Harzer Str. 39, 12059 Berlin

Geöffnet Montag - Freitag 12:00 bis 15:00

info@kokitchen.berlin

KO KITCHEN PRIVACY POLICY

Membership Card Program
Last Updated: January 10, 2026

1. INFORMATION CONTROLLER

Company Name: Ko Kitchen
Operator: Nico Borchert
Address: Harzer Street 39, 12059 Berlin, Germany
Email: info@kokitchen.berlin
Tax ID (Steuernummer): 16/236/03495
VAT ID (USt-IdNr): DE368760326

This Privacy Policy explains how Ko Kitchen (“Company,” “we,” “us,” or “our”) collects, uses, processes, and protects personal data collected through the Ko Kitchen Membership Card Program.

2. LEGAL BASIS & REGULATORY COMPLIANCE

Ko Kitchen complies with:

  • GDPR (General Data Protection Regulation) – EU Regulation 2016/679
  • German Data Protection Act (BDSG) – Bundesdatenschutzgesetz
  • German Telemedia Act (TMG) – Telemediengesetz
  • German Civil Code (BGB) – Bürgerliches Gesetzbuch

All personal data processing is based on one or more of the following legal grounds:

  • Consent (Article 6(1)(a) GDPR)
  • Contractual necessity (Article 6(1)(b) GDPR)
  • Legal obligation (Article 6(1)(c) GDPR)
  • Legitimate interests (Article 6(1)(f) GDPR)

3. DATA WE COLLECT

3.1 Information You Provide Directly

During Registration & Account Creation:

  • Full name
  • Email address
  • Phone number
  • Residential address
  • Date of birth (if required for age verification)
  • Payment information (card details, bank account, etc.)
  • Device identification (for mobile wallet integration)

During Membership Use:

  • Meal selections and redemption history
  • Dates and times of meal claims
  • Device information (phone model, operating system, etc.)
  • Account activity logs

During Communication:

  • Messages, inquiries, and correspondence sent to Ko Kitchen
  • Customer service interactions and support tickets
  • Feedback and complaints

3.2 Information Collected Automatically

Device & Technical Data:

  • IP address
  • Device type and identifier
  • Mobile wallet provider information (Apple Wallet, Google Pay, etc.)
  • Browser or app type and version
  • Operating system
  • Geographic location (if enabled)

Usage Analytics:

  • Pages or features accessed
  • Time and date of access
  • Frequency of card usage
  • Links clicked
  • Actions taken within the app or platform
  • Error logs and technical issues

Payment Data:

  • Transaction records
  • Payment method (partial details for security)
  • Billing history
  • Refund records
  • Failed payment attempts

This data is collected through:

  • Cookies and similar tracking technologies
  • Web server logs
  • Analytics tools
  • Third-party payment processors
  • Mobile wallet providers

3.3 Data from Third Parties

Ko Kitchen may receive personal data from:

  • Payment processors (payment and billing information)
  • Mobile wallet providers (installation and usage confirmation)
  • Third-party analytics services
  • Law enforcement (if legally required)

4. PURPOSE OF DATA PROCESSING

Ko Kitchen processes your personal data for the following purposes:

4.1 Core Membership Services

  • Creating and maintaining your membership account
  • Issuing your digital membership card
  • Processing meal claims and redemptions
  • Tracking meal allowances and validity periods
  • Managing your membership plan

4.2 Billing & Payment Processing

  • Processing membership fees and payments
  • Sending billing confirmations and invoices
  • Managing payment methods and updates
  • Handling refunds and chargebacks
  • Detecting and preventing fraud

4.3 Communication

  • Sending confirmation emails for registrations and transactions
  • Providing membership renewal notices
  • Notifying about billing dates and next billing information
  • Responding to customer inquiries and support requests
  • Sending service announcements and updates

4.4 Service Improvement

  • Analyzing usage patterns to improve the membership program
  • Understanding customer preferences and behavior
  • Developing new features and enhancements
  • Conducting anonymized statistical analysis
  • Testing platform performance and reliability

4.5 Legal & Compliance

  • Complying with applicable laws and regulations
  • Fulfilling tax and accounting obligations
  • Preventing fraud, abuse, and unauthorized use
  • Enforcing Terms and Conditions
  • Responding to legal requests and law enforcement inquiries

4.6 Security

  • Detecting unauthorized access and suspicious activity
  • Protecting against malware, viruses, and cyber attacks
  • Ensuring account security and integrity
  • Preventing unauthorized use of membership cards

4.7 Marketing & Promotions (if consented)

  • Sending newsletters and promotional offers (only if you opt-in)
  • Informing about special events and menu changes
  • Conducting surveys and customer feedback requests
  • Personalizing your experience based on preferences
Processing PurposeLegal BasisDuration
Membership account managementContract (Article 6(1)(b) GDPR)Duration of membership + 7 years (tax retention)
Payment processing & billingContract + Legal obligationDuration of membership + 10 years (tax records)
Communication & supportContract + ConsentDuration of membership + reasonable period
Fraud prevention & securityLegitimate interest (Article 6(1)(f) GDPR)Duration of membership + limited retention
Analytics & improvementConsent + Legitimate interestDuration of membership + 12 months
Marketing communicationsExplicit consent (Article 6(1)(a) GDPR)Until withdrawal of consent
Legal complianceLegal obligation (Article 6(1)(c) GDPR)As required by law

6. DATA RETENTION

Ko Kitchen retains personal data based on the following periods:

Active Membership Data:

  • Retained for the duration of your membership
  • Deleted within 30 days of account termination (unless legal obligations require retention)

Billing & Financial Data:

  • Retained for 10 years (German tax law requirement – AStG, UStG)
  • Includes transaction records, invoices, and payment receipts

Communication Records:

  • Retained for 2 years after membership termination
  • May be extended if disputes are pending

Analytics & Usage Data:

  • Anonymized data retained for 12 months
  • Identifiable data deleted after 12 months (unless required for legal obligations)

Payment Method Details:

  • Deleted when payment method is updated
  • Or within 30 days of membership termination

Marketing Data:

  • Retained only while you have consented to communications
  • Deleted within 30 days of consent withdrawal

Legal & Compliance Data:

  • Retained as required by applicable law (tax, regulatory, legal disputes)
  • Minimum 7-10 years for financial records

7. DATA SHARING & RECIPIENTS

7.1 Internal Sharing

Personal data is shared internally only with Ko Kitchen personnel who require access to fulfill their roles:

  • Account management team
  • Customer service representatives
  • Finance and billing department
  • Legal and compliance officers
  • Technical support staff

All internal personnel are bound by confidentiality obligations.

7.2 Third-Party Processors & Service Providers

Ko Kitchen shares personal data with the following categories of third parties (Data Processors under GDPR):

Payment Processors:

  • Credit card companies (Visa, Mastercard, etc.)
  • SumUp
  • Bank transfer systems
  • Payment gateway providers
  • These parties process payment information to process your fees

Digital Wallet Providers:

  • Apple Inc. (for Apple Wallet)
  • Google LLC (for Google Pay)
  • Other mobile wallet providers
  • These parties assist in card delivery and management

Email & Communication Services:

  • Email service providers (for sending confirmations and notifications)
  • Customer service platforms

Analytics & Service Providers:

  • Analytics tools (e.g., Google Analytics)
  • Hosting providers
  • Cloud storage services
  • Technical support services

Payment Verification:

  • Identity verification services (age and fraud verification)
  • Credit reporting agencies (if necessary)

All third-party processors have signed Data Processing Agreements (DPA) ensuring GDPR compliance.

7.3 Legal Obligations & Law Enforcement

Ko Kitchen may disclose personal data if:

  • Required by law (court orders, government requests)
  • Necessary to enforce Ko Kitchen’s legal rights
  • Essential to protect the security or integrity of the platform
  • Required to comply with tax, regulatory, or legal obligations

7.4 No Sale of Data

Ko Kitchen does not sell personal data to third parties. Data is only shared as necessary to provide the membership service or as required by law.

8. YOUR DATA SUBJECT RIGHTS

Under GDPR and German data protection law, you have the following rights:

8.1 Right of Access (Article 15 GDPR)

You have the right to request and obtain a copy of all personal data Ko Kitchen holds about you in a structured, commonly used, and machine-readable format.

How to Exercise: E-Mail info@kokitchen.berlin with the subject “Data Access Request”

8.2 Right to Rectification (Article 16 GDPR)

You have the right to correct or update inaccurate or incomplete personal data.

How to Exercise: Log into your account to update information, or email info@kokitchen.berlin

8.3 Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR)

You have the right to request deletion of your personal data, except where:

  • Data is necessary to perform the membership contract
  • Required by legal obligations (tax records, 7-10 years)
  • Needed for legal claims or defenses

How to Exercise: E-Mail info@kokitchen.berlin with “Deletion Request”

8.4 Right to Restrict Processing (Article 18 GDPR)

You have the right to request that Ko Kitchen limit the processing of your data in specific circumstances, such as:

  • If you dispute the accuracy of data
  • If processing is unlawful but you request restriction rather than deletion
  • If Ko Kitchen no longer needs the data, but you need it for legal claims

How to Exercise: E-Mail info@kokitchen.berlin with “Restriction Request”

8.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and have it transferred to another controller.

How to Exercise: E-Mail info@kokitchen.berlin with “Data Portability Request”

8.6 Right to Object (Article 21 GDPR)

You have the right to object to:

  • Processing based on legitimate interests
  • Direct marketing and promotional communications
  • Automated decision-making and profiling

How to Exercise: E-Mail info@kokitchen.berlin with “Objection to Processing”

8.7 Right to Withdraw Consent (Article 7(3) GDPR)

If processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on prior consent.

How to Exercise: E-Mail info@kokitchen.berlin or adjust preferences in your account

8.8 Right to Lodge Complaints

You have the right to lodge a complaint with the applicable data protection authority:

German Data Protection Authorities:

9. INTERNATIONAL DATA TRANSFERS

Ko Kitchen operates within the European Union and primarily processes data within Germany. If data is transferred outside the EU/EEA:

  • Transfers occur only to countries deemed to have adequate data protection
  • Standard Contractual Clauses (SCCs) or other appropriate safeguards are implemented
  • You will be notified of such transfers

Third-party processors (like Google, Apple) may transfer data to their servers in the US or other countries. These companies comply with data protection regulations (e.g., Standard Contractual Clauses, Binding Corporate Rules).

10. DATA SECURITY

10.1 Security Measures

Ko Kitchen implements industry-standard security measures to protect your personal data:

Technical Safeguards:

  • Encryption in transit (SSL/TLS – HTTPS)
  • Encryption at rest for sensitive data
  • Secure payment processing (PCI DSS compliance)
  • Firewalls and intrusion detection systems
  • Regular security audits and vulnerability assessments

Organizational Safeguards:

  • Access controls and user authentication
  • Employee confidentiality agreements
  • Limited access to personal data (need-to-know basis)
  • Incident response procedures
  • Regular staff training on data protection

Mobile Wallet Security:

  • Digital cards are encrypted on your device
  • Protected by your device’s security (passcode, biometrics)
  • Tokenized card data to prevent exposure

10.2 Data Breach Notification

In the unlikely event of a data breach that compromises your personal data, Ko Kitchen will:

  • Notify you without undue delay (if breach poses high risk to your rights)
  • Notify the German data protection authority if required
  • Provide details of the breach, affected data, and remediation measures

11. COOKIES & TRACKING TECHNOLOGIES

Ko Kitchen uses cookies and similar tracking technologies to:

  • Analyze usage patterns
  • Improve user experience
  • Prevent fraud

Types of Cookies:

  • Essential Cookies: Required for membership function (no consent needed)
  • Analytics Cookies: Track usage for improvement (requires consent)
  • Marketing Cookies: Personalized advertising (requires consent)

You can control cookies through your browser settings. Disabling non-essential cookies may affect functionality.

12. CHILDREN’S DATA

Ko Kitchen’s membership program is only available to individuals aged 18 and older. We do not knowingly collect personal data from children under 18. If we discover we have inadvertently collected data from a minor, we will delete it promptly.

13. UPDATES TO PRIVACY POLICY

Ko Kitchen may update this Privacy Policy to reflect changes in data protection laws, business practices, or other developments. Updates will be communicated via:

  • Email notification
  • Website announcement
  • In-app notification
  • Update to the “Last Updated” date at the top of this policy

Continued use of the membership program after changes become effective indicates your acceptance of the updated Privacy Policy. We recommend reviewing this policy regularly.

14. CONTACT & DATA PROTECTION REQUESTS

For inquiries about your personal data, requests to exercise your data subject rights, or data protection concerns, please contact:

Ko Kitchen Data Protection Contact:
Email: info@kokitchen.berlin
Subject: “Data Protection Request” or “Privacy Inquiry”

Response Time: Ko Kitchen will respond to your request within 30 days (extendable by 60 days for complex requests under GDPR Article 12(3)).

Information Required: To process your request, we may ask for:

  • Your full name and membership email
  • Date of birth
  • Any additional information necessary to verify your identity
  • Clear specification of your request

15. THIRD-PARTY LINKS & SERVICES

Ko Kitchen’s platform may contain links to third-party websites or services. This Privacy Policy applies only to Ko Kitchen’s data processing. Third-party services have their own privacy policies, and Ko Kitchen is not responsible for their data practices.

16. LEGAL BASIS & REGULATORY COMPLIANCE

This Privacy Policy complies with:

  • GDPR (EU Regulation 2016/679) – Effective May 25, 2018
  • German Federal Data Protection Act (BDSG-neu) – Effective January 1, 2018
  • German Telemedia Act (TMG) – Section 13 (cookie consent)
  • German Civil Code (BGB) – Consumer protection provisions

Where there is a conflict between this Privacy Policy and applicable law, the law takes precedence.

17. ENTIRE AGREEMENT

This Privacy Policy, along with the Ko Kitchen Terms and Conditions, constitutes the entire agreement regarding data protection and privacy in the Ko Kitchen Membership Program.

Aus Neukölln für Berlin - eine leidenschaftliche Crew, die mit Herz kocht und frisches, hochwertiges Essen serviert, das Komfort und Kreativität verbindet.

Links

Feinkostladen

Catering

Kontakt

info@kokitchen.berlin

Copyright © 2026 Ko Küche. Gebaut von Ali&Ale.

Impressum

Datenschutzrichtlinie