Privacy Policy

Below you can get a detailed overview of the data we collect from you and what we do with them. We also inform you about your privacy rights and point out whom you can contact with questions about the processing of your data.

Who we are

Data controller responsible for processing your data:
Kito Europe GmbH
Heerdter Lohweg 93
40549 Düsseldorf
Tel. +49 211 528 009 - 0
Executive director: Martin Rothe
If you have any questions about this privacy policy, processing of your personal data, data subject rights or other concerns in the field of data protection, our data protection officer will be happy to help you.

Contact details of the data protection officer:
Xamit Bewertungsgesellschaft mbH
Monschauer Str. 12
40549 Düsseldorf

Scope of application

This privacy policy applies to the facebook page and addresses its visitors. It does not apply to other domains of Facebook Inc. (‘Facebook’ hereinafter), in particular, or one of Facebook’s affiliated companies and their processing activities. For more information about Facebook’s processing activities, please refer to Facebook’s data privacy policy or terms and conditions. On our page there are external links which lead to websites of other operators for which this privacy policy does not apply. The responsibility for text advertisements, commercials or banners before or during embedded videos lies with the respective operator. The privacy statement for our website can be found at

Do I have to enter my data?

We offer you the opportunity to make a personal inquiry. It is up to you to decide whether to take advantage of this opportunity and provide your data. In order to answer your request, we process the personal data that we receive, for example, by e-mail, Facebook (chat) messages or page comments. Anything you post on our Facebook wall is publicly visible. Your personal data will be passed on to third parties if necessary. Please note that if you provide information about other persons, you must have previously obtained their consent and informed them of the purpose of the disclosure as set out in this Privacy Policy.

Which data do we process?

Processed data and processing purposes:

Below we provide the purposes for which your data are processed in the context of the business relationship, or if you have a concern.

  • Inquiries and comments: We process your data which we receive when you write a comment or send a message to us (also by e-mail) or if you like our page. This includes the data you provide to us as well as the information that Facebook provides as part of your public profile.
Data Inquiries and comments
salutation x
first and last name or user name x
e-mail address x
subject x
message x
profile picture x
public profile x
like or other reaction (emoji button) x

In addition, we process the above-mentioned data for the following purposes based on a weighing of interests (Art. 6 (1) (f) GDPR). The interests are named below:
(1) Should a security incident occur in our company that affects your data, we are obliged to report the case to our data protection supervisory authority (Art. 33 GDPR). Since our legitimate interest is to comply with this statutory reporting obligation as quickly as possible, it may happen that we process your data in the context of the investigation of the corresponding security incident. Reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
(2) As it is our interest to ensure the security of our systems, we regularly conduct security and efficiency tests that allow us to process your above-mentioned data.
(3) In the event of litigation it is our interest to keep evidence until all relevant statutory limitation periods pursuant according to sections 195 and fallowing of the German Civil Code have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods.
(4) In addition, it is our interest to investigate suspected cases and to hand over relevant information to law enforcement authorities in case of a specific criminal suspicion.

2. Information about automated individual decisions
There are no automated individual decisions.

3. Legal basis for processing your data
We process your data as stated under "Inquiries and comments" within the scope of the contract-like relationship with you in order for you to avail yourself of these services (Art. 6 par. 1 lit. b) GDPR).

4. Deletion periods (or storage duration)

  • 6 months after solving an inquiry
  • You can delete your own public comments and ‘likes’ at any time.
  • For the preservation of evidence, we retain data within the framework of the statutory limitation provisions in according to §§ 195ff. BGB on. The storage duration of your data may exceed the duration stated above. Limitation periods can last up to 30 years. The regular limitation period is 3 years.

5. Origin of the data
We do not collect data from third parties.

6. Data recipients outside the EU
By visiting our page, Facebook receives your personal data. The EU Commission will determine which non-EU countries have an adequate level of data protection. The EU Commission certifies companies in the US who participate in the EU-US Privacy Shield as a data recipient with a reasonable data protection level. This agreement between the US and the EU ensures that US companies who participate in the EU-US Privacy Shield comply with the European level of data protection. According to its own information, Facebook has joined the EU-US Privacy Shield.

Which organisations receive your data?

The following table shows which organisations (“data recipients”) receive your data in which cases. You will find the specific data in the corresponding sections of this privacy policy. We use selected vicarious agents and service providers who work for us as commissioned data processors (in accordance with Art. 28 GDPR) and may obtain access to your data in the required scope. Commissioned data processors are subject to numerous contractual obligations and may process your personal data only on our instructions and solely for performing our orders.

Data recipient Short explanation
Service providers for data destruction We use service providers for the destruction and disposal of data carriers as part of commissioned data processing.
IT service providers As part of the operation of our IT infrastructure, the relevant service providers (processors) can gain access to your data. We require our service providers to always limit the processing of your data to what is nec-essary to carry out the purpose.
Lawyers, law enforcement authorities It is in our interest to investigate suspected cases and to hand over all necessary data to law enforcement authorities in case of a specific criminal suspicion against.

Your rights

You have the legal right to:

  • Acces the personal data stored about you (Art. 15 GDPR)
  • Rectification and completion of the data we have about you (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to the processing of your data in order to safeguard our legitimate interests or the legitimate interests of third parties (Art. 21 GDPR) – You have the right, for reasons arising from your particular situation, to object to such processing at any time; this also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR.

To exercise these rights you can contact us e.g. via the above-mentioned contact details.

You also have the legal right to complain to a data protection supervisory authority (Art. 77 GDPR).