Privacy policy
Privacy Policy
of KAA DOS GmbH, Neue Schönhauser Str. 2, 10178 Berlin (as of July 2025).
In the following privacy policy, we hereby inform you about the processing of personal data carried out by KAA DOS GmbH, Neue Schönhauser Str. 2, 10178 Berlin ("KAA DOS" and/or "Controller") in accordance with the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG"). Our Privacy Policy applies to the following websites: www.kaados.com ("website")
Please read our Privacy Policy carefully. If you have any questions or comments about our data protection information, please contact us at hey@thehaus360.com .
Content
1. Name and contact details of the controller
2 . Purposes of data processing, legal bases and legitimate interests pursued by the controller or a third party, as well as categories of recipients
2.1. Accessing our websites/applications
2.1.1. Log files
2.1.2. Cookies and tracking
2.2. Establishment, execution and/or termination of a contract
2.2.1. Data processing upon conclusion of a contract
2.2.2. Use of data for fraud prevention purposes
2.2.3. Transfer of information to transport service providers/shipping partners
3. Data processing for advertising purposes
3.1. Newsletters
4. Personalised user experience
4.1. Identification on third-party sites
4.2. Personalised advertisements and content
4.3. Market research
4.4. Product development
5. Performance
5.1. Fraud detection and security
5.2. Shopping cart and similar functions
6. Fan pages
7. Customer account / user account
8. Contact
9. Payments
10. No obligation to provide data
11. Recipients of personal data
11.1. Disclosure of data to third parties
11.2. Disclosure to processors
12. Storage period and data deletion
13. Recipients outside the EEA
14. Your rights
14.1. Overview
14.2. Rights to object
14.3. Right of withdrawal
1. Name and contact details of the controller
This privacy policy applies to data processing by
KAA DOS GmbH,
Neue Schönhauser Str. 2, 10178 Berlin,
Email: hey@thehaus360.com
as the controller, legally represented by the managing director Georg Listing
Website: www.kaados.com
2. Purposes of data processing, legal bases and legitimate interests pursued by the controller or a third party, as well as categories of recipients
2.1. Accessing our websites/applications
2.1.1. Log files
Each time you visit the website, information is sent from the Internet browser of your device to our website server and temporarily stored in log files. The data stored in the log files contains the following data: Date and time of access, name of the page accessed, IP address of the requesting device, device type, referrer URL (the URL from which you came to our website), the amount of data transferred, loading time, product and version information of the browser used, and the name of your Internet service provider. We process the log files in order to be able to provide our website reliably and securely.
Insofar as we process personal data (e.g. the IP address) in this context, the legal basis for this is Art. 6 para. 1 f) GDPR. Our legitimate interest arises from ensuring a smooth connection, guaranteeing the convenient use of our website and evaluating system security and stability.
No direct conclusions about your identity can be drawn from this information, nor will we draw any such conclusions. The information is stored and automatically deleted once the aforementioned purposes have been fulfilled. The standard deletion periods are based on the criterion of necessity.
Insofar as we use cookies or similar technologies in connection with the processing of log files described above, this is absolutely necessary in order to provide you with the website you have requested. We are permitted to use these cookies without your consent on the basis of Section 25(2)(2) of the German Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG).
2.1.2. Cookies and tracking
General information
We use cookies or similar technologies (collectively referred to as "cookies") on our website. Cookies are small text files that can be stored on your device (laptop, tablet, smartphone, etc.) when you visit and/or use our website or its functions. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific device used. However, this does not mean that we are immediately aware of your identity and/or can draw conclusions about you.
Some of the cookies used are deleted after the end of the browser session (so-called session cookies). These cookies enable us to improve the security of our website, for example by preventing bot attacks.
Other cookies remain on your device and enable us to recognise your device when you next visit (so-called permanent or cross-session cookies). These cookies are used, for example, to show you advertisements and content tailored to you on our website.
Consent to the use of cookies
We use most cookies on the basis of your consent. We ask for this consent in our consent management platform ("CMP"). If you give your consent, this is the legal basis for the use of cookies (Section 25 (1) TDDDG in conjunction with Art. 6 (1) a) GDPR). We store your settings on whether you wish to give your consent so that we can implement it accordingly. An exception to this consent requirement applies only to cookies that are absolutely necessary for the provision of a service you have expressly requested. We may use these cookies without your consent on the basis of Section 25 (2) No. 2 TDDDG.
Consent to the processing of your data based on cookies
In our CMP, we also ask you – where necessary – for your consent to the processing of your data based on these cookies. In our CMP, you will find detailed information on the purposes for which we would like to process your data based on your consent.
We store the decision you make in the CMP as to whether and to what extent you wish to give your consent to the processing of your data based on cookies in order to be able to provide legal proof of the settings you have made in our CMP and the consents given/withdrawn therein, including the time (date, time).
The legal basis for the data processing involved is Art. 6 para. 1 f) GDPR. We have a legitimate interest in processing your decision to give consent so that we do not have to ask you again whether you wish to give your consent each time you visit our website.
If you have given your consent to the processing of your data, Art. 6 para. 1 a) GDPR is the legal basis for this data processing.
Right of withdrawal
You can revoke your consent(s) at any time, in whole or in part, with effect for the future by changing your settings in our CMP here and clicking on "Confirm selection" or by clicking on "Reject all". Your revocation does not affect the lawfulness of the data processing carried out on the basis of the consent(s) until revocation.
2.2. Establishment, execution and/or termination of a contract
2.2.1. Data processing upon conclusion of a contract
When you register in our online shop and/or enter into another contract with us (e.g. purchase a product from us), we process the data necessary for the establishment, execution and/or termination of the contract. This data includes:
First name
First name, last name
Billing and delivery address
Email
Invoice and payment details
Information about orders placed
Shop settings
The legal basis for this is Art. 6 b) GDPR, i.e. you provide us with the information on the basis of the respective contractual relationship (e.g. management of the customer/user account, processing of a purchase contract) between you and us. In order to process your email address in the event of a purchase via our websites/applications, we are also obliged to send an electronic order confirmation in accordance with the statutory provisions of the German Civil Code ("BGB") (Art. 6 para. 1 c) GDPR).
We store the data collected for contract processing – unless we use it for our own marketing purposes – for the duration of the respective contract and until the expiry of the respective statutory or possible contractual warranty and guarantee rights and applicable limitation periods. After expiry of this period, we will retain the information relating to the contractual relationship required under commercial and tax law for the periods specified by law. During this period, the data will only be processed again in the event of an audit by the tax authorities. The legal basis for this further data processing is Art. 6 para. 1 c) GDPR and Art. 6 para. 1 f) GDPR. We have a legitimate interest in asserting, exercising or defending legal claims.
The following data processing is also necessary for the execution of a purchase contract:
Payment data is transferred to payment service providers commissioned by us who process the payment(s).
We transfer shipment address details to logistics companies and shipping partners commissioned by us so that the order can be delivered. In order to ensure that the goods are delivered in accordance with your wishes, we may pass on your email address to the logistics company and/or shipping partner commissioned by us to carry out the delivery. They may contact you in advance of delivery to arrange the details of delivery with you. The respective data will be transmitted solely for the respective purpose and will not be used for any other purpose after delivery has been completed and will be deleted after expiry of the applicable commercial and tax retention obligations.
2.2.2. Use of data for fraud prevention purposes
The information you provide when placing an order may be used to check whether a so-called atypical order process has taken place (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). We have a legitimate interest in carrying out such checks. The legal basis for this data processing is Art. 6 para. 1 f) GDPR.
2.2.3. Transfer of information to transport service providers/shipping partners
For the purpose of delivering ordered goods, we work with logistics service providers/transport companies and/or shipping partners: The following data may be transferred to them for the purpose of delivering the ordered goods or for the purpose of notification of shipment: first name, last name, postal address and, if applicable, email address. The legal basis for this data processing is Art. 6 para. 1b) GDPR.
3. Data processing for advertising purposes
3.1. Newsletter
As part of the provision of our website, we offer you the opportunity to subscribe to our newsletter. In order to ensure that no errors are made when entering your email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field and given your consent to receive our newsletter, we will send you a confirmation link to the email address you provided. Only when you click on this confirmation link will your email address be added to our distribution list for sending our newsletters. The legal basis for this processing is Art. 6 para. 1 a) GDPR.
Right of withdrawal
You can withdraw your consent at any time with future effect by sending a message to hey@kaados.com or using the unsubscribe option at the end of each newsletter.
4. Personalised user experience
We want to offer you the most personalised user experience possible on our website. In our CMP, we therefore ask for your consent for the processing purposes described below. The legal basis for the data processing described in these sections is Art. 6 para. 1a) GDPR.
In addition, we process your data in order to provide our website securely and reliably and in the form you desire. The legal basis for the data processing described there is Art. 6 para. 1 f) GDPR. We have a legitimate interest in offering our website securely and reliably and in providing services expressly requested by you (e.g. our shopping basket function).
4.1. Market research
With your consent, we use certain information about your interaction with content and advertisements in our online shop and on third-party sites to better understand how they are received by our users. To do this, we combine data sets (such as user profiles, statistics, market research and analysis data) that provide information about how you and other users interact with content and advertisements. This information allows us to identify common characteristics, e.g. to determine which content is relevant for which target groups. The legal basis for data processing is Art. 6 para. 1 a) GDPR.
4.2. Product development
With your consent, we use information about your activities in our online shop and on third-party sites (e.g. your interaction with advertisements or content) as it helps us to improve our products and our website and to develop new products and features based on user interactions, the type of target group, etc. This purpose does not include the development or improvement of user profiles and identifiers. The legal basis for data processing is Art. 6 para. 1 a) GDPR.
5. Performance
5.1. Fraud detection and security
We require certain information to ensure that our online shop is secure and reliable. To this end, we monitor and prevent unusual and potentially fraudulent activity (e.g. in relation to advertising, ad clicks by bots) and ensure that systems and processes function properly and securely. The legal basis for data processing is Art. 6 para. 1 f) GDPR. We have a legitimate interest in offering our marketplace securely and reliably.
5.2. Shopping basket and similar functions
In addition, we require certain information in order to provide you with functions such as a shopping basket and similar functions you may require in our online shop. For example, we remember which products you have placed in your shopping basket. The legal basis for data processing is Art. 6 para. 1 f) GDPR. We have a legitimate interest in providing you with functions that you have expressly requested (e.g. our shopping basket function).
6. Fan pages
KAA DOS maintains social media profiles on the social networks
Facebook (service provided by Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland ("Meta")),
Instagram (also a service provided by Meta),
TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) and("fan pages" of the "service providers"), where we regularly publish and share content and offers. When you interact with our fan pages or other websites of the service providers, the service providers use cookies and similar technologies to collect information about your usage behaviour. KAA DOS can view general statistics on the interests and demographic characteristics (such as age, gender, region) of users for its fan pages. If you use social networks, the type, scope and purposes of data processing on social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which we are jointly responsible with the respective service providers and which are explained below.
Processing of your data by the service providers
When you use fan pages, the service providers also process your data for their own purposes, which are not covered by this privacy policy and over which we have no influence. You can find more information on this in the respective social networks:
Facebook privacy policy
Instagram privacy policy
TikTok privacy policy
Usage analysis (page insights)
When you interact with our fan pages, the service providers use cookies and similar technologies to collect information about your usage behaviour. In this context, KAA DOS receives "page insights" containing statistical, depersonalised (anonymised) information about visitors. We are unable to link this information to you personally. The selection and processing of Page Insights information is carried out exclusively by the respective service provider. Page Insights help us to understand how our fan pages are used, what interests visitors have and which topics and content are particularly popular. We use this information to offer visitors to our fan pages relevant content and to better respond to the interests and usage habits of our visitors.
KAA DOS and the service providers are jointly responsible for the processing of your data for the provision of Page Insights (Art. 26 GDPR). Where joint responsibility exists, there is an agreement between KAA DOS and the respective service provider that specifies which company fulfils which data protection obligations in accordance with the GDPR with regard to the processing of Page Insights data.
The agreement with Meta is available here. Meta has summarised the essential contents of this agreement (including a list of page insights data) here.
The agreement with TikTok is available here.
Insofar as you have given your consent to Meta with regard to the creation of Page Insights as described above, the legal basis is Art. 6 para. 1 a) GDPR.
7. Customer account / user account
In order to provide you with the greatest possible convenience, we offer you the option of permanently storing your personal data in a password-protected customer account/user account.
The creation of a customer account is voluntary. If you create a customer account, the data collected here will be processed on the basis of Art. 6 para. 1 b) GDPR. Once you have created a customer account, you will not need to enter your data again. You can also view and change the data stored about you in your customer account at any time.
Only if you wish to place orders via our website is it mandatory to open a customer account in order to process the contract. In addition to the data requested when placing an order, you must provide a password of your choice to create a customer account. This password, together with your email address, is used to access your customer account. Please treat your personal access data as confidential and do not make it accessible to unauthorised third parties. Please note that you will remain logged in even after leaving our website unless you actively log out.
You have the option of deleting your customer account at any time. Please note, however, that this does not simultaneously delete the data visible in the customer account if you have placed an order with us. Your data will be deleted automatically after expiry of the commercial and tax retention obligations applicable to us or the applicable limitation periods. Further information on this can be found in section 6. The legal basis for this further data processing is Art. 6 para. 1 c) GDPR and Art. 6 para. 1 f) GDPR. We have a legitimate interest in asserting, exercising or defending legal claims.
8. Contact
You have several options for contacting us. By email or by post. When you contact us, we use the personal data that you voluntarily provide to us in this context (e.g. your name or your email address) solely for the purpose of contacting you and processing your enquiry.
The legal basis for this data processing is Art. 6 (1) b) GDPR, provided that the processing of your data is necessary to answer your questions or to deal with your request in connection with a purchase you have made. We also have a legitimate interest in responding to general enquiries that are not directly related to a contractual relationship. In this case, the legal basis for data processing is our legitimate interest (Art. 6 para. 1 f) GDPR) in providing you with a quick response and a specific answer to your request (e.g. information on general delivery times, availability of sizes or products).
.
9. Payments
In our online shop, payment methods (e.g. credit card, purchase on account) are offered by Shopify via its payment service providers.
We process the payment information that you enter or that we collect, i.e. first name and surname, postal address, date of birth, gender, type of goods/services, value of goods, order method, telephone number, selected payment method and payment information (bank, account number, amount, credit card number, CVC codes, expiry date, etc.), email address, country code, date of account creation and last change, account number, IP address, for the purpose of payment processing, i.e. when you purchase a product, we forward the aforementioned payment information to Shopify. The legal basis for this data processing is Art. 6 para. 1 a), Art. 6 para. 1 b) GDPR and Art. 6 para. 1 f) GDPR.
Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will be transferred exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information on data protection at Shopify Payments, please visit the following website: https://www.shopify.com/legal/privacy.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
PayPal
When paying via PayPal, your payment details will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") for the purpose of payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or, if offered, "purchase on account" via PayPal. PayPal uses the result of the credit check in relation to the statistical probability of default to decide whether to provide the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, are included in the calculation of the score values. For further information on data protection, including the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Apple Pay
By offering the option to pay via Apple Pay, we enable you to use your payment details stored with Apple Pay for your online purchases with us without having to re-enter your credit card details. To do this, select the "Apple Pay" option at checkout and then verify your identity in your Apple Pay account. There are no additional costs when paying via Apple Pay.
Apple Pay does not share the payment details stored in your Wallet with us, nor do you need to provide them when placing your order.
When paying via Apple Pay, all personal data you provide to Apple Pay will be processed by Apple Pay (Apple Inc., Infinite Loop, Cupertino, CA 95014, represented in Europe by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland) as the responsible party. We have no influence on the processing or your contractual relationship with Apple Pay. For more information about processing by Apple Pay, please visit https://www.apple.com/de/legal/privacy/data/de/apple-pay/ .
Google Pay
With the Google Pay payment option, we enable you to use your payment details stored with Google Pay for your purchase in our shop without having to re-enter your credit card details. To do this, select the "Google Pay" option at checkout and then verify your identity in your Google Pay account. There are no additional costs when paying via Google Pay.
Google Pay does not pass on the payment details stored in your wallet to us, nor do you have to enter them when placing your order.
When paying via Google Pay, all personal data that you provide to Google Pay will be processed by Google Pay (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) as the responsible party. We have no influence on the processing or your contractual relationship with Google Pay. For more information about processing by Google Pay, please visit https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en .
10. No obligation to provide data
You are not obliged to provide us with your personal data. However, the use of certain areas of our website may require the provision of personal data, in particular when purchasing goods. If you do not wish to provide us with the necessary data, you will unfortunately not be able to use the relevant areas of the website.
11. Recipients of personal data
11.1. Transfer of data to third parties
We will only disclose your data to third parties if this is legally permissible (e.g. because we or the third party have a legitimate interest in the disclosure, we are legally obliged to disclose the data or we have your consent).
In addition to the third parties named in our privacy policy and in our CMP, we may disclose personal data to a third party in particular if we are required to do so in individual cases due to legal requirements or enforceable official or court orders (to authorities); we have to disclose data in connection with legal disputes (to courts or our lawyers) or audits (to auditors); if we work with tax advisors; in connection with possible criminal offences to the competent investigating authorities; in the event of a sale of the business (to the purchaser).
Insofar as we disclose your data to third parties on the basis of your consent, the explanation may also be provided when obtaining your consent.
11.2. Disclosure to processors
We use so-called processors in some areas for the processing of your data. A processor is a natural or legal person who processes personal data on our behalf and on the basis of our instructions, whereby we remain responsible for the data processing. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller.
Unless the processors are already named in this privacy policy, they fall into the following categories:
IT service providers (sending emails and newsletters)
12. Storage period and data deletion
We only store personal data for as long as is necessary for the purposes stated in this privacy policy, in particular to fulfil our contractual and legal obligations. We may also store your personal data for other purposes if and for as long as further storage is permitted by law for specific purposes.
If you close your customer account/user account, we will delete all stored personal information. If complete deletion is not possible or not required for legal reasons, we will block this information. Blocking occurs, for example, if commercial or tax law retention obligations apply, such as those under the German Commercial Code (HGB) and the German Fiscal Code (AO). In such cases, we are obliged to retain this information for up to ten years for tax audits and audits. Even if there is no legal obligation to retain data, we may refrain from immediate deletion in certain cases permitted by law. This applies, for example, if the information in question may still be required for further contract processing or for legal prosecution or legal defence (e.g. in the event of complaints). The decisive criterion for the duration of the blocking is then the respective statutory limitation periods, after which we will delete the information. As a rule, the limitation periods end three years after the end of the year in which you made a purchase from us.
13. Recipients outside the EEA
We also pass on personal data to third parties or processors based in countries outside the European Economic Area ("EEA"). In this case, we ensure that the recipient either has an adequate level of data protection or that you have given your express consent before passing on the data.
An adequate level of data protection exists, for example, if the European Commission has issued a so-called adequacy decision for the respective country (Art. 45 GDPR). For the USA, the European Commission has decided that an adequate level of data protection exists there, provided that the data recipient participates in the EU-U.S. Data Privacy Framework (DPF) and has current certification for this. If the recipients of your personal data are located in the USA and participate in the DPF, we therefore rely on this adequacy decision (Art. 45 GDPR).
Alternatively, we establish an adequate level of data protection by agreeing with recipients on the European Commission's standard contractual clauses (Art. 46 GDPR). In this case, we carry out so-called transfer impact assessments and agree with the recipient or implement additional protective measures where necessary. Specifically, we agree with recipients who are (independent) controllers to use Module 1 of the EU standard contractual clauses and with recipients who act as our processors to use Module 2 of the EU standard contractual clauses.
These are third parties or processors in the following countries: USA (we rely on the "DPF" in this respect), UK (we rely on the European Commission's adequacy decision available here).
You can obtain a copy of the specific provisions agreed to ensure an adequate level of data protection from us. Please contacthey@kaados.com for this purpose.
14. Your rights
14.1. Overview
In addition to the right to withdraw your consent given to us, you have the following additional rights if the respective legal requirements are met:
the right to information about your personal data stored by us (Art. 15 GDPR); in particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it was not collected directly from you;
the right to rectify inaccurate data or to complete incomplete data (Art. 16 GDPR)
the right to erasure of your data stored by us (Art. 17 GDPR), provided that the applicable requirements are met and, in particular, no statutory or contractual retention periods or other legal obligations or rights to further storage by us must be observed;
the right to restrict the processing of your data (Art. 18 GDPR), if you dispute the accuracy of the data (for a period that enables us to verify the accuracy of the personal data); the processing is unlawful, but you refuse to have it deleted; we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR (as long as it is not yet clear whether our legitimate reasons outweigh yours),
the right to data portability pursuant to Art. 20 GDPR, i.e. the right, in the event of processing based on your consent (Art. 6 para. 1 a) GDPR) or for the performance of a contract (Art. 6 para. 1 b) GDPR), to receive the data processed by us in an automated procedure in a commonly used, machine-readable format to receive the data we have stored about you in a common, machine-readable format or to request that it be transferred to another controller (the latter to the extent technically feasible),
You can assert the aforementioned rights to which you are entitled at hey@kaados.com .
You also have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
14.2. Rights to object
You have the right to object at any time to the processing of your personal data for advertising purposes ("advertising objection").
Furthermore, you have the right to object to data processing on grounds relating to your particular situation, to data processing based on Art. 6 para. 1 f) GDPR. We will then stop processing your data unless we can demonstrate compelling legitimate grounds for the further processing which override your rights, or the processing is necessary for the establishment, exercise or defence of legal claims.
You can exercise your rights to object at hey@kaados.com .
14.3. Right of withdrawal
Insofar as we process data on the basis of your consent, you have the right to withdraw your consent at any time. Your withdrawal does not affect the lawfulness of the data processing carried out on the basis of your consent until withdrawal.
You can exercise your rights to object at kundenservice@aboutyou.de.
You can revoke your consent to the use of cookies and the processing of your personal data based on them at any time, in whole or in part, by changing your settings in our CMP here and clicking on "Confirm selection" or by clicking on "Reject all". You can also find our CMP at the bottom of the page under the link "Preference Centre (Consent Management)".