Legal
Privacy Policy
This privacy policy transparently informs you about the nature, scope and purpose of the processing of personal data when you visit this website. It applies to https://www.kaemi.website as well as all demo and preview versions currently operated under *.workers.dev subdomains.
Last updated: 8 July 2026Section 1
Controller
The controller responsible for data processing within the meaning of the DSGVO (the German designation of the EU General Data Protection Regulation, GDPR) is:
KAEMI GmbH
Glogauer Str. 5
10999 Berlin
Germany
Phone: +49 30 3642 878-0
Fax: +49 30 3642 878-99
Email: info@kaemi.email
Please address any inquiries relating to data protection in writing to the address above or by email to datenschutz@kaemi.email.
You can reach our data protection officer at: Samir Omar, c/o KAEMI GmbH, Glogauer Str. 5, 10999 Berlin, email: datenschutz@kaemi.email.
Section 2
Hosting and Processors
This website is operated on the edge platform of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) and delivered via Cloudflare Workers. The database (Cloudflare D1), object storage (Cloudflare R2) and session storage (Cloudflare KV) are located in the EU region Western Europe (EEUR).
Whenever a page is requested, technically required access data (IP address, date/time, requested URL, transmitted user agent, referrer) is processed by Cloudflare to enable delivery of the website and to fend off attacks (bot mitigation, DDoS protection). This processing is based on our legitimate interest in secure operation (Art. 6(1)(f) DSGVO).
A data processing agreement (DPA) including the EU Standard Contractual Clauses (SCC) is in place with Cloudflare to safeguard any data flows outside the European Economic Area. Cloudflare, Inc. is additionally certified under the EU-US Data Privacy Framework (DPF). Cloudflare’s privacy policy is available at https://www.cloudflare.com/privacypolicy/.
Section 3
Server Log Files
When this website is accessed, technically required access data (server log files) is processed by our infrastructure provider Cloudflare: IP address, date and time of access, requested URL, transmitted user agent (browser/operating system) and the previously visited page (referrer).
This processing serves the secure and stable operation of the website, error analysis and the defence against attacks (bot mitigation, DDoS protection). The legal basis is our legitimate interest in a secure and trouble-free operation (Art. 6(1)(f) DSGVO).
The access data is stored for a maximum of 30 days; in the event of security-relevant incidents, individual records may be retained for longer where this is necessary for investigation and defence.
Solely in the case of access by automated AI agents, a subset of this access data is additionally transmitted to the analytics service Peec.ai; see section 14 for details.
Section 4
Cookies and Similar Technologies
We use technically necessary cookies (no consent required pursuant to § 25 (2) no. 2 TDDDG — German Telecommunications Digital Services Data Protection Act) and – only with your consent – cookies and storage data for the categories “Statistics” and “Functional”. Consent is given via the cookie notice and can be withdrawn at any time (see “Withdrawing your cookie consent”).
On your first visit, our cookie notice shows the most important information and offers the choices “Accept all”, “Decline” (technically necessary cookies only) and “Settings” for a granular selection per category.
Overview of the cookies used
Withdrawing your cookie consent
You can change your selection in the cookie notice at any time. To do so, click “Cookie settings” in the page footer. The banner opens again and you can adjust your decision.
Section 5
Processing of Form Inquiries
This website offers three forms you can use to contact us: the contact form at /kontakt/, the whitepaper request form at /sd-wan-whitepaper-download/ and the compact form in the page footer.
Mandatory fields are marked with an asterisk (*). Only the information you actively enter into the form is transmitted (name or first and last name, email address, company, phone number and message where applicable). Processing is based on your consent (Art. 6(1)(a) DSGVO) and on the performance of pre-contractual measures insofar as you make a specific inquiry about our services (Art. 6(1)(b) DSGVO).
Providing your data is voluntary; there is no statutory or contractual obligation to provide it. Without the fields marked as mandatory (*), however, we cannot process your inquiry or provide the requested download.
The transmission is encrypted (HTTPS / TLS). The contents of your inquiry are technically delivered via the email delivery service Cloudflare Email Service as an email from the sender domain noreply@kaemi.app to the central sales mailbox sales@kaemi.io. The reply-to address corresponds to the email address you provided so that our staff can respond directly.
Your details are not stored in the database of this website — the data is only forwarded as an email. We delete mere contact inquiries without any contractual relevance no later than six months after their final handling, unless statutory retention obligations prevent this. If your inquiry leads to a business relationship, the retention periods under German commercial and tax law apply (including § 257 HGB — German Commercial Code — and § 147 AO — German Fiscal Code — generally six or eight years); once these periods expire, the data is deleted.
To protect against spam and abuse, we check form submissions server-side (including a honeypot field that is invisible to you) and limit the number of submissions per time unit (rate limiting). No further evaluation of your behaviour takes place.
In addition, we protect our forms with Cloudflare Turnstile, a bot-detection service provided by Cloudflare, Inc. When a form is loaded and submitted, your browser transmits technical information (including IP address, device and browser signals and interaction data) to Cloudflare so that human users can be distinguished from bots automatically; a technically necessary cookie may be set for this purpose. This processing serves abuse and bot detection only – no cross-site tracking and no use for advertising purposes takes place. The legal basis is our legitimate interest in protecting our forms against spam, abuse and automated attacks (Art. 6(1)(f) DSGVO); setting the technically necessary cookie does not require consent pursuant to § 25 (2) TDDDG. Cloudflare acts as a processor; the data processing agreement including Standard Contractual Clauses (SCC) referred to in section 2 and the DPF certification mentioned there apply.
Section 6
Email Delivery via Cloudflare Email Service
We use Cloudflare Email Service on the domain kaemi.app to send the notifications described in section 5. As a result, the contents of your form inquiry (including your email address as the reply-to address) are processed by Cloudflare in order to deliver the email to the KAEMI recipient addresses. The processing takes place on behalf of KAEMI GmbH on the basis of a data processing agreement and the EU Standard Contractual Clauses. Cloudflare, Inc. is additionally certified under the EU-US Data Privacy Framework (DPF).
Section 7
SSL/TLS Encryption
This website uses SSL/TLS encryption without exception. You can recognise this by the padlock symbol in the address bar of your browser and by the prefix “https://” before the domain. During an encrypted connection, data you transmit to us cannot be read by third parties.
Section 8
Technical and Organisational Measures (Art. 32 DSGVO)
As an IT security company, we protect personal data through state-of-the-art technical and organisational measures (Art. 32 DSGVO). These include in particular:
- Transport encryption with TLS (including TLS 1.3) for all connections
- Post-quantum-secure key agreement (PQC) for TLS connections via the Cloudflare edge
- Encryption of data at rest in the Cloudflare services used (D1, R2, KV)
- Cloudflare Web Application Firewall (WAF), DDoS protection and bot management
- Access restrictions for the internal administration area and multi-factor authentication (MFA)
- Role-based permissions following the least-privilege principle
- Regular security updates and backups for recoverability
- Monitoring, logging of security-relevant events and patch management
Further information about our security measures, certifications and the subcontractors we use can be found in our Trust Center (trustcenter.kaemi.website).
Section 9
Your Rights as a Data Subject
With regard to the personal data concerning you, you have the following rights vis-à-vis us at any time:
- Right of access (Art. 15 DSGVO)
- Right to rectification or erasure (Art. 16, 17 DSGVO)
- Right to restriction of processing (Art. 18 DSGVO)
- Right to data portability (Art. 20 DSGVO)
- Right to object to processing (Art. 21 DSGVO)
- Right to withdraw consent once given, with effect for the future (Art. 7(3) DSGVO)
To exercise your rights, simply contact datenschutz@kaemi.email. We confirm receipt within one week and respond within one month at the latest.
To protect your data, we may request proof of your identity in the case of an access request or other data subject request – but only to the extent necessary and where there are reasonable doubts about your identity.
Section 10
Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the DSGVO.
The authority responsible for KAEMI GmbH is the Berlin Commissioner for Data Protection and Freedom of Information:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
https://www.datenschutz-berlin.de/
Section 11
Embedded External Content
On individual pages of this website we embed external content whose providers receive data (in particular your IP address) when it is retrieved:
- Cloudflare Stream (https://*.cloudflarestream.com) — delivery of the explainer videos on the home page and the SD-WAN page. Provider: Cloudflare, Inc. When a video is played, your IP address is transmitted to Cloudflare; technically necessary storage/cookie entries may be set for playback. Cloudflare Stream is not used for tracking or advertising.
- YouTube (https://www.youtube.com) — embedded video on the whitepaper download page. Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The video is embedded in extended privacy mode (youtube-nocookie is configured where available).
- Google Maps (https://maps.google.com) — map section on the contact page. Provider: Google Ireland Limited.
The legal basis is our legitimate interest in an appealing and functional presentation of our content (Art. 6(1)(f) DSGVO). This content is an integral part of the respective page and – unlike the optional third-party services listed in section 12, which are only loaded with your consent – is embedded as soon as the page in question is loaded. Insofar as data is transferred to Google (Google Maps, YouTube) in the USA, this is safeguarded by the certification of Google LLC under the EU-US Data Privacy Framework (DPF). For further information, please refer to the privacy policies of the respective providers.
Section 12
Optional Third-Party Services Subject to Your Consent
We only embed the following third-party services with your express consent. The legal basis is Art. 6(1)(a) DSGVO (consent). You can withdraw your consent at any time via “Cookie settings” in the page footer or in the cookie notice; the withdrawal takes effect for the future.
12.1 Statistics – Leadfeeder
We use Leadfeeder for B2B visitor analysis. Leadfeeder uses the IP address to identify which companies have visited our website. This analysis is not intended to identify individual natural persons.
Provider: Dealfront Group GmbH (brand: Leadfeeder), Durlacher Allee 73, 76131 Karlsruhe, Germany (registered in the commercial register of the Mannheim local court under HRB 744853, VAT ID DE354196485).
Data processed: IP address, name/domain of the IP owner, browser and device information, pages visited, referrer, cookies (including “_lfa”, “_lfa_consent”) and coarse geolocation derived from the IP address (country/region).
Data location: data is stored and processed exclusively on servers within the European Union (source: Leadfeeder/Dealfront privacy notice).
Storage period: 12 months (“_lfa” cookie, provider default).
Legal basis: Art. 6(1)(a) DSGVO (consent).
Data processing: a data processing agreement with Dealfront Group GmbH pursuant to Art. 28 DSGVO is in place.
Third-country transfer: no transfer to a third country takes place in standard use.
Withdrawal: via “Cookie settings” in the banner (disable the “Statistics” category).
12.2 Functional – Pipedrive LeadBooster Chat
We offer a live chat on our website via Pipedrive LeadBooster, which you can use to get in touch with our sales team directly.
Provider (contracting party for EU customers): Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. Group-affiliated recipient in the USA: Pipedrive, Inc., 530 Fifth Avenue, 8th floor, Suite 802, New York, NY 10036, USA.
Data processed: chat contents, contact details you provide voluntarily (e.g. name, email), session and storage data for chat control, browser and device information.
Cookies: “__cf_bm” (Cloudflare bot detection, 1 hour); additionally “_GRECAPTCHA” (Google reCAPTCHA, 179 days) if spam protection is active in LeadBooster.
Storage period: chat history according to the provider’s defaults; session cookies for the duration of the visit.
Legal basis: Art. 6(1)(a) DSGVO (consent).
Data processing: a data processing agreement (DPA) with Pipedrive OÜ pursuant to Art. 28 DSGVO is in place.
Third-country transfer: intra-group transfers to Pipedrive, Inc. in the USA are based on the EU Standard Contractual Clauses pursuant to Art. 46(2)(c) DSGVO. Pipedrive, Inc. is additionally certified under the EU-US Data Privacy Framework (active status according to dataprivacyframework.gov).
Classification as “Functional”: the chat serves solely to contact our sales team. No advertising is delivered and no retargeting takes place; the category “Functional” is therefore used instead of “Marketing”.
Withdrawal: via “Cookie settings” in the banner (disable the “Functional” category).
12.3 Functional – join.com (job and application widget)
On our careers page (/karriere/) we embed – only with your consent (category “Functional”) – the job and application widget provided by join.com. We use the widget to display open positions and to enable online applications.
Provider: JOIN Solutions AG, Eichenstrasse 2, 8808 Pfäffikon SZ, Switzerland (represented in the EU by JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, registered in the commercial register of the Charlottenburg local court under HRB 201243 B).
Data processed: when the widget is loaded, your IP address as well as browser and device information are transmitted to join.com; cookies and storage data are set to display and control the widget. If you apply via the widget, join.com processes the application data you enter (e.g. name, contact details, CV, cover letter, attachments).
Legal basis: Art. 6(1)(a) DSGVO (consent) and § 25 (1) TDDDG for setting the cookies and storage data. For the processing of application data, Art. 88 DSGVO in conjunction with § 26 BDSG (German Federal Data Protection Act — employee data protection, initiation of an employment relationship) additionally applies.
Data processing: for applications received via the widget, join.com provides a data processing agreement (Art. 28 DSGVO); join.com processes this data exclusively as a processor acting on the instructions of KAEMI GmbH.
Third-country aspect: JOIN Solutions AG is based in Switzerland. An adequacy decision of the European Commission exists for Switzerland (Art. 45 DSGVO), so an adequate level of data protection is ensured.
Storage period: we process application data for the duration of the respective application procedure. In the event of a rejection, we generally store it for up to six months after the procedure has been completed in order to be able to handle any claims – in particular under the AGG (German General Equal Treatment Act); after that it is deleted, unless you have consented to longer storage (e.g. inclusion in a talent pool).
Withdrawal: via “Cookie settings” in the page footer (disable the “Functional” category).
Section 13
ProvenExpert Rating Seal
On our website – in particular in the footer – we display a rating seal showing the overall score we have achieved on ProvenExpert. This seal is delivered exclusively from our own server. When you simply visit our pages, no data is transferred to ProvenExpert, no ProvenExpert scripts are loaded and no ProvenExpert cookies are set. Consent is therefore not required for displaying the seal.
The seal links to our public ProvenExpert profile. Only when you click the seal do you leave our website and are redirected to ProvenExpert. From that point on, the privacy policy of ProvenExpert applies. ProvenExpert is provided by Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany. Its privacy policy is available at https://www.provenexpert.com/de-de/datenschutzbestimmungen/.
The legal basis for embedding the seal is our legitimate interest in the transparent presentation of independent customer reviews (Art. 6(1)(f) DSGVO).
Section 14
Analysis of Automated AI Agent Access (Peec.ai)
To understand which automated AI agents and search engine crawlers retrieve our content, we use the service Peec.ai. This serves to assess and manage our visibility in AI-based assistant and answer systems. When such an automated agent retrieves a page of this website, our server subsequently transmits a report about this access to Peec.ai. The data transmitted comprises the time of access, the request method, the requested host and path, the HTTP status of the response, the identifier of the accessing party (user agent), a country code, the accessing IP address and – where present – the previously visited page (referrer).
This transmission takes place exclusively for access by known AI agents and crawlers (such as GPTBot, ClaudeBot, PerplexityBot or Applebot). It is triggered by the identifier (user agent) of the accessing party, which does not occur in conventional web browsers. As a rule, visits by human visitors to our website do not trigger the transmission to Peec.ai under this trigger mechanism. Under the trigger mechanism used, the transmitted IP address is, as a rule, the address of the accessing agent or of the data centre server of the respective AI provider, and not the private IP address of a human website visitor. Inputs or queries of individual end users of the AI services are not transmitted.
This processing must be distinguished from the access data and server log files described in section 3: the server log files are generated on every page view and are processed solely by our infrastructure provider. By contrast, only the subset of access data described above is transmitted to Peec.ai, and only in the case of access by automated AI agents.
The transmission takes place server-side in the course of delivering our website (server-to-server communication). No cookies are set for this purpose, and no information stored on your device is accessed. Consent pursuant to § 25 TDDDG is not required for this.
The legal basis – insofar as any personal reference exists at all in the individual case – is our legitimate interest in evaluating which automated AI agents and crawlers access our website and in managing our visibility in AI systems (Art. 6(1)(f) DSGVO). For the right to object to processing on this basis, see section 9 (“Your rights as a data subject”).
The storage period of the data transmitted to Peec.ai is governed by the provider’s terms; details on storage and deletion can be found in its privacy policy linked below.
The service is provided by Peec AI GmbH, Karl-Liebknecht-Straße 14, 10178 Berlin. According to the information in its privacy policy, Peec processes data essentially on the Google Cloud Platform, provided via Google Ireland Limited (EU); sub-processors are used, some of which process data in third countries (including the USA), for which the provider states that it relies on the EU-US Data Privacy Framework or on Standard Contractual Clauses. Further details on the processing of data by the provider can be found in its privacy policy, available at https://peec.ai/legal/privacy-policy.
Section 15
Overview of Recipients
The following overview summarises the service providers and recipients of personal data we use (details in the respective sections):
| Service | Purpose | Data location |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, security (incl. Turnstile bot protection), email delivery | EU (Western Europe region) |
| Pipedrive OÜ | Live chat (LeadBooster) | EU (Estonia) |
| Dealfront Group GmbH (Leadfeeder) | B2B visitor analysis | Germany (EU) |
| JOIN Solutions AG | Job and application widget | Switzerland (EU adequacy decision) |
| Google Ireland Limited | Maps, videos (YouTube), reCAPTCHA | EU (Ireland) |
| Peec AI GmbH | Analysis of access by automated AI agents and crawlers | Germany (provider’s seat); processing essentially on Google Cloud Platform (Google Ireland Ltd., EU), sub-processors partly in third countries (DPF/SCC) – see section 14 |
Section 16
No Automated Decision-Making
No decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you (Art. 22 DSGVO) takes place.
Section 17
Target Audience of This Website
This website is aimed exclusively at companies and their employees (B2B) and is not intended for minors. We do not knowingly process personal data of minors. We currently do not offer a newsletter.
Section 18
Changes to This Privacy Policy
We reserve the right to amend this privacy policy in order to adapt it to a changed legal situation or to changes in our services. In the event of significant changes, the cookie notice will be displayed again so that you are informed about the current status.