Transfers of personal data to third countries/ Intention to transfer personal data to third countries

The transfer of data to third countries (outside the European Union resp. European Economic Area) does only take place to the extent required for the performance of the contract or by applicable law.

Compliance with the requested data protection level is ensured by appropriate measures, usually in the form of standard contractual clauses.

Rights of persons concerned

Your rights as  data subject have been standardized in articles 15 – 22 (EU-GDPR).

They include:

  • The right of access by the data subject (Art. 15 (EU-GDPR)
  • The right to rectification (Art. 16 (EU-GDPR)
  • The right to erasure (Art. 17 (EU-GDPR).
  • The right to restriction of processing (Art. 18 (EU-GDPR)
  • The right to object (Art. 21 (EU-GDPR)
  • The right to data portability (Art. 20 (EU-GDPR)

To assert these rights, please get in touch with your contact person in our company. As an alternative, you can at any time contact our data protection officer by e-mail ( The same applies in case you have questions relating to data processing in our company or wish to revoke a given consent. Furthermore, you are entitled to lodge a complaint against data processing with a supervisory authority for data protection.

If we process your data to safeguard justified interests, you can object to this data processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.
In such a case, we will no longer process your personal data, unless we can provide compelling legitimate reasons for the processing, which override your interests, rights and freedoms, or the data processing is used for the assertion, exercise or defence of legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object without stating reasons; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Obligation to provide the data

To enter into / perform a contractual relationship, you are obligated to provide certain personal data. This is required for conclusion, performance and termination of the contractual relationship and for compliance with the related contractual and legal obligations. Performance of the contract is not possible without your providing of these data.

Automated single-case decisions

We do not make decisions that are based solely on automated processing.

This privacy statement as of May 2019 is the currently valid version . Further development of our services offered to the market or revised legal and/or regulatory requirements might make it necessary to modify this statement. You can at any time access and print out the currently valid privacy statement.