Privacy Policy
1. Privacy at a Glance
The following information provides a simple overview of what happens to your personal data when you visit this website.
2. Responsible Party
The responsible party for data processing on this website is KO‑MO‑TEL GmbH, Frauenstrasse 30, 80469 München.
3. Data Collection on This Website
Data is collected in part when you provide it to us (e.g., via the contact form). Other data is collected automatically by our IT systems when you visit the website.
4. Hosting
This website is hosted by Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). Personal data collected on this website is stored on Vercel's servers. Vercel processes data on our behalf under a data processing agreement.
5. Web Analytics
This website uses Vercel Analytics and Vercel Speed Insights (Vercel Inc., USA) to analyze website usage. These services collect anonymized usage data such as page views, load times, and session duration. Processing only occurs with your consent (§ 25 TTDSG, Art. 6(1)(a) GDPR). You may withdraw your consent at any time via the cookie settings in the footer.
6. Chatbot (KO_Buddy)
This website uses the AI-powered chatbot 'KO_Buddy', operated on the Botpress Inc. (Canada) platform. The chatbot processes your inputs to provide information about our services. Conversation data is stored on Botpress servers. Usage only occurs with your consent (§ 25 TTDSG, Art. 6(1)(a) GDPR). You may withdraw your consent at any time via the cookie settings in the footer.
7. Your Rights
You have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as the right to correction or deletion of this data.
8. Contact Form
When you send us inquiries via the contact form, your information from the form including the contact data you provide there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
9. DORA – Digital Operational Resilience Act (EU 2022/2554)
As an IT service provider for companies in the financial sector, we take into account the requirements of the DORA regulation (Regulation (EU) 2022/2554) on digital operational resilience. DORA obliges financial entities and their ICT third-party service providers to implement comprehensive measures in the areas of ICT risk management, ICT-related incident reporting, digital operational resilience testing, and ICT third-party risk management. As part of our services, we support our clients in meeting these requirements, including providing information for the ICT third-party register pursuant to Art. 28 DORA. Our technical and organizational measures are designed to ensure the availability, integrity, and confidentiality of the data and systems processed.
10. NIS2 – Network and Information Security Directive (EU 2022/2555)
KO‑MO‑TEL takes into account the requirements of the NIS2 Directive (Directive (EU) 2022/2555) on measures for a high common level of cybersecurity across the Union. As an IT service provider serving essential and important entities, we implement appropriate technical, organizational, and operational measures to protect network and information systems. These include: risk analysis and security policies, incident handling, business continuity and crisis management, supply chain security, security in system acquisition, development and maintenance, policies for assessing the effectiveness of risk management measures, cyber hygiene practices and training, and the use of cryptography and encryption. We support our clients in implementing NIS2 requirements and report security incidents in accordance with legal requirements.
11. EU AI Act (EU 2024/1689)
In accordance with Regulation (EU) 2024/1689 on artificial intelligence (EU AI Act), we are committed to the responsible use and provision of AI systems. Where we use or provide AI-based tools as part of our IT services, this is done in compliance with the risk-based classification of the regulation. We do not employ prohibited AI practices under Art. 5 of the regulation. When using high-risk AI systems, we ensure compliance with requirements for risk management, data quality, technical documentation, transparency, and human oversight. For limited-risk AI systems, such as chatbots, we ensure the required transparency towards users. We conduct fundamental rights impact assessments where necessary and comply with the information obligations under the regulation.