What this policy covers?

At Kriotek, your privacy is our priority. This policy explains how we collect, use, store, and safeguard your personal information when you engage with our products, platforms, and services. Whether you use our development solutions such as web, mobile, and cloud applications, or our service-based offerings like consulting and technical support, this policy ensures transparency about:

1 An overview of data protection

1.1 General information

At Kriotek, safeguarding your personal data is our top priority. This section provides a simple overview of how we handle your information when you use our platforms and services. Personal data refers to any information that can directly or indirectly identify you, such as your name, email, or device information.

1.2 Data recording on this online offering

Who is responsible for data processing?

The operator of this website and related services, Kriotek Technologies Pvt. Ltd., is responsible for processing your data (the “controller”). You can find our contact details in the “Contact Us” section of this policy.

How do we collect your data?

We collect data in two ways:

1. Data you provide directly: for example, when you create an account, contact us, or request a service.
2. Data collected automatically: for example, technical information (browser type, operating system, IP address, time of access) that is captured when you use our websites or apps.

Your rights as a user

You have the right to:

• Access information about the data we hold on you
• Request correction or deletion of your data
• Withdraw consent to data processing at any time
• Restrict or object to processing in certain cases
• File a complaint with the relevant data protection authority

Use of analytics and third-party tools

To improve our services, Kriotek may use analytics tools (such as Google Analytics) to track usage trends. These tools collect data in an aggregated, anonymized way and help us make our platforms better for you. For more details, see our Data Protection Declaration below.

2 Hosting

Our online platforms and services are hosted with trusted cloud providers to ensure reliability, scalability, and security for our users.

2.1 External Hosting

To provide seamless services, Kriotek uses external hosting partners. Any personal data shared with us, such as account information, contact details, or technical usage data, may be processed and stored on secure servers provided by these partners.

Hosting is carried out to deliver our contractual obligations to customers and ensure the fast, secure, and efficient provision of our development and service-based solutions.

Our hosting partners process your data only in accordance with our instructions and comply with applicable data protection regulations.

Data Processing Agreement

We maintain Data Processing Agreements (DPAs) with all our hosting partners to ensure your personal data is handled lawfully, securely, and only for the purposes outlined in this Privacy Policy.

3 General information and mandatory information

3.1 Data Protection at Kriotek

At Kriotek, we take the protection of your personal data very seriously. All data is treated as confidential and processed in accordance with applicable privacy regulations.

This Privacy Policy outlines the type of data we collect, why we collect it, and how it is used across our technology solutions and services.

Please note that while we use industry-standard security measures, data transmitted over the internet (e.g., emails or online forms) may be subject to security risks outside our control.

3.2 Information About the Data Controller

The data controller for this platform is:

Kriotek Technologies Pvt. Ltd.
Bengaluru, India

Email: support@kriotek.com

The controller determines the purposes and means of processing your personal data and ensures compliance with applicable privacy regulations.

3.3 Storage duration

Your personal data is stored only as long as necessary for the purpose it was collected. If you request deletion, or if legal obligations require us to retain data (e.g., tax or compliance laws), we will process accordingly.

3.4 Legal Basis for Data Processing

Data is processed based on your consent, contractual requirements, legal obligations, or our legitimate interests (such as improving services and ensuring security). You will be informed of the specific legal basis for each case where your data is processed.

3.5 Recipients of Personal Data

We may share your personal data with trusted third-party service providers (e.g., hosting, analytics, or payment partners) strictly for business purposes. Data is shared only under valid contracts and with appropriate safeguards.

3.6 Your Rights

You have the right to request access, correction, or deletion of your data, as well as to restrict or object to processing under certain circumstances. You may also withdraw consent at any time.

3.7 Right to Object (Art. 21 GDPR)

If your data is processed on the basis of legitimate interest, you have the right to object at any time on grounds relating to your personal situation. If you object, we will stop processing your data unless compelling legal grounds justify continued processing.

3.8 Right to File Complaints with Regulatory Authorities

In the event of a violation of data protection laws, you as the data subject have the right to file a complaint with the competent supervisory authority. The right to file a complaint exists regardless of any other administrative or judicial remedies.

3.9 Right to Data Portability

You have the right to demand that we hand over any data we automatically process on the basis of your consent or in fulfillment of a contract to yourself or a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done where technically feasible.

3.10 SSL and/or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us, our platform uses SSL and/or TLS encryption. You can recognize an encrypted connection when the browser’s address line switches from "http://" to "https://" and the lock icon appears in your browser line.

3.11 Encrypted Payments on this Platform

If you are obliged to share payment details (e.g., account number, credit card details) after entering into a fee-based contract, this data will be required to process payments. Payment transactions are exclusively carried out via encrypted SSL/TLS connections to ensure maximum security.

3.12 Information, Blocking, Erasure

Within the framework of applicable legal provisions, you have the right to demand information about your stored personal data, their origin, recipients, and the purpose of the processing. You also have the right to demand the rectification, blocking, or erasure of this data at any time.

3.13 Revocation of Your Consent to Data Processing

A wide range of data processing transactions are possible only with your express consent. You may also revoke consent you have already given at any time. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

3.14 Right to Demand Processing Restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To request this, you may contact us at any time. The right to demand restriction applies in cases where you contest the accuracy of data, the processing is unlawful, or we no longer need the data but you require it for the establishment, exercise, or defense of legal claims.

4 Recording of data on this online offering

4.1 Cookies

Our online offerings and pages use “cookies.” Cookies are small data files stored on your device, either temporarily (session cookies) or permanently (persistent cookies). Session cookies are deleted when you close your browser, while persistent cookies remain until you delete them manually or they are automatically removed.

Cookies may be first-party (set by us) or third-party (set by partners). Third-party cookies allow integration of services such as analytics, payment systems, or media content.

Cookies may be essential for basic functionality (e.g., login, shopping cart) or used for analytics, personalization, and advertising. Essential cookies are stored under Art. 6(1)(f) GDPR to ensure proper service delivery. Where consent is required, cookies are processed based on Art. 6(1)(a) GDPR.

4.2 Consent with Cookie Notice & Compliance

We use Cookie Notice & Compliance for GDPR to obtain and record your consent for the use of cookies and related technologies. This tool stores a consent cookie in your browser to recognize your preferences. The cookie remains valid for one month unless you delete it earlier.

The legal basis for using this consent management system is Art. 6(1)(c) GDPR, ensuring our compliance with legal obligations.

4.3 Typeform

Our online offering integrates forms provided by Typeform (TYPEFORM S.L., Barcelona, Spain). Information entered into these forms is stored securely on Typeform’s servers until it is deleted by you, revoked, or no longer required.

The legal basis for using Typeform is Art. 6(1)(f) GDPR, as we have a legitimate interest in efficient form handling. Where consent is obtained, the processing relies on Art. 6(1)(a) GDPR.

4.4 Server Log Files

Our hosting provider automatically collects and stores information in server log files, which your browser transmits to us automatically. These may include your IP address, browser type and version, operating system, referrer URL, host name of the accessing device, and the time of the server request.

These data are not combined with other data sources. They are required for the proper functioning of the service and stored under Art. 6(1)(f) GDPR.

4.5 Contact Form

If you use our contact form to reach out, the details you provide (e.g., name, email, message) are stored for processing your inquiry and possible follow-up questions.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to a contract, or on our legitimate interest (Art. 6(1)(f) GDPR) to handle inquiries. If consent is required, Art. 6(1)(a) GDPR applies.

4.6 Request by Email or Telephone

If you contact us by email or phone, your request and personal data (such as name, contact details, and the content of the inquiry) are stored and processed for the purpose of handling your query.

These data are processed on the basis of Art. 6(1)(b) GDPR (contractual or pre-contractual obligations) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

4.7 Registration on this Online Offering

You may register for certain services on our platform by creating an account. The data you enter during registration (such as name, email address, and password) are used solely for the purpose of granting you access and fulfilling the services requested.

The processing of registration data is based on Art. 6(1)(b) GDPR (fulfilling a contract) or your consent under Art. 6(1)(a) GDPR. Data will remain stored until you delete your account, unless legal obligations require otherwise.

5. Social Media

5.1 LinkedIn

This online offering uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

When you access a page containing LinkedIn elements, a direct connection to LinkedIn’s servers is established. LinkedIn receives information such as your IP address and the fact that you visited our online offering. If you are logged into your LinkedIn account and interact (e.g., “Recommend” button), LinkedIn can associate your visit with your user account.

The use of LinkedIn plugins is based on your consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). You may revoke consent at any time.

Data transfers to the United States are based on Standard Contractual Clauses (SCC) approved by the European Commission. For more information, please see LinkedIn’s Privacy Policy.

5.2 Facebook

Our online offering includes elements of the Facebook network. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit pages with Facebook plugins (e.g., “Like” button), a direct connection to Facebook’s servers is established. Information such as your IP address, browser data, and interaction is transmitted. If you are logged into your Facebook account, your activity may be linked to your profile.

The use of Facebook plugins is based on your consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). You can revoke consent at any time.

For details, please see Facebook’s Privacy Policy.

5.3 Instagram

Our online offering integrates features of Instagram, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If you are logged into Instagram while browsing our online offering, Instagram can directly link your interaction with our content to your Instagram account.

The use of Instagram plugins is based on your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time with future effect.

More details are available in Instagram’s Privacy Policy.

5.4 Twitter (X)

This online offering includes features of the social network Twitter (now X). The provider is X Corp., San Francisco, USA.

When you use Twitter features (such as the “Tweet” button), information about your activity on our platform may be linked to your Twitter account, if you are logged in.

The legal basis for using Twitter features is your consent under Art. 6(1)(a) GDPR. You may revoke consent at any time.

For further details, please review Twitter’s Privacy Policy.

5.5 YouTube

Our online offering incorporates videos and other content from YouTube, operated by Google Ireland Limited, Gordon House, Dublin, Ireland.

When you play a YouTube video, a connection to Google’s servers is established. This may transmit information such as your IP address and which video you watched. If you are logged into your Google account, your activity may be associated with your profile.

The use of YouTube is based on your consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). Consent can be revoked at any time.

For details, see Google’s Privacy Policy.

6 Analysis tools and advertising

6.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our online offering. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

TheGoogle Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The operator of this online offering has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his online offering. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of theTTDSG.This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

6.2 Google Analytics

This online offering uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”),Gordon House,Barrow Street, Dublin 4, Ireland.

Google Analytics enables the operator of this online offering to analyze the behavior patterns of online offering visitors. To that end, the operator of this online offering receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the online offering visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and usesmachine learning technologies in data analysis.\n Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The online offering use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this online offering, Google shall use this information to analyze your use of this online offering to generate reports on online offering activities and to render other services to the operator of this online offering that are related to the use of the online offering and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link

Google Signals

We use Google Signals. Whenever you visit our online offering, Google Analytics records, among other things, your location, the progression of your search and YouTube progression as well as demographic data (site visitor data).This data may be used for customized advertising with the assistance ofGoogleSignal. If you have a Google account, your site visitor information will be linked to your Google account by Google Signal and used to send you customized promotional messages. The data is also used to compile anonymized statistics of our users’ online patterns.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Google Analytics E-Commerce-Tracking

This online offering uses the “E-Commerce Tracking” function of Google Analytics. With the assistance of E- Commerce Tracking, the online offering operator is in a position to analyze the purchasing patterns of online offering visitors with the aim of improving the operator’s online marketing campaigns. In this context, information, such as the orders placed, the average order values, shipping costs and the time from viewing the product to making the purchasing decision are tracked. These data may be consolidated by Google under a transaction ID, which is allocated to the respective user or the user’s device.

7 Newsletter

7.1 Newsletter data

If you would like to receive the newsletter offered on the online offering, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.

7.2 Mailchimp with deactivated success measurement

This online offering uses the services of Mailchimp to send out its newsletters. The provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Among other things, Mailchimp is a service that can be deployed to organize the sending of newsletters. Whenever you enter data forthe purpose of subscribing to a newsletter(e.g. your e-mail address), the information is stored on Mailchimp servers in the United States. We have deactivated the success measurement of Mailchimp, so Mailchimp will not evaluate your behavior when opening our newsletter

If you do not want Mailchimp to receive your data, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message.

The data is processed based on your consent(Art. 6(1)(a) GDPR).You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interes twith in the meaning of Art. 6(1)(f)GDPR).The storage in the black list is indefinite. You may object to the storage if your interests outweigh ourlegitimate interest.

For more details, please consult the Data Privacy Policies of Mailchimp at: https://mailchimp.com/legal/terms/.

8 Plug-ins andTools

8.1 Sentry

We have integrated Sentry on this online offering. The provider is Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA.

Sentry is an open-source bug tracking service that allows us to monitor and fix bugs and crashes anywhere in a web-based software in real time.

Sentry is used on the basis of Art. 6 (1)(f) GDPR. The operator of this online offering has a legitimate interest in the error- free functioning of its own website.

If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of theTTDSG.This consent can be revoked at any time.

For more details, please refer to the providers privacy policy

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be foundhere.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our online offering visitors only based on our instructions and in compliance with the GDPR.

9 Ecommerce and payment service providers

9.1 Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content arrangement and modification of our contractual relationships. Data with personal references to the use of this online offering (usage data) will be collected, processed, and used only if this is necessary to enable the userto use our services or required for billing purposes. The legal basis for these processes isArt. 6(1)(b) GDPR.

9.2 Data transfer upon closing of contracts for services and digital content

We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.

Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur.

The basis for the processing of data is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions.

9.3 Payment services

We integrate payment services of third-party companies on our online offering. When you make a purchase from us,your payment data(e.g.name,payment amount, bank account details,credit card number) are processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment transaction (Art. 6(1)(f)GDPR).Insofar as your consent is requested for certain actions,Art. 6(1)(a) GDPR is the legal basis for data processing; consent may be revoked at any time for the future.

We use the following payment services / payment service providers within the scope of this online offering.

9.4 Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock,Dublin, Ireland (hereinafter“Stripe”).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here

Details can be found in Stripe’s Privacy Policy at the following link

10 Custom Services

10.1 Handling Applicant Data

Kriotek offers candidates the opportunity to submit job applications to us (e.g., via e-mail, postal services, or through our online application form). Below, we outline the scope, purpose, and use of the personal data collected during the application process. We assure you that all data is collected, processed, and used in compliance with applicable data privacy laws and will always be treated as strictly confidential.

10.2 Scope and Purpose of Data Collection

If you submit a job application to Kriotek, we will process all relevant personal data (e.g., contact information, communication records, application documents, and interview notes) as necessary to evaluate and decide on the establishment of an employment relationship. The legal basis for this processing is Article 6(1)(b) GDPR (contract negotiations) and, where applicable, Article 6(1)(a) GDPR (consent). You may revoke any consent provided at any time. Within Kriotek, your data will only be shared with individuals directly involved in the recruitment process.

If your application leads to employment, the data you have submitted will be stored in accordance with Article 6(1)(b) GDPR for the purpose of managing the employment relationship within our systems.

10.3 Data Archiving Period

If your application is unsuccessful, or if you withdraw your application, Kriotek may retain your data for up to 6 months based on our legitimate interest (Article 6(1)(f) GDPR), primarily for use as evidence in case of legal disputes. After this period, all personal data will be deleted, and any physical documents destroyed, unless extended retention is required by law or for ongoing legal matters.

Longer storage may also occur if you have explicitly consented (Article 6(1)(a) GDPR) or where statutory data retention obligations apply.

10.4 Applicant Pool

If we are unable to offer you a position, you may be invited to join Kriotek’s applicant pool. With your consent, your application documents will be securely stored so we can contact you in the future should suitable opportunities arise.

Admission to the applicant pool is strictly voluntary and unrelated to the outcome of your current application. Consent may be withdrawn at any time, in which case your data will be permanently deleted, unless legal retention requirements apply.

Applicant pool data will be stored for no longer than two years from the date of consent, after which it will be irrevocably deleted.