This privacy statement was last updated on 10. April 2025 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.
In this privacy statement, we explain what we do with the data we obtain about you via https://www.kern-unternehmensnachfolge.com/en. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:
- we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
- we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
- we first request your explicit consent to process your personal data in cases requiring your consent;
- we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
- we respect your right to access your personal data or have it corrected or deleted, at your request.
If you have any questions, or want to know exactly what data we keep of you, please contact us.
1. cookies
Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.
2. disclosure practices
We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.
If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.
We have concluded a data Processing Agreement with Google.
Google may not use the data for any other Google services.
The inclusion of full IP addresses is blocked by us.
3. security
We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.
4. third-party websites
This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.
5 Amendments to this privacy statement
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.
6 Accessing and modifying your data
If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.
7. submitting a complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.
8. data protection officer
Our Data Protection Officer has been registered with the data protection authority in an EU Member State. If you have any questions or requests with respect to this privacy statement or for the Data Protection Officer, you may contact Ralf Lohmann (external data protection officer), HUBIT Datenschutz GmbH & Co. KG, Lise-Meitner-Str. 2, 28359 Bremen, via www.hubit-datenschutz.de or info@hubit.de or by telephone on +49 421 3311 4300
9 Contact details
KERN System GmbH
Heinrich-Heine-Str. 111
28211 Bremen
Germany
Website: https://www.kern-unternehmensnachfolge.com/en
Email: info@ex.comcore-company-succession.com
Phone number: +49 421 69208840
Annex
Leadinfo
We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This recognises visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses.
In addition, Leadinfo sets two first-party cookies to analyse user behaviour on our website and processes domains from form entries (e.g. ?leadinfo.com?) in order to correlate IP addresses with companies and improve the services.
Further information can be found at www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be collected by Leadinfo.
MS-365 (Microsoft)
This information applies if you use Microsoft 365 applications together with us. This applies in particular to the use of a Microsoft Office application such as Teams, SharePoint, Stream, Forms or similar, to which you will usually receive an invitation from us. MS365, for example, is a productivity, collaboration and exchange platform for individual users, teams, communities and networks that can be used across organisational units. Personal data about you is processed when you use it. Please note that this data protection notice only informs you about the processing of your personal data by us if you use Microsoft applications together with us. If you require information about the processing by Microsoft, please refer to the corresponding declaration under the following link: https://privacy.microsoft.com/de-de/privacystatement .
When using MS applications (MS=Microsoft), various types of data are processed. The scope of this data depends, among other things, on which application is used and what data you provide. Certain information is already processed automatically as soon as you use MS365.
The following personal data may be subject to processing:
Identification data (e.g., names, addresses, e-mail, telephone numbers, profile picture (optional), user name).
Content data (e.g. text input, audio data, videos, documents)
Usage data (e.g. websites visited, time of access, date, type of access, information on the data/files/documents accessed and all activities in connection with the use, such as creating, changing, deleting a document, setting up a team (and channels in teams), making notes in the notebook, starting a chat, replying in the chat)
Meta/communication data (e.g. IP addresses, device/hardware information, location data if authorised by the user, live transmission of sound and images)
Where necessary, we process your personal data exclusively to ensure an effective customer or supplier relationship with you. Your data will be processed in order to be able to use the tool in question for the purpose of communication and collaboration. Your data may also be processed for information security purposes and to ensure the functional security and stability of the IT systems.
The legal basis depends on the reason for your cooperation with us. Below you will find a description of the legal bases on which we process your personal data when you use MS365 applications. Please note that these details are only examples and not a complete or exhaustive list of the possible legal bases for data processing.
Consent (Art. 6 para. 1 lit. a GDPR)
We only process certain personal data with your prior, explicit and free consent, e.g. if you take part in a survey via Microsoft Forms. The recording of Teams meetings for use outside the livestream is also exclusively based on your consent. Consent is given when you accept the invitation to the meeting and then take part in the meeting. There is neither a contractual nor a legal obligation to provide the data. Consent is voluntary and can be revoked in whole or in part at any time with effect for the future. The legality of the processing remains unaffected until consent is withdrawn.
Fulfilment of a contract with you (Art. 6 para. 1 lit.b GDPR)
Your data will be processed on the basis of Art. 6 para. 1 lit. b GDPR if the use is based on a contract.
Fulfilment of a legal obligation (Art. 6 para. 1 lit.c GDPR)
We are subject to a number of legal requirements and may process your personal data to fulfil our legal obligations. For example, we are required by law to provide information to certain public authorities (including law enforcement agencies) upon request.
Protection of our legitimate interests or those of a third party (Art. 6 para. 1 lit.f GDPR)
We process your personal data to protect our legitimate interests or the interests of third parties on the basis of Art. 6 para. 1 lit. f GDPR. However, this only takes place if your interests as the data subject do not take precedence over our interests in individual cases. Legitimate interests that are pursued when using MS365 are: effective conduct of meetings, optimisation of business processes, protection of the vital interests of our partners and employees and thus the fulfilment of our duty of care as an employer or franchisor by reducing the number of face-to-face meetings during a possible pandemic.
Recipients or categories of recipients of the personal data
We always ensure that your personal data is only accessible to a limited number of authorised persons who need to know this data for the provision of the above-mentioned processing purposes.
If necessary, your data may be passed on to other companies in the KERN Group or KERN-System GmbH and their franchise licencees, payment service providers or other companies used to provide the service or process the contract.
As part of the processing of your enquiries and your use of our services, we also commission external data processing and IT contractors. These service providers are contractually obliged to comply with data protection regulations and only process personal data in accordance with our instructions.
The personal data that we collect or process about you may be transferred to recipients who may be located inside or outside the European Economic Area (?EEA?) (e.g. Switzerland). For recipients located outside the EEA, we have taken appropriate measures to ensure compliance with the requirements of data protection law, e.g. the conclusion of suitable model contract clauses of the EU Commission, recognised codes of conduct or recognised certification mechanisms (Article 42 et seq. GDPR). Furthermore, where necessary, we carry out careful assessments of the legal systems of the third countries concerned and take additional measures in accordance with the ECJ judgement on the transfer of personal data to third countries (?Schrems II?).
Microsoft Corporation is the processor responsible for providing the service and the associated data processing. If individual data is processed outside the EU, Microsoft ensures data protection compliance by agreeing the EU standard contractual clauses. Further information on data processing by Microsoft can be found in the MS Trust Centre and the MS Privacy Policy.
Duration of data storage
We delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs, or is no longer required to be retained due to a statutory retention period. As a rule, we store your personal data for the duration of the contractual relationship with you. Log files are deleted after 90 days at the latest, unless we are authorised or obliged to store them for longer.
Automated decision making
In principle, we do not use automated decision-making in accordance with Art. 22 GDPR to organise meetings via Teams. Should we use these procedures in individual cases, we will inform you of this separately in advance if this is required by law.
Data security
We have implemented appropriate technical and organisational measures to prevent unauthorised or unlawful disclosure of your personal data, unauthorised or unlawful access to your personal data or loss, destruction, alteration or damage to your personal data, whether accidental or unlawful. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the personal data to be protected. Our security measures are continuously improved in line with technological developments.
Typeform
This page integrates services of the company Typeform for contact form[s]. Typeform by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform). This enables us to provide you with an easy way to contact us. For this purpose, we pass on the following personal data to Typeform:
[e-mail address]*
[First name]
[Surname]
[Telephone number]
[Company]
Mandatory information is marked with an *.
Typeform is the recipient of your personal data and acts as a processor for us. The processing of the data specified in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot provide you with a contact form. However, you can contact us at the following e-mail address: info@kern-unternehmensnachfolge.de. The data will be stored exclusively for the purpose of sending enquiries and responding to them. The mandatory information is used to allocate and respond to your enquiry.
In addition, Typeform collects the following personal data with the help of cookies: Information about your end device (IP address, device information, operating system, browser settings). Furthermore, usage data such as the date and time when you used the contact form is collected. Typeform requires this data to ensure that the contact form is displayed and functions properly. This corresponds to Typeform’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the fulfilment of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). Further information can be found at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
Further information on objection and removal options vis-à-vis Typeform can be found at https://admin.typeform.com/to/dwk6gt
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to the processing of your personal data at any time. The revocation can be made via the contact options provided. Your data will be processed for as long as the corresponding consent is available. The declaration of revocation does not affect the legality of the processing carried out so far.
Your data will be deleted after processing has been completed. Apart from this, they will be deleted after the contract between us and Typeform has ended, unless legal requirements make further storage necessary.