Back to Kogsy Check-In Privacy notice

How we handle your data

Plain language. No tracking. No cookies. We collect only what we need to run the pilot and we delete it when we are done.

1. Who is responsible

The data controller for personal information collected through this site is:

HG Connect UG (haftungsbeschränkt)
Spatzenweg 17
85238 Petershausen, Germany
Email: hello@kogsy.care
Managing Director: Henrik Grünfeld

2. What data we collect and why

For the Kogsy Check-In pilot, we process the minimum personal data needed to deliver the service.

Category	Why we collect it	Legal basis
Your name, email, phone	To contact you, send the daily summary email, and reach you if something seems off	Art 6(1)(b) GDPR (contract performance)
Payment data (via Stripe)	To process the £149 prepayment	Art 6(1)(b) GDPR (contract performance)
Parent's first name, town, phone	To make the daily call. We do not collect surnames or full address.	Art 6(1)(b) GDPR (contract performance)
Daily call notes (text only, max 5 lines)	To draft the summary email. We do not record audio.	Art 6(1)(b) GDPR (contract performance)
Email correspondence with you	To answer questions and coordinate the pilot	Art 6(1)(b) and Art 6(1)(f) GDPR (legitimate interest)

3. Consent for the parent

Before any morning call begins, we obtain the parent's verbal consent on a brief introduction call. We log this consent with the date and time. If the parent does not consent or later withdraws, we stop the pilot for that family and refund the booking fee.

4. Who else sees your data

We share data only with these processors, and only as necessary:

Stripe Payments Europe Ltd. (Dublin, Ireland) processes your payment. Stripe is a GDPR-compliant payment provider with its own privacy policy at stripe.com/privacy. We do not store your card details ourselves.
Our email service provider hosts incoming and outgoing email correspondence in line with their own privacy terms. The specific provider can be disclosed on request.

We do not sell, rent, or share your data with advertisers, brokers, or third-party tracking services. We do not use the data to train any AI model.

5. International transfers

Stripe may process payment data in the European Economic Area and the United Kingdom under its standard data processing terms. Where any other processor we use is located outside the EU/EEA, transfers are made under the safeguards required by Chapter V GDPR (e.g. EU Standard Contractual Clauses).

6. How long we keep it

Daily call notes and parent details: deleted within 30 days after the pilot ends.
Booking and contact data, email correspondence: kept while the pilot is active and for 30 days after, then deleted unless statutory retention applies.
Invoices and payment records: kept for 10 years as required by §§ 147 AO and 257 HGB (German tax and commercial law).

7. Your rights under GDPR

You have the right to:

Access the personal data we hold about you (Art 15)
Correct inaccurate data (Art 16)
Erasure ("right to be forgotten") where applicable (Art 17)
Restrict processing in certain circumstances (Art 18)
Object to processing based on legitimate interest (Art 21)
Data portability (Art 20)
Withdraw consent at any time, where processing is based on consent (Art 7(3))
Lodge a complaint with a supervisory authority. The competent authority for HG Connect UG (haftungsbeschränkt) is the Bavarian State Office for Data Protection Supervision (BayLDA), www.lda.bayern.de.

To exercise any of these rights, write to hello@kogsy.care. We will respond within one month.

8. Cookies and tracking

This website does not use cookies, web beacons, third-party analytics, advertising pixels, or fingerprinting. We do not load fonts or scripts from external CDNs. The only outbound network call is the secure handover to Stripe when you click the payment button on the booking page.

9. Server logs

Our hosting provider may automatically log technical request data (IP address, timestamp, URL requested, user agent, referrer) for the purpose of operating, securing, and protecting the website against abuse. These logs are typically retained for up to 30 days and processed under Art 6(1)(f) GDPR (legitimate interest in security and service operation). They are not combined with any other data we hold about you and are not used for analytics or advertising.

10. Changes to this notice

If we change how we handle your data, we will update this page and date the change at the bott