Privacy policy

Our data protection principles

These principles guide us in the processing of your personal data: 
1. Your data is yours - not ours. 
2. You are in control - not us. 
3. We are transparent - not you. 
4. Data is valuable - but not a commodity. 
5. Data abuse is illegal - not "no matter". 

Information on the collection, storage and processing of personal data for users of our services, app, tags and online store in the EU.

1. Who is responsible for the processing of my personal data?
The responsible person within the meaning of the EU General Data Protection Regulation (GDPR) is:

Kleine Tat Services GmbH
Lindenallee 16
48163 Münster
Phone +49 (0) 2536 - 34 62 042

2. Whom can I contact regarding the protection of my personal data?
This is how you can reach our data protection officer:

Data Protection Officer (Datenschutzbeauftragte(r))
Lindenallee 16
48163 Münster

3. What personal data is processed?
Depending on your use of our app "Kleine Tat" and our services of the platform "The-Other-Internet-Of-Things" of "Kleine Tat Tags" as well as our online store, we process the following types of personal data:

I) Data for or from the use of our services
a.) Access data [registration/login] (e.g. username, full name, e-mail, password, photo, registration time, log-in/out time) to our services.
b.) Transaction data [marketplace] (e.g. transaction partner, object, type, period, status, price) of agreements or transactions that you initiate or enter into with other users via our services.
c.) Communication data [messenger] (e.g. communication partner, content/text, timestamp) of messages that you send via our services or receive from other users.
d.) Data of objects of use [things] (e.g. object name, description, photo, manufacturer, date of manufacture, location/postcode), which you collect by means of our services or take over from other users.
e.) Data of virtual warehouses [depots] (e.g. warehouse name, description, membership, entry/exit date, activity) that you operate, manage on behalf of others (as manager) or are connected to via memberships.
f.) Data from projects [labs] (e.g. project goal, problem, solution, effect, location, description, status, contributions [blog]), which you operate or participate in using our services.
g.) Statistical usage data [reports] (e.g. transaction activity, environmental contribution/impact) that we calculate and display for you individually.
h.) Data from Kleine Tat Tags [IoT codes] (e.g., assignment item, date, IoT code, and tag type, owner, order date) that you attach to your things.
i.) Web data [log files], (e.g. IP address, time of server request, amount of data transferred), to secure our services and prevent threats.

II) Data for legally binding contracts with us (e.g. via our online store)
j.) Contact data (e.g. surname, first name, address, e-mail, telephone number), for the conclusion of legally binding contracts with us or for the provision of services by us such as the shipment of goods.
k.) Contractual data [store] (e.g. subject matter of the contract, quantity, price, delivery date) regarding your purchases of products and services from us and the granting of rights of use [licenses] by us.
l.) License data (e.g., license number, subject matter, start date, term) related to usage rights you obtain from us (e.g., for IoT codes on Kleine Tat tags).

III) Cookies
m.) We do not use cookies. The exception is our online store, which only uses technically necessary cookies so that we can ensure its function.

4. On what legal basis and for what purposes is my data processed?
We process your personal data for the following purposes and on the following legal basis:
a.) Data processing based on your consent according to art. 6 para. 1. lit. a of the GDPR.
b.) To fulfill an underlying contract between you and us according to art. 6 para. 1 lit. b of the GDPR. This also includes processing operations for pre-contractual measures at your instigation.
c.) To fulfill legal obligations to which our company is subject (e.g. tax law, commercial law) according to art. 6 para. 1. lit. c of the GDPR.
d.) Data processing for legitimate interest according to art. 6 para. 1 lit. f of the GDPR. This may only be done insofar as it is necessary to protect our legitimate interests and does not affect your interests or fundamental rights and freedoms that require the protection of your personal data. This concerns in particular the analysis of your personal data for measures to:
- Development of new services and products,
- Improvement of the quality of services and products,
- Compilation of statistics [key figures] to prove the impact of our services or products.
The personal data of our users is anonymized for these analyses. As a matter of principle, we do not engage in direct advertising.

5. How is my personal data collected?
We receive your personal data generally from you, e.g. through an inquiry made by you, an order in our online store or your registration for our services and in particular their use by you.
As a matter of principle, we do not obtain any personal data from external sources and do not ask you to disclose data about other persons to us via our services.

6. Will my personal data be disclosed to others?
Disclosure to other recipients or disclosure by us will only be made to fulfill the purposes stated in 4. and for the types of data stated in 3. (j. - l.) [
II) Data for legally binding contracts with us]. Recipients may include, for example: licensing, billing, shipping service providers and manufacturers who produce and ship products on our behalf. The disclosure of personal data of types 3 (a. - i.) [I) Data for or from the use of our services], such as the disclosure of your user name, is done so that you can be found by other users or to ensure the functioning of our services. 
As a matter of principle, we do not trade in data of any kind. This is not part of our business model.

7. How long will my personal data be stored?
We store personal data, for the purposes mentioned under 4. only as long as this is necessary to fulfill these purposes or until you delete them. An exception to this is data for which there are legal retention periods or otherwise binding justification reasons for storage. For the deletion of data on our platform , our services provide you with tools that are easy to find. You can delete your personal data yourself at any time, without giving any reason, by deleting your user account with us. In order to do so, you may have to fulfill requirements vis-à-vis other users of the platform, which are governed by our Terms of Use. When an account is deleted, identifying data such as your user photo is deleted and other data such as your user name is anonymized in such a way that remaining data that is technically necessary to maintain the consistency of the platform's data storage can no longer be assigned to you. This process is not reversible. Your data is considered to be deleted.  

8. Where is my personal data stored?
We process your data on secure servers in the Federal Republic of Germany.

9. What rights do i have regarding the processing of my personal data?
You have the following rights under the General Data Protection Regulation (GDPR) regarding your personal data processed by us:
a.) Right to revoke consent given, without affecting the lawfulness of the processing carried out until then on the basis of consent until revocation (art. 7 para 3 of the GDPR).
b.) Right to be informed about your stored personal data (Art. 15 of the GDPR).
c.) Right to rectification if the data stored concerning you is incorrect or incomplete (Art. 16 of the GDPR).
d.) Right to erasure if the purpose of the storage is fulfilled and the storage is therefore no longer necessary, the storage is unlawful or you have revoked a given consent to process certain personal data (Art. 17 of the GDPR).
e.) Right to restriction of processing if one of the conditions according to art. 18 para. 1 lit. a) to d) GDPR is met (Art. 18 of the GDPR).
f.) Right to be informed in the event that you have exercised your right to rectification, erasure or restriction of processing against us (Art. 19 of the GDPR).
g.) Right to transfer the personal data you provide that concerns you (Art. 20 of the GDPR).
h.) Right of objection: For reasons arising from your particular situation, you may object to the processing of personal data concerning you that is carried out on the basis of art. 6 para. 1 lit. e or f of the GDPR at any time (Art. 21 of the GDPR).
i.) Automated decision-making in individual cases: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 21 of the GDPR).
j.) Right to complain to a supervisory authority (Art. 77 of the GDPR). See point 10.

10. To whom can I complain?
Contact the „Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen“ (= State Commissioner for Data Protection and Freedom of Information): complaint-about-data-protection-2021_081.pdf (

11. Where can I find the General Data Protection Regulation?
EUR-Lex - 02016R0679-20160504 - EN - EUR-Lex (


A. Sources used:
1. Basic information, especially the official source of the EU regulation.

2. The official source of the EU regulation
CELEX-Nr. 02016R0679-20160504

2.a) Here the EU Basic Regulation in English language

3. Central contact point for the person responsible for data protection
hBfDI – Zentrale Anlaufstelle (

3.a) Here is the contact point for NRW
BfDI – Landesbehörden – Nordrhein-Westfalen (

Privacy Policy Kleine Tat |  As of 01.05.2023
You can find former versions of our privacy policy in the Archive