Privacy Statement

We, the operators of the websites help.k15t.com, migration.k15t.com and k15t-labs.scrollhelp.site (collectively referred to as “the websites”), are the controllers of the personal data of the users ("you") of these websites within the meaning of the applicable data protection law, specifically the General Data Protection Regulation ("GDPR").

Below, we provide information pursuant to Art. 13 et seq. GDPR about the personal data processed when you visit our websites and the corresponding legal bases. You will also find details about your rights in relation to us as the controller and the competent supervisory authorities.

Information about the controller

K15t GmbH
Ostendstr. 110
70188 Stuttgart

Phone: +49 711 935935 30
Fax: +49 711 935935 39
e-mail: hello@k15t.com

Data protection officer

Our data protection officer can be contacted via privacy@k15t.com.

Processing your personal data

Informational use of our websites

When you visit our websites, so-called log files are processed, with our system collecting them automatically.

The following log files are processed automatically:

• IP address of the requesting computer

• Date and time of visit

• Time zone difference to Greenwich Mean Time (GMT)

• HTTP method

• Access pages

• Access status/HTTP status code

• Amount of data transmitted in the response

• Referrer

• Type of Internet browser used

• Version of Internet browser used

• Operating system and version

• Operating system user interface

• User's Internet service provider

The log files contain your IP address and possibly other personal data. In principle, it is therefore possible to match them to you. However, we store your data only temporarily and specifically not together with other personal data.

We only use the data to secure our information technology systems, specifically for forensics in the event of break-ins. The log files are deleted after 90 days at the latest.

These purpose(s) also justify our legitimate interest to process the data according to Art. 6(1)(f) GDPR.

Contact forms

You may contact us electronically using our contact form, e.g., to provide feedback, ask questions, or submit a contact request. If you use this option, the data entered into that form will be transmitted to us.

In addition to the data you provide voluntarily, we store the date and time of transmission as well as your IP address. The processing of these additional data is based on our legitimate interest (Art. 6(1)(f) GDPR) to ensure system security and prevent misuse. These additional data are deleted after 3 months.

If your contact aims to conclude a contract with us, Art. 6(1)(b) GDPR serves as the legal basis for processing your personal data.

If you sign up for our newsletter, your data will be processed based on your consent (Art. 6(1)(a) GDPR) and stored until you withdraw that consent.

All data will be stored only until they are no longer required to achieve the purpose of the communication with you and your contact request has been fully resolved.

Contact by e-mail

You can contact us by e-mail (preferably: hello@k15t.com). We will store your personal data transmitted in the e-mail. The data will not be passed on to third parties and it will be processed only to handle your contact request. The legal basis for processing your personal data is Art. 6(1)(f) GDPR. The data will be stored until they are no longer required to achieve the purpose of the communication with you and the purpose of your contact has been fully clarified.

If your e-mail aims to conclude a contract with us, Art. 6(1)(b) GDPR serves as an additional legal basis for processing your personal data. These data will be stored for as long as they are necessary for the performance of the contract. Otherwise, we will store your data only to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6(1)(c) GDPR).

You may withdraw your consent to the processing of your personal data at any time by sending an e-mail to hello@k15t.com. In this case, we will no longer be able to continue processing your request.

Cookies and Local Storage

You can configure your browser to block all cookies or allow only certain cookies. You can also view and delete any cookies stored on your device via your browser settings. Please note that if you block all cookies, some features of our websites may not function properly.

We use cookies on our websites. Cookies are small text files that our web server sends to your browser while you are visiting our websites. Your browser stores them on your device for later retrieval. This allows our websites to recognize your browser when you revisit.

• Session cookies are deleted when you close your browser.

• Persistent cookies remain on your device until they reach their expiration date or until you delete them manually.

In addition to cookies, we use Local Storage to store data in your browser’s cache. These data are stored persistently, but you can remove them at any time by clearing your browser cache.

The processing of cookies and Local Storage data is based on our legitimate interest (Art. 6(1)(f) GDPR) in ensuring the functionality and security of our websites. For optional or tracking cookies, processing is based on your consent (Art. 6(1)(a) GDPR).

Own cookies

We use our own cookies to ensure the functionality of our websites. Some elements of our website require that your Internet browser is recognized after a page change.

The overview shows you for which purposes your data are collected and how long they will be stored for:

The legal basis for processing personal data in cookies, which we place on our websites to ensure their functionality and our offer, is Art. 6(1)(f) GDPR.

Option to object and remove

You can allow, block, or restrict cookies through your browser settings. Cookies that have already been stored can be deleted at any time via your browser. Please note that if you block or delete cookies, some features of our websites may not work properly.

Matomo

Matomo, a service by InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand (hereinafter: Matomo) is implemented on our websites.

Matomo is processing the following data:

• Custom Dimensions

• Custom Variables

• Anonymized User ID

• Location (by country) of the user

• Date and time

• Title of the page being viewed

• URL of the page being viewed

• URL of the page that was viewed prior to the current page

• Screen resolution

• Time in local timezone

• Files that were clicked and downloaded

• Link clicks to an outside domain

• Pages generation time

• Country, region, city

• Main Language of the browser

• User Agent of the browser

The processing of this data is based on our legitimate interests (Art. 6(1)(f) GDPR) and is used for statistical purposes to optimize our websites and offers.

The data is hosted by Matomo in Germany.

You can prevent cookies from being stored by adjusting your browser settings for https://help.k15t.com/.

Matomo's Privacy Statement is available at: https://matomo.org/matomo-cloud-privacy-policy/ .

Arcade Software

Arcade Software, a service provided by Arcade, Inc., located at 548 Market St PMB 59279, San Francisco, California 94104-5401, USA (hereinafter: Arcade), is implemented on our website to enhance user engagement and provide interactive content.

Arcade processes the following categories of data:

• User Interaction Data

• Analytics Data

• Device and Technical Data

• Identification Data

This data is collected and processed to help us analyze user engagement, improve product adoption, and optimize our marketing and sales strategies. The legal basis for this processing is your consent (Art. 6(1)(a) GDPR).

Once you activate Arcade, it may set additional cookies to support analytics and usability improvements. Arcade's Privacy Statement is available for your review at: https://www.arcade.software/privacy-policy.

Hosting by AWS (Amazon Web Services)

We host our website with AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter referred to as “AWS”).

When you visit our website, your personal data may be processed on AWS servers. This can include the transfer of personal data to the parent company of AWS in the United States. Such transfers are based on the EU’s standard contractual clauses. For details, please consult: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/ .

For more information, see the AWS Data Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr .

AWS is used on the basis of our legitimate interests (Art. 6(1)(f) GDPR), in particular to ensure reliable operation and availability of our website. If we have obtained your consent, processing will occur exclusively on the basis of Art. 6(1)(a) GDPR. You may revoke this consent at any time.

YouTube

We incorporate videos from YouTube of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: "YouTube") for an attractive design of our website in an engaging and informative way. The legal basis for processing your data is your consent (Art. 6(1)(a) GDPR).

Once you activate the video, YouTube may set cookies (e.g., for Google APIs, Google Fonts, or Google Play) and collect information for analytics and usability enhancement. According to YouTube, this data is processed in a pseudonymized manner. However, if you are logged into your Google or YouTube account, the data may be directly linked to your account.

You can manage or delete YouTube cookies via your browser settings or by using add-ons that block third-party cookies.

For more information on data protection and storage duration, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Search AI

You have the option to use our Search AI on our help center. Data entered into the input field is transmitted to the Search AI to provide automated answers to predefined topics. The Search AI cannot respond to questions beyond these predefined topics.

The Search AI’s training does not use input data from user interactions. It operates based on a pre-trained model and does not learn from ongoing conversations. The answers provided are for informational purposes only.

Use of the Search AI is voluntary. Processing is based on our legitimate interest in improving customer service and support (Art. 6(1)(f) GDPR). You can always clarify questions or topics by contacting a K15t GmbH employee through conventional means (e.g., post, e-mail, or telephone).

It is not necessary to provide personal data to use the Search AI. Personal data is only transmitted if you voluntarily enter and submit such information in your query.

Other third party content included in our websites

Jira Service Management

On the support website (https://help.k15t.com/), we use the service provider Atlassian. Pty Ltd Level 6, 341 George Street, Sydney NSW 2000, Australia and their tool Jira Service Management (hereinafter: "Jira Service Management"), which you can use to submit support requests directly to us.

To do so, we request the following information via the support form:

• e-mail address

• topic and description

Any further information is voluntary. We process the data you provide in order to handle and respond to your support request.

The data will be stored until you ask us to erase, e.g. your support request or your complete profile, or if we no longer use Jira Service Management as a service provider, unless statutory obligations require a longer storage period. Jira Service Management will completely erase the data 40 days after the erasure request.

Use of Jira Service Management as well as of the information obtained through Jira Service Management is subject to Jira Service Management's terms of use:https://www.atlassian.com/legal/cloud-terms-of-service .

Jira Service Management also provides additional privacy information at: https://www.atlassian.com/legal/privacy-policy

The legal basis for processing your data to clarify and respond to your request is our legitimate interest in providing customer support (Art. 6(1)(f) GDPR).

Jira Service Management automatically stores information as Local Storage. To remove the information stored as Local Storage, please delete your browser cache. Jira Service Management sets the following cookies and Local-Storage entries when using the support portal:

Our activities in social networks

We maintain our own pages on various social media platforms to communicate with you and inform you about our services. When you visit one of our social media pages, we act as joint controllers with the respective platform for the processing operations triggered by your visit, in accordance with Art. 26 GDPR.

We are not the original providers of these platforms; we use them within the scope offered by each provider.

Important note: Your data may also be processed outside the European Union or the European Economic Area. Processing outside the EU/EEA may involve data protection risks, as it could be more difficult to enforce your rights (e.g., access, deletion, objection). Social networks often process data directly for advertising purposes or user behavior analysis, and we cannot influence this. If user profiles are created by the provider, cookies may be used, or user behavior may be linked to your social network profile.

The processing of personal data in social networks is based on our legitimate interest and the legitimate interest of the respective provider to communicate with you or inform you about our services (Art. 6(1)(f) GDPR). If you provide consent to the provider for data processing, the legal basis is Art. 6(1)(a) in conjunction with Art. 7 GDPR.

As we do not have access to the providers’ databases, it is best to exercise your rights (e.g., access, correction, deletion) directly with the respective provider.

Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:

Facebook and Instagram

Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, acts as the (joint) controller for data processing in Europe (including Germany).

For more information on how your data is processed, please refer to the respective privacy policies:

• Facebook: https://www.facebook.com/about/privacy

• Instagram: https://instagram.com/legal/privacy/

LinkedIn

(Joint) controller for data processing in Europe: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy

X (Twitter)

(Joint) controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy
Information about your data: https://twitter.com/settings/your_twitter_data

YouTube

(Joint) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy

Your rights

When we process your data, you are a "data subject" within the meaning of the GDPR. You have the following rights: Right of access, right to rectification, right to restriction of processing, right to erasure, right to be informed and right to data portability. You furthermore have a right to object and a right to withdraw.

Below, you will find details on the individual rights:

Right of access

You have the right to ask us to confirm if we process your personal data.

If we process your personal data, you have the right to access the following information:

• the processing purposes;

• the categories of personal data being processed;

• the recipients or categories of recipients to whom your personal data have been or will be disclosed, more specifically recipients in third countries or international organisations;

• if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining this duration;

• the existence of a right to have your personal data rectified or erased or to restrict or object to such processing by us;

• the existence of a right to lodge a complaint with a regulatory authority;

• if the personal data were not collected directly from you, all available information about the origin of the data;

• the existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved as well as on the scope and intended effects of such processing for you.

If we transfer your data to an international organisation or to a third country, you furthermore have the right to request information on whether suitable guarantees pursuant to Art. 46 GDPR are in place in connection with such transfer.

Right to rectification

You have the right to rectification and/or completion of the data we have stored about you if such data are inaccurate or incomplete. We will rectify or complete the data without undue delay.

Right to restriction of processing

Under certain conditions, you have the right to request us to restrict processing your personal data. To do so, at least one of the following conditions must be fulfilled:

You contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;

The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or

You have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether our legitimate grounds override yours.

Right to erasure

You have the right to obtain from us the erasure of your personal data without undue delay if we are obliged to do so. This is the case where one of the following grounds applies:

• Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

• You withdraw consent on which the processing was based according to Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.

• You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

• Your personal data have been unlawfully processed.

• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

• Your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Where we have made your personal data public and are obliged pursuant to the above requirements to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers which are processing the personal data, that you have requested us to erase any links to, or copy or replication of, those personal data.

However, your right to erasure will not apply to the extent that processing is necessary for the following reasons (exceptions):

• For exercising the right of freedom of expression and information

• For compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

• For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) GDPR as well as Art. 9(3) GDPR;

• For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

• For the establishment, exercise or defence of legal claims.

Notification Obligation

If you have exercised your right of rectification, erasure or restriction against us, we are obliged to notify all recipients whom we have disclosed your personal data, of the rectification, erasure or restriction of the processing of your data, unless this proves impossible or involves a disproportionate effort.

Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You furthermore have the right to transmit those data to another controller, where:

1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and

2. the processing is carried out by automated means.

You have the right to have your personal data transmitted directly by us to another controller, where technically feasible and if it does not adversely affect the rights and freedoms of others.

This right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to object

You have the right to object, on grounds relating to your specific situation, at any time to processing of your personal data, which is based on Art. 6(1)(e) and (f) GDPR, including profiling based on those provisions.

In case of an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves the purposes of establishing, exercising or defending legal claims.

Where we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC (Directive on privacy and electronic communications), you may exercise your right to object by automated means using technical specifications.

Right to withdraw

Pursuant to Art. 7(3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a regulatory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes your rights under the GDPR.

For an overview of the respective data protection officers of the federal states as well as their contact details go to: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

Version and amendments to this Privacy Statement

Status: 2025-12-10