KK-BOOST Logo
KK-BOOST
Individual Chiptuning
Privacy

Privacy Policy

Information on the processing of personal data in accordance with the GDPR.

We take the protection of your personal data very seriously. Personal data means any data by which you can be personally identified. We process personal data only insofar as this is necessary for providing our website, fulfilling contracts, communication or due to legal obligations.

1. Controller

KK-BOOST

Kirill Kuptsov

Germaniaplatz 1

45355 Essen

Germany

Email: info@kk-boost.de

Phone: 015566180004

Due to the size of the company/type of processing, we may not be required to appoint a data protection officer. If a data protection officer is appointed, the contact details will be added here.

2. General Information

Legal bases for processing may in particular include: Art. 6 para. 1 lit. b GDPR (contract/pre-contractual measures), Art. 6 para. 1 lit. c GDPR (legal obligation), Art. 6 para. 1 lit. f GDPR (legitimate interest), Art. 6 para. 1 lit. a GDPR (consent).

3. Hosting, Server Log Files and Provision of the Website

When this website is accessed, information is automatically collected by the server and stored in so-called server log files. This may include: IP address (possibly shortened), date/time, accessed page/file, amount of data transferred, referrer URL, browser type/version, operating system, language settings.

The purpose of processing is the technical provision, stability, security (e.g. defense against attacks) and error analysis. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in secure operation).

The log files are stored only as long as necessary for the stated purposes and are then deleted or anonymized, unless a legal obligation or a security incident requires longer storage.

4. Cookies, Sessions and Security Functions

Our website uses technically necessary cookies and session technologies so that login, authentication, security functions (e.g. CSRF protection) and language settings work properly. Without these cookies, the use of protected areas (customer account/admin) is not possible.

The legal basis is Art. 6 para. 1 lit. f GDPR (technically necessary operation) and Art. 6 para. 1 lit. b GDPR insofar as use is necessary for contract performance/pre-contractual measures.

5. Registration and User Account

If you create a user account, we process the data you provide (e.g. name, email address, address, phone number, optionally company/VAT ID) in order to create the account and enable you to use our services.

The legal basis is Art. 6 para. 1 lit. b GDPR (contract/pre-contractual measures). Mandatory information is marked as such. Without this information, no account can be created.

We may use security measures (e.g. login rate limiting/brute-force protection, blocking suspicious accounts) to prevent misuse. The legal basis is Art. 6 para. 1 lit. f GDPR (security interest).

6. Purchases, Credits, Payment Processing (Stripe / PayPal)

If you purchase credits, we process purchase-related data (e.g. selected package, amount, status, timestamp, invoice data, tax/country information) in order to process the purchase, credit your account and provide an invoice.

The legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract) and Art. 6 para. 1 lit. c GDPR (legal obligations, especially tax and commercial retention obligations).

6.1 Payment Service Providers

Depending on your selection, we use payment service providers (e.g. Stripe and/or PayPal) for payment processing. The data required for payment is transmitted to the respective payment service provider. This may include, among other things: name, email, billing/address data, payment amount, transaction data and possibly country/tax information.

Processing by the payment service provider is carried out under its own responsibility in accordance with its privacy policy. As a rule, we do not receive complete payment data (e.g. credit card numbers), but only transaction/status information.

6.2 Invoices, Tax Data (Snapshot)

For accounting and verification purposes, we store invoice and tax snapshots (e.g. country/ISO code, tax rate, net/VAT/gross, reverse charge/OSS information) so that invoices can still be reproduced unchanged later.

The legal basis is Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR (retention obligations).

7. Invoice Download and Documents

You can access invoices as PDF documents in your customer account. Your master data (e.g. name, address, possibly company/VAT ID) and purchase-related data are processed in order to generate and provide the document.

The legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract) and Art. 6 para. 1 lit. c GDPR (legal obligations).

8. Contact Form / Support Communication

If you contact us (e.g. via a contact form or by email), we process your information and the content of your message in order to handle and answer your inquiry. Communication history/status may also be stored.

The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures/contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication), depending on the context.

9. Admin Security Measures (e.g. Two-Factor Authentication)

Additional security measures may be used for administration areas (e.g. two-factor authentication). Security-relevant information (e.g. activation status, encrypted secrets or recovery codes where applicable) is processed in order to prevent unauthorized access.

The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in IT security).

10. Storage Period

We generally store personal data only as long as necessary for the respective purposes. In addition, we store data where statutory retention obligations exist (e.g. tax and commercial law obligations).

Account and profile data are generally stored until the account is deleted, unless statutory obligations prevent deletion. Invoice and accounting data may be stored longer due to statutory retention obligations.

11. Your Rights (Data Subject Rights)

Under the GDPR, you have in particular the following rights:

To exercise your rights, an informal message to info@kk-boost.de is sufficient.

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7 para. 3 GDPR), where processing is based on consent

12. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).

13. Data Security

We use technical and organizational security measures to protect your data against manipulation, loss, destruction or unauthorized access. These include, among other things, authentication/authorization, protection against brute-force attacks, CSRF protection, encrypted storage of security-relevant data (where appropriate) and secure transmission (SSL/TLS), provided this is correctly configured on the server.

14. Changes to this Privacy Policy

We may amend this privacy policy if the legal situation, services or processes change. The current version published on this website shall apply.

Note: This privacy policy does not constitute legal advice and does not replace individual advice from a lawyer. For maximum legal certainty, especially regarding payment service providers, digital content and consumer rights, a legal review is recommended.