1. Controller
The controller responsible for personal data processed through this website is:
Kestivo is the business designation of a German sole proprietorship that is not entered in the commercial register.
2. Scope
This notice applies to the public website at kestivo.app and email enquiries sent to Kestivo.
It does not yet cover the future Kestivo iOS application, user accounts, athlete profiles, AI requests, health or training data, subscriptions or connected-device integrations. Separate or expanded app-specific privacy information must be published before those functions are provided to external users.
3. Hosting and technical request data
The website is delivered using Cloudflare Pages and related Cloudflare network services. Technical request data may be processed to deliver content, maintain security, prevent abuse and diagnose operational problems.
This may include IP address, date and time, requested URL, HTTP method and status, referrer information, browser, operating system, device, network and security information.
The legal basis is Article 6(1)(f) GDPR. The legitimate interests are secure and efficient website delivery, attack prevention, troubleshooting and infrastructure protection.
Service provider:
Cloudflare, Inc.
101 Townsend Street
San Francisco, CA 94107
United States
4. Contact by email
When you contact Kestivo by email, your address, name where supplied, message, attachments and transmission metadata are processed to answer and manage the enquiry.
For pre-contractual enquiries, the legal basis is Article 6(1)(b) GDPR. For general business communication, product feedback and support enquiries, it is Article 6(1)(f) GDPR. Statutory retention obligations may additionally require processing under Article 6(1)(c) GDPR.
Email provider: [CONFIRM AND INSERT THE ACTUAL EMAIL SERVICE PROVIDER]
6. International transfers
Cloudflare is headquartered in the United States and operates a global network. Processing may involve countries outside the European Economic Area. Where required, transfers must rely on an adequacy decision, standard contractual clauses or another safeguard under Chapter V GDPR.
7. Retention
- Technical data is retained according to the configured hosting and security service.
- Email correspondence is deleted when the enquiry is resolved and no continuing legal or business reason requires retention.
- Records subject to statutory commercial or tax retention duties are retained for the legally required period.
8. Your rights
Subject to the applicable requirements, you may have rights of access, rectification, erasure, restriction, portability and objection under Articles 15–21 GDPR. You may withdraw consent at any time where processing is based on consent.
To exercise your rights, contact hello@kestivo.app.
9. Right to complain
You may lodge a complaint with a competent data-protection supervisory authority, particularly in the member state of your habitual residence, workplace or the alleged infringement.
Authority competent for the business location: [INSERT THE COMPETENT GERMAN STATE DATA-PROTECTION AUTHORITY AND LINK]
10. Security
Appropriate technical and organisational measures are used to protect personal data. Website traffic is transmitted using HTTPS. No internet transmission or storage system can provide absolute security.
11. Changes
This notice will be updated when the website, providers, processing purposes or legal requirements change. The current version and date are published on this page.