Menu

K2 DocuApp Data Protection Notices

You can download our K2 DocuApp to your smartphone as a mobile application. Alternatively, you can use it as a website on your electronic device. This Privacy Policy informs you how we collect and process your personal data when you use either of the two methods mentioned above in connection with our K2 DocuApp. It also explains how you can assert your claims and rights to which you are entitled under data protection legislation.

A. Who is the data controller and who can I contact (Data Protection Officer)?

The data controller is

K2 Systems GmbH (hereinafter referred to as “we”)

Industriestraße 18
71272 Renningen
Germany
Fax: +49 (0) 71 59 42 059 177

Directors: Katharina David, Willem Haag

You can contact the Data Protection Officer of our company at
K2 Systems GmbH
Data Protection Officer
Industriestraße 18, 71272 Renningen
Germany

data-protection@k2-systems.com

1. What personal data do we process, for what purpose and on what legal basis?

a) When you access the K2 DocuApp website and mobile application

  • The server log files (IP address, date and time of your enquiry), time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), operating system and its access status/HTTP status code, data volume transmitted, website where the request came from (“referrer URL”), browser, language and version of the browser software (“user agent”), IP address (anonymised by default). This data cannot be linked to specific persons, primarily due to the anonymisation of IP addresses. The server log files are part of the ‘access data’ we collect when you access the website or app. We process this data so that we can take suitable technical measures in the event of an attack or disruption to our website or IT infrastructure, thus ensuring that the website or app continues to be operable. None of this data is merged with other data sources, and this data is only accessed if there is reasonable suspicion of attacks on our infrastructure or if we require the data for troubleshooting purposes. In such a case, we reserve the right to temporarily disable anonymisation of the IP addresses. The legal basis is Art. 6, para. 1 (f) GDPR.
  • Identification of embedded cookies, including third-party requests (in particular Piwik PRO): The identifiers of the cookies provide us with information on user behaviour and search queries and allow us to adapt our offers to the user’s interests when they visit the website or app again. Additional information can be found below in section B. The legal basis is Art. 6, para. 1 (f) GDPR.

b) When you register via the central K2 User Service

To use the K2 DocuApp, you first need to sign up with and log into the central K2 User Service. The details we request during registration enable us to give you access to the functions of the K2 DocuApp and allow you to use the app.
The following link contains the general privacy policy of our central K2 User Service: https://k2-systems.com/en/digital-services/k2-user-service-data-protection-information/

c) When you use the K2 DocuApp

  • Location data (address of the construction site) and name of project, to document the construction site and to ensure the clear structuring of your projects. Location tracking is not performed. The legal basis is Art. 6, para. 1 (b) GDPR.
  • Any data you enter voluntarily (company name, name of contact, client’s phone number and e-mail address) to link a project to a client, to ensure seamless documentation and to facilitate contact with the relevant persons. The legal basis is Art. 6, para. 1 (b) GDPR.
  • Basic voluntary project details (number of people in the household, energy consumption, etc.) that you enter to provide your client with customised project proposals. The legal basis is Art. 6, para. 1 (b) GDPR.
  • Voluntary technical project data (building data, module data, etc.) which you enter to facilitate calculation of the technical design of the mounting systems, using K2 Base https://base.k2-systems.com/. The legal basis is Art. 6, para. 1 (b) GDPR.
  • Other voluntary data you generate (your own notes, site documents, photos, videos, other file formats, etc.) to generate complete project documentation for your client. The legal basis is Art. 6, para. 1 (b) GDPR.
  • Anonymised data we collect for troubleshooting purposes (time, device model and error message). We also store non-personal details about projects and analyse them in pseudonymous form. We do so for the purpose of product development and optimisation and also to optimise the software for the benefit of the user. We do not disclose stored data to third parties. The legal basis is Art. 6, para 1 (f) GDPR.

2. Cooperation with processors and third parties: to whom do we disclose your data?

Cooperation with processors and third parties

When we disclose or transmit data to processors or third parties or grant them access to your data by other means, we do so only if we have legal permission to do so (e.g. if the transmission of data to third parties is required to fulfil a contract under Art. 6, para. 1 (b) GDPR), if you have given your consent (Art. 6, para. 1 (a) GDPR), if this is required under a legal obligation (Art. 6, para. 1 (c) GDPR) or if we do so on the basis of our legitimate interests (e.g. when using agents, web hosting companies etc.) under Art. 6, para. 1 (f) GDPR. When we engage third parties to process data under an “order processing contract”, we do so on the basis of Art. 28 GDPR.
We use the following companies as processors, who are each bound by a processing contract under Art. 28 GDPR and are obligated to comply strictly with data protection legislation. In particular, such companies are prohibited from disclosing your personal data to third parties and from using such data for their own purposes outside this contract:

  • Billwerk GmbH, Mainzer Landstraße 51, 60329 Frankfurt am Main, Germany, Subscription Management & Recurring Billing
  • Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany, payment service provider
  • Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany
  • Userpilot, Inc., 2035 Sunset Lake Road, Newark, Delaware 19702, USA

Any hosting in connection with personal data collected and processed when the K2 DocuApp is used takes place on the servers of Hetzner Online GmbH, which are located in Germany.

3. Do we disclose personal data to third countries (i.e. countries outside the EU and EEA)?

Any hosting in connection with the personal data collected and processed while you visit this website and use K2 DocuApp design software takes place on servers owned by Hetzner Online GmbH, which are located in Germany, so that such data is not transmitted to third countries.

4. For how long do we store your data?

a) Server log files are erased automatically after a maximum of 30 days. See section B below for details about cookies, the length of time that cookies are stored and how you can erase them.
b) Any personal data and content you generate for the use of the K2 DocuApp, as well as any other personal data and content you generate will be stored by us until you delete your account. You can delete your account via our central K2 User Service.
The following link contains the general privacy policy of our central K2 User Service: https://k2-systems.com/en/digital-services/k2-user-service-data-protection-information/

5. Are you under an obligation to provide personal data?

You are under no legal obligation to share your personal data. However, unless you provide such data, you will not be able to register for the app or make full use of its functions.

6. Do we use your data for profiling purposes?

Acting in compliance with Art. 22 GDPR, we do not use automated decision-making routines such as profiling when you register as a user or when you use the app.

7. What rights do you have?

You have the right at any time to request confirmation as to whether we process your personal data, and you are also entitled to access your personal data (Art. 15 GDPR). In addition, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as the right to data portability (Art. 20 GDPR).
________________________________________
Information about your right to object under Article 21 GDPR
You have the right on grounds relating to your particular situation to file an objection to the processing of personal data pertaining to you; you have this right at any time, with future effect on the basis of Art. 6, para. 1 (e) GDPR (data processing in the public interest) and Art. 6, para. 1 (f) GDPR (data processing based on a balance of interests).
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for doing so – grounds which outweigh your interests, rights and freedoms – or unless processing serves the purpose of establishing, exercising or defending legal claims.
You can assert all rights by e-mail at data-protection@k2-systems.com or via the contact details listed under “Data controller”.
________________________________________
Furthermore, if you have any complaints under Art. 77 GDPR, you are entitled to contact the competent data protection supervisory authority. In our case, this authority is the State Officer for Data Protection and Freedom of Information (Landesbeauftragter für den Datenschutz und die Informationsfreiheit), Lautenschlager Str. 20, 70173 Stuttgart, Germany. You can usually also contact the competent data protection supervisory authority for your usual place of residence.

B. Use of cookies and analysis services: options of revocation and objection

1. Piwik PRO: consent banner and analysis service

We use the Consent Manager (“Cookie Banner”) and the Piwik PRO analysis service offered by Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany (www.piwikpro.de). This company will only act on our instructions and is contractually obligated, under Art. 28 GDPR only to use transmitted data on our behalf and as instructed, albeit not for its own purposes; neither may this company transmit data to third parties, and it must also comply with the data protection provisions of the GDPR.

a) Consent Manager (“Cookie Banner”)

We use the Piwik Pro Consent Manager (“Cookie Banner”) to enable users to obtain the legally required data protection consent under Art. 6 para. 1 (a) GDPR, to provide you with the legally required information for this purpose and to store your choices. Additional information is available at https://piwik.pro/privacy-security/.
Data is erased after 12 months. The legal basis for such processing is Art. 6 para. 1 (c) GDPR (legal obligation to obtain consent required under data protection law).

b) Piwik PRO analysis service

We use the Piwik PRO analysis service to analyse and regularly improve the use of the app, to use its statistics to solve navigation problems, to improve the clarity of the app, to make information more accessible and to generally improve our offer and make it more appealing to users.
For this purpose, we use cookies, tags, IP addresses and ‘fingerprinting’. A detailed list is available at https://piwik.pro/privacy-security/, and a list of embedded cookies can be found at https://help.piwik.pro/support/privacy/cookies-created-by-piwik-pro.

The following data is collected and processed:

  • IP address (anonymous)
  • Date and time of request
  • Title or URL of page visited
  • URL of page visited before then
  • Screen resolution
  • Time zone
  • Files that have been clicked and downloaded
  • Links that have been clicked, leading to external websites
  • Page build-up speed
  • User’s geo data (country, region, town or city, approximate longitude and latitude)
  • Browser language
  • User agent of relevant browser
  • Randomly assigned unique visitor ID
  • Date and time of user’s first visit
  • Date and time of user’s previous visit
  • Number of user’s visits

Any details that are collected are stored in Europe. The IP address is anonymised immediately upon processing and prior to storage. The information is not used to identify our users in person and is not merged with other personal data of users. Data is erased after 12 months.
The legal basis for such processing is your consent under Art. 6 para. 1 (a) GDPR.

Consent may be revoked at any time here with effect for the future, via the Consent Manager.

Additional information

Your trust is important to us. We are therefore happy to talk to you at any time and to answer any questions you may have concerning the processing of your personal data. If you have any questions that are not answered by this Privacy Policy or if you wish to receive further details on any of its aspects, please feel free to contact our Data Protection Officer at any time, using the contact details provided above.

Version 1.2 (last updated: December 2022)