Data protection regulations
Effective as of: June 17, 2025
The protection of your personal data is important to us. This privacy policy informs you in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) about how, to what extent, and for what purposes we process personal data on our website and platform.
1. Data Controller
iknowly UG (haftungsbeschränkt)
Nobelstraße 10
70569 Stuttgart
Germany
Commercial Register: HRB 800247, Local Court of Stuttgart
Managing Director: Taha Al-Taie
Email: legal@iknowly.com
Phone: +49 157 85083140
Website: www.iknowly.com
2. General Information on Data Processing
The use of the iknowly platform is generally possible without providing personal data. However, certain functions (registration, consultations, bookings) require the processing of personal data.
Personal data includes all data that can personally identify you. All data processing is carried out in compliance with the GDPR, the German Federal Data Protection Act (BDSG), the Telemedia Act (TMG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).
3. Legal Bases for Processing
Your data is processed based on the following legal grounds:
- Art. 6(1)(a) GDPR – Consent
- Art. 6(1)(b) GDPR – Contract performance or pre-contractual measures
- Art. 6(1)(c) GDPR – Legal obligation
- Art. 6(1)(f) GDPR – Legitimate interests
4. Collection and Storage of Personal Data
a) When Visiting the Website
When accessing our website, the browser automatically transmits information to the server, which is temporarily stored in log files:
- IP address of the requesting computer
- Date and time of access
- Time zone difference to GMT
- Name and URL of the accessed file
- Website from which the access originated (referrer URL)
- Browser type, language, and version
- Operating system and user interface
- Access status/HTTP status code
- Amount of data transmitted
Purpose of Processing:
- Ensuring smooth connection establishment
- Evaluating system security and stability
- Administrative purposes
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest)
b) When Using the Contact Form or Email Contact
Processed Data:
- Name
- Email address
- Message content
- Time of inquiry
Purpose: Handling the inquiry and any follow-up communication
Legal Basis: Art. 6(1)(b) GDPR (contract initiation) or (f) GDPR (legitimate interest)
c) During Platform Registration
General User Data:
- First and last name
- Email address
- Encrypted password
- Gender (optional)
- Profile picture (optional)
- Language setting
- Role (consultant/client)
- Registration time
- Profile status (e.g., "verified," "active," "deleted")
Legal Basis: Art. 6(1)(b) GDPR (contract performance)
d) Consultant-Specific Data (Onboarding Process)
Verification Data:
- Professional background (CV, proof documents)
- Academic qualifications
- Availability (calendar data)
- Session pricing
- Description of consulting services
- Motivation video
- Bank account/Stripe ID
- Tax ID
- KYC metadata (collected via Stripe)
Legal Basis: Art. 6(1)(b) GDPR (contract performance) and (f) GDPR (legitimate interest)
e) Booking and Session Data
For bookings, we process:
- Selected consultant
- Desired date and time
- Communication tool (e.g., ZEGOCLOUD)
- Booking confirmation
- Session history and ratings
- Invoice data
Legal Basis: Art. 6(1)(b) GDPR (contract performance)
f) Payment Information
Payments are processed via Stripe Payments Europe Ltd. We do not store credit card or bank details directly. From Stripe, we receive:
- Payment status
- Invoice ID
- Stripe fees
- Stripe customer ID
- Transaction history
Legal Basis: Art. 6(1)(b) GDPR (contract performance) and (c) GDPR (legal obligation)
Further information on Stripe’s data processing: https://stripe.com/de/privacy
5. Purposes of Processing - Overview
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Platform functionality, registration | Art. 6(1)(b) GDPR | Until account deletion |
| Booking and consultation execution | Art. 6(1)(b) GDPR | 6 months after session |
| Payment & invoicing | Art. 6(1)(b), (c) GDPR | 10 years |
| Consultant verification | Art. 6(1)(b), (f) GDPR | 3 years |
| User profile management | Art. 6(1)(b) GDPR | Until account deletion |
| Platform improvement (analytics) | Art. 6(1)(f) GDPR | 24 months |
| Direct marketing | Art. 6(1)(a) GDPR | Until withdrawal |
| Legal archiving | Art. 6(1)(c) GDPR | Statutory periods |
6. Cookies and Tracking Technologies
We use cookies and tracking tools to improve usability and optimize our services. Details can be found in our Cookie Policy.
Legal Bases:
- Art. 6(1)(a) GDPR (consent via cookie banner)
- § 25 TTDSG (device information)
You can withdraw your consent at any time via our consent management tool (Usercentrics).
Cookie Overview
| Cookie Name | Purpose | Category | Duration | Consent Required |
|---|---|---|---|---|
__stripe_mid |
Stripe security | Essential | 1 year | No |
__stripe_sid |
Stripe session | Essential | 30 minutes | No |
_cf_bm |
Bot protection (Cloudflare) | Essential | 30 minutes | No |
CONSENT |
Google consent tracking | Functional | 2 years | Yes |
test_cookie |
Cookie test (Google) | Functional | 15 minutes | Yes |
_ga |
Google Analytics | Analytics | 2 years | Yes |
_ga_XXXXXXXXXX |
GA property cookie | Analytics | 2 years | Yes |
_gid |
Session user tracking | Analytics | 24 hours | Yes |
_gat_gtag_UA_XXXXXXXX_X |
Throttle request rate | Analytics | 1 minute | Yes |
li_gc |
LinkedIn consent | Functional | 6 months | Yes |
bcookie |
LinkedIn browser ID | Advertising | 1 year | Yes |
bscookie |
LinkedIn secure login | Advertising | 1 year | Yes |
lidc |
LinkedIn load balancing | Advertising | 1 day | Yes |
lang |
LinkedIn language setting | Functional | Session | Yes |
_fbp |
Facebook ad personalization | Advertising | 3 months | Yes |
fr |
Facebook tracking | Advertising | 3 months | Yes |
7. Data Sharing with Third Parties
Your data will only be shared with third parties if:
- You have given explicit consent (Art. 6(1)(a) GDPR)
- It is necessary for contract performance (Art. 6(1)(b) GDPR)
- There is a legal obligation (Art. 6(1)(c) GDPR)
- It is based on our legitimate interest (Art. 6(1)(f) GDPR)
Overview of Data Recipients
| Recipient | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe Inc. | Payment processing | USA/Ireland | SCC, DPA |
| ZEGOCLOUD | Video calls | Singapore/EU | SCC |
| Amazon Web Services (AWS) | Hosting | EU (Frankfurt) | DPA |
| Mailgun Technologies Inc. | Transaction emails | USA | SCC |
| Google Analytics | Analytics | USA | SCC, consent required |
| Meta (Facebook) Pixel | Marketing | USA | SCC, consent required |
| LinkedIn Insight Tag | Marketing | USA | SCC, consent required |
| Usercentrics GmbH | Cookie consent management | EU | GDPR-compliant |
8. International Transfers
Transfers to third countries (outside the EU/EEA) only occur with appropriate safeguards:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCC)
- Data processing agreements with technical and organizational measures
9. Retention Periods
We store personal data only as long as necessary for the respective purposes or as required by law:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| User account data | Until account deletion | Contract purpose |
| Session data & ratings | 6 months | Contract performance |
| Consultant documents | 3 years | Compliance |
| Invoices & payment data | 10 years | HGB, AO |
| Video metadata | 90 days | Technical purposes |
| Marketing cookies | Up to 2 years | Consent |
| Server logs | 30 days | Security |
10. Your Rights Under GDPR
You have the following rights at any time:
Right of Access (Art. 15 GDPR)
You can request information about your personal data processed by us.
Right to Rectification (Art. 16 GDPR)
You can request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17 GDPR)
You can request deletion of your data ("right to be forgotten"), unless legal retention obligations apply.
Right to Restriction of Processing (Art. 18 GDPR)
You can request restriction of processing.
Right to Data Portability (Art. 20 GDPR)
You can request your data in a structured, commonly used, and machine-readable format.
Right to Object (Art. 21 GDPR)
You can object to processing based on legitimate interests.
Right to Withdraw Consent (Art. 7(3) GDPR)
You can withdraw given consent at any time, effective for the future.
Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to file a complaint with a supervisory authority.
Contact to exercise your rights: legal@iknowly.com
11. Data Protection for Minors
Our platform is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such data, we will delete it immediately.
12. Data Security
We implement appropriate technical and organizational measures to protect your data against loss, misuse, or unauthorized access:
- SSL/TLS encryption for all data transfers
- Hashed passwords (no plaintext storage)
- Access control mechanisms and permission concepts
- Regular security updates and penetration tests
- Backup systems and disaster recovery plans
- Server location: AWS Frankfurt (EU)
These measures are regularly reviewed and updated to reflect technological advancements.
13. External Links
Our website may contain links to external sites. We are not responsible for their content or privacy practices. Please review the privacy policies of linked websites.
14. Supervisory Authority
For privacy-related questions or complaints, you may contact the relevant supervisory authority:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Germany
Email: poststelle@lfdi.bwl.de
Website: www.baden-wuerttemberg.datenschutz.de
15. Changes to This Privacy Policy
We reserve the right to update this policy to reflect legal changes or service modifications. The current version is always available at www.iknowly.com/privacy-policy.
For significant changes, we will notify you via the email address provided.
As of: June 17, 2025
Last Updated: June 17, 2025
Contact for Privacy Inquiries:
legal@iknowly.com