Terms of use

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal provisions (DSGVO, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing within the scope of our website. In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations.

  1. Name and contact details of the data protection officer

This data protection information applies to the data processing by KEEN Solutions GmbH (hereinafter referred to as "KEEN") in the context of the registration and implementation by events organised by our customer. The KEEN data protection officer can be contacted at info@keen-ethic.com.

 

  1. Cookies

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage. We use cookies to make our website user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser on your next visit. If you do not wish this, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases. If you deactivate cookies, the functionality of our website may be limited.

 

  1. Purposes of data processing, legal bases and legitimate interests pursued by KEEN or a third party and categories of recipients

2.1. Accessing the registration website

When you access our registration website, the browser used on your end device automatically sends information to the server of our website and temporarily stores it in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:

  • the IP address of the requesting internet-capable device,
  • the date and time of access,
  • the name and URL of the file accessed,
  • the website/application from which the access was made (referer URL),
  • the browser you use and, if applicable, the operating system of your internet-enabled computer as well as the name of your access provider.

The legal basis for the processing of the IP address is Article 6 (1) lit. f DSGVO. Our legitimate interest follows from the purposes of data collection listed below.

The IP address of your terminal device and the other data listed above are used by us for the following purposes:

  • Ensuring a smooth connection setup,
  • Ensuring a comfortable use of our website/application,
  • Evaluating system security and stability.

The data is stored for a period of one year (after the end of the rental process) and then automatically deleted. Furthermore, we use so-called cookies for our website, as explained in more detail below under point 7.

 

2.2.1. Registration and creation of an account

When registering, in addition to the mandatory fields such as gender, first name, last name, date of birth, home address, mobile phone number, e-mail address,

other optional information is also recorded, such as

Height in M, weight in KG, shoe size, clothing size, Z-level (ski), rider level, preferred terrain, etc.

Current and past rental transactions are also stored with date, time, type and details of the rental company (order history).

The legal basis for this processing is the participation contract concluded with you, Art. 6 para. 1 lit. b) DSGVO and, in the case of information not marked as mandatory, our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. The collection of the mandatory data is necessary for the purpose of implementing the contract. The collection of data marked as voluntary is based on our legitimate interest in the smooth running of the event.

You can view, change and delete this data yourself. An automatic deletion of your account takes place when legal retention periods have expired.

 

2.2.2. Rental Process

If the customer considers this information to be relevant, further data may be requested during the rental process to verify the person.

The legal basis for this processing is the participation contract concluded with you, Art. 6 para. 1 lit. b) DSGVO and, in the case of information not marked as mandatory, our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. The collection of the mandatory data is necessary for the purpose of implementing the contract. The collection of data marked as voluntary is based on our legitimate interest in the smooth running of the event.

This data will be deleted as soon as it is no longer required for the original purpose and any statutory retention periods have expired.

 

  1. Data storage

We process personal data exclusively for the period of time required for the provision of our service. Relevant personal data are first name, last name, address, birthday, country, mobile phone, email to. Your data will be deleted after the purpose of processing has been fulfilled.

After registration, your personal data will remain stored in your user account and will be used to generate an encrypted QR code. In the course of a lending transaction, your personal data will be transmitted to the lender for the performance of our services and your lending history will be stored in your account for the duration of the legal time limit. The length of the temporary storage depends on the duration of the legal retention obligations.

You can bring about a final deletion of rental processes and personal data by closing your own account. An automatic deletion of the account will take place after 2 years from the last log-in.

 

  1. Purpose of processing

We process personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) / Telecommunications Act 2003 (TKG). The processing of personal data (Article 4 No. 2 DSGVO) is carried out for the provision and mediation of our service. The purposes of the data processing are primarily based on the specific service and order and include, among other things, the creation of a personalised QR code and the temporary deposit of rental transactions.

Purpose of processing
Nr. Processing and, if applicable, additional purpose Legal basis Responsible person
(1) When you register, we collect and store your contact details and functional data. Art. 6 (1) 1 b) DSGVO:
On the basis of the terms of use for the GIM'ME services that apply between you and us.		 KEEN solutions GmbH (us)
(2) When you register, we verify your phone number by automatically sending you an email. Art. 6 (1) 1 b) DSGVO:
On the basis of the terms of use for the GIM'ME services that apply between you and us.		 KEEN solutions GmbH (us)
(3) When you start a rental process with a distributor, they use GIM'ME to collect your location data and, if applicable, additional input data. The processing is based on the basis applicable to the distributor and is your consent. Distributor
We process the data on the basis of the order processing contract between the relevant distributor and us.
(4) At the same time, when you check in, your functional data is transmitted to the distributor to create the link between you and your location. Art. 6 (1) 1 b) DSGVO:
On the basis of the terms of use for the GIM'ME web app that apply between you and us.		 KEEN solutions GmbH (us)
(5) Only the distributor can carry out the check-out, by ending the rental process in the webapp. The processing is based on the basis applicable to the distributor and is your consent. Distributor
We process the data on the basis of the order processing contract between the relevant distributor and us.
(6) Temporary usage data is collected and stored during registration and use of the GIM'ME web app. The purpose is to ensure the security of the GIM'ME system and thus to guarantee the provision of services to you. Art. 6 (1) 1 b) DSGVO:
On the basis of the terms of use for the GIM'ME web app that apply between you and us.		 KEEN solutions GmbH (us)
(7) When you start a rental process at a lender:in, the lender:in collects data for its own purposes and may store it. In the process, your contact data, functional data, location data and, if applicable, additional input data are transmitted to the distributor. The processing is based on the basis applicable to the distributor and is your consent. Distributor
We process the data on the basis of the order processing contract between the relevant distributor and us.
  1. Deletion of your data

As described under point 2, your personal data is only available to us for a limited period of time and will be permanently deleted automatically after the period required to provide our service. You do not need to actively request the deletion. After deletion, neither we nor third parties have the possibility to view or reactivate your data.

 

  1. Data sovereignty and responsibility

All your personal data is encrypted in your personalised QR code, which remains accessible for 48 hours via the download link sent by e-mail and SMS.

 

  1. Based on your consent (Article 6 para. 1a DSGVO)

As far as you have given us consent to process personal data for the fulfilment of our service (e.g. creation of the QR code, linking of your given information to your personal QR code), the lawfulness of this processing is given on the basis of your consent. Consent given can be revoked informally at any time.

 

  1. Who receives my data?

A direct transfer of personal data does not take place through GIM'ME itself, but exclusively through your active use of the QR code at one of our partner companies. The personal data contained in the QR code will only be retrieved by a licensed GIM'ME partner  by scanning the QR code, decrypted and processed by them to fulfil the legal requirements of the test.

 

Within our company, those departments that need your data to fulfil our contractual and legal obligations receive short-term access to your data. Contractual processors used by us (Article 28 DSGVO) may also receive data for these purposes. These are companies in the categories of IT services and database support.

 

With regard to the transfer of data to recipients outside our company, please note that we only pass on information about you if this is required by law, you have consented or we are authorised to provide information. Under these conditions, recipients of personal data may be, for example: law enforcement agencies, health authorities, state or federal institutions.

 

Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

 

  1. Is data transferred to a third country or to an international organisation?

No data is transferred to third countries (countries outside the European Economic Area - EEA).

 

  1. Is there an obligation to provide data?

Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, performance and termination of the service or that we are legally obliged to collect. Without this data, we will have to refuse to perform the service offered.

 

  1. Your rights

In addition to the right to revoke the consent you have given us, you also have the following rights if the respective legal requirements are met:

  • Right to information about your personal data stored by us according to Art. 15 DSGVO;
  • The right to have inaccurate data corrected or to have correct data completed in accordance with Art. 16 DSGVO,
  • The right to have your data stored by us deleted in accordance with Art. 17 of the GDPR, insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed,
  • Right to restrict the processing of your data pursuant to Art. 18 DSGVO,
  • the right to data portability pursuant to Art. 20 DSGVO
  • Right to lodge a complaint with a supervisory authority.

 

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of consent given or objection to a certain use of data, please contact us directly via info@gimme.rent or info@keen-ethic.com.

 

 

  1. Change of our privacy policy

We reserve the right to amend this data protection declaration from time to time so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when expanding and introducing new services. The new data protection declaration will then apply to your renewed registration.

 

  1. Contact with us

If you contact us by e-mail, the data you provide will be stored by us for six months for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.